auth: enforce first user created has to be admin

app/auth.py

@@ -174,6 +174,14 @@ def signup_post():
         return redirect(url_for('auth.signup'))
 
     existing_admin = admin_account_created()
+    if not existing_admin and not admin_access:
+        print('First account created must be admin')
+        resp = {
+            'success': False,
+            'status_code': 400,
+            'location': '/settings',
+        } 
+        return jsonify(resp)
 
     # create a new user with the form data. Hash the password so the plaintext version isn't saved.
     new_user = User(user=username, password=generate_password_hash(password, method='scrypt'), admin_access=admin_access, shop_access=shop_access, backup_access=backup_access)

app/templates/settings.html

@@ -48,7 +48,7 @@ <h2 id="Authentication" class="pb-3">Authentication</h2>
                         <tr>
                             <th scope="col">User</th>
                             <th scope="col">Permissions</th>
-                            <th scope="col">Action</th>
+                            <th scope="col">Actions</th>
                         </tr>
                     </thead>
                     <tbody>
@@ -168,7 +168,7 @@ <h2 class="pb-3">Library</h2>
                 <hr>
 
                 <h2 class="pb-3">Shop</h2>
-                <p>Customize your shop, using Tinfoil's special parameters.</p>
+                <p>Customize your shop:</p>
                 <div class="mb-3 form-check">
                     <input type="checkbox" class="form-check-input" id="publicShopCheck"
                         aria-describedby="publicShopCheckHelp">
@@ -179,13 +179,13 @@ <h2 class="pb-3">Shop</h2>
                 </div>
                 <div class="mb-3 form-check">
                     <input type="checkbox" class="form-check-input" id="encryptShopCheck"
-                        aria-describedby="encryptShopCheckHelp">
+                        aria-describedby="encryptShopCheckHelp" disabled="disabled">
                     <label class="form-check-label" for="encryptShopCheck">Encrypt shop</label>
-                    <div id="encryptShopCheckHelp" class="form-text">Path of directory containing your games.</div>
+                    <div id="encryptShopCheckHelp" class="form-text">Serve encrypted shop, so that only Tinfoil clients can access the content (coming soon).</div>
                 </div>
 
                 <div class="mb-3">
-                    <label for="motdTextArea" class="form-label">Message of the day</label>
+                    <label for="motdTextArea" class="form-label">Message of the day:</label>
                     <textarea class="form-control" id="motdTextArea" rows="3"></textarea>
                     <div id="motdTextAreaHelp" class="form-text">Message presented when opening Tinfoil after
                         successfully loading your shop.</div>
@@ -321,12 +321,10 @@ <h2 class="pb-3">Shop</h2>
 
     $('#checkboxNewUserAdminAccess').change(function () {
         if (this.checked != false) {
-            console.log('checkboxNewUserAdminAccess checked');
             $('#checkboxNewUserShopAccess').prop('checked', true).attr("disabled", true);
             $('#checkboxNewUserBackupAccess').prop('checked', true).attr("disabled", true) ;
 
         } else {
-            console.log('checkboxNewUserAdminAccess not checked');
             $('#checkboxNewUserShopAccess').attr("disabled", false);
             $('#checkboxNewUserBackupAccess').attr("disabled", false) ;
 
@@ -505,6 +503,11 @@ <h2 class="pb-3">Shop</h2>
         });
 
     });
+    {% if admin_account_created == false %}
+    $('#checkboxNewUserAdminAccess').prop('checked', true).attr("disabled", true);
+    $('#checkboxNewUserShopAccess').prop('checked', true).attr("disabled", true);
+    $('#checkboxNewUserBackupAccess').prop('checked', true).attr("disabled", true);
+    {% endif %}
     languages = {{ languages_from_titledb | tojson | safe }}
 </script>