Merge pull request #76 from snikket-im/feature/roles

"Edit user" flow, role management
2021-03-25 17:35:42 +01:00
parent 6650dd2046 a48abacf1d
commit 059a10f475
15 changed files with 435 additions and 114 deletions
--- a/snikket_web/admin.py
+++ b/snikket_web/admin.py
@@ -35,7 +35,6 @@ async def index() -> str:
 class PasswordResetLinkPost(BaseForm):
    action_create = wtforms.StringField()
    action_revoke = wtforms.StringField()
@@ -57,6 +56,87 @@ async def users() -> str:
    )
 _LIMITED_ROLE_NAME = _("Limited")
 class EditUserForm(BaseForm):
    localpart = wtforms.StringField(
        _l("Login name"),
    )
    display_name = wtforms.StringField(
        _l("Display name"),
    )
    role = wtforms.RadioField(
        _l("Access Level"),
        choices=[
            # NOTE: enable this only after something has been done which
            # actually enforces the described restrictions :).
            # ("prosody:restricted", _l("Limited")),
            ("prosody:normal", _l("Normal user")),
            ("prosody:admin", _l("Administrator")),
        ],
    )
    action_save = wtforms.SubmitField(
        _l("Update user"),
    )
    action_create_reset = wtforms.SubmitField(
        _l("Create password reset link"),
    )
@bp.route("/user/<localpart>/", methods=["GET", "POST"])
@client.require_admin_session()
 async def edit_user(localpart: str) -> typing.Union[quart.Response, str]:
    target_user_info = await client.get_user_by_localpart(localpart)
    form = EditUserForm()
    if form.validate_on_submit():
        if form.action_create_reset.data:
            target_user_info = await client.get_user_by_localpart(localpart)
            reset_link = await client.create_password_reset_invite(
                localpart=localpart,
                ttl=86400,
            )
            await flash(
                _("Password reset link created"),
                "success",
            )
            return redirect(url_for(
                ".user_password_reset_link",
                id_=reset_link.id_,
            ))
        await client.update_user(
            localpart,
            display_name=form.display_name.data,
            roles=[form.role.data],
        )
        await flash(
            _("User information updated."),
            "success",
        )
        return redirect(url_for(".edit_user", localpart=localpart))
    elif request.method == "GET":
        form.localpart.data = target_user_info.localpart
        form.display_name.data = target_user_info.display_name
        if target_user_info.roles:
            form.role.data = target_user_info.roles[0]
        else:
            form.role.data = "prosody:normal"
    return await render_template(
        "admin_edit_user.html",
        target_user=target_user_info,
        form=form,
    )
 class DeleteUserForm(BaseForm):
    action_delete = wtforms.SubmitField(
        _l("Delete user permanently")
@@ -100,36 +180,38 @@ async def debug_user(localpart: str) -> typing.Union[str, quart.Response]:
    )
-@bp.route("/users/password-reset/-", methods=["POST"])
+@bp.route("/users/password-reset/<id_>", methods=["GET", "POST"])
@client.require_admin_session()
-async def create_password_reset_link() -> typing.Union[str, quart.Response]:
+async def user_password_reset_link(
-    form = PasswordResetLinkPost()
+        id_: str,
-    if not form.validate_on_submit():
+        ) -> typing.Union[str, quart.Response]:
-        abort(400)
+    invite_info = await client.get_invite_by_id(
-
+        id_,
-    if form.action_create.data:
+    )
-        localpart = form.action_create.data
+    if invite_info.jid is None:
        target_user_info = await client.get_user_by_localpart(localpart)
        reset_link = await client.create_password_reset_invite(
            localpart=localpart,
            ttl=86400,
        )
        await flash(
-            _("Password reset link created"),
+            _("Password reset link not found"),
-            "success",
+            "alert",
        )
    elif form.action_revoke.data:
        await client.delete_invite(form.action_revoke.data)
        await flash(
            _("Password reset link deleted"),
            "success",
        )
        return redirect(url_for(".users"))
    localpart = prosodyclient.split_jid(invite_info.jid)[0]
    form = PasswordResetLinkPost()
    if form.validate_on_submit():
        if form.action_revoke.data:
            await client.delete_invite(id_)
            await flash(
                _("Password reset link deleted"),
                "success",
            )
            return redirect(url_for(".edit_user", localpart=localpart))
        abort(400)
    return await render_template(
        "admin_reset_user_password.html",
-        target_user=target_user_info,
+        localpart=localpart,
-        reset_link=reset_link,
+        reset_link=invite_info,
        form=form,
    )
--- a/snikket_web/prosodyclient.py
+++ b/snikket_web/prosodyclient.py
@@ -44,6 +44,15 @@ class AdminUserInfo:
    display_name: typing.Optional[str]
    email: typing.Optional[str]
    phone: typing.Optional[str]
    roles: typing.Optional[typing.List[str]]
    @property
    def has_admin_role(self) -> bool:
        return bool(self.roles and "prosody:admin" in self.roles)
    @property
    def has_restricted_role(self) -> bool:
        return bool(self.roles and "prosody:restricted" in self.roles)
    @classmethod
    def from_api_response(
@@ -55,6 +64,7 @@ class AdminUserInfo:
            display_name=data.get("display_name") or None,
            email=data.get("email") or None,
            phone=data.get("phone") or None,
            roles=data.get("roles"),
        )
@@ -858,6 +868,29 @@ class ProsodyClient:
            self._raise_error_from_response(resp)
            return AdminUserInfo.from_api_response(await resp.json())
    @autosession
    async def update_user(
            self,
            localpart: str,
            *,
            display_name: typing.Optional[str],
            roles: typing.Optional[typing.Collection[str]],
            session: aiohttp.ClientSession,
            ) -> None:
        payload: typing.Dict[str, typing.Any] = {
            "username": localpart,
        }
        if display_name is not None:
            payload["display_name"] = display_name
        if roles is not None:
            payload["roles"] = list(roles)
        async with session.put(
                self._admin_v1_endpoint("/users/{}".format(localpart)),
                json=payload,
                ) as resp:
            self._raise_error_from_response(resp)
    @autosession
    async def get_user_debug_info(
            self,
--- a/snikket_web/scss/app.scss
+++ b/snikket_web/scss/app.scss
@@ -354,6 +354,15 @@ div.form.layout-expanded {
 		display: block;
 	}
 	.radio-button-ext > label > p {
 		margin-left: 1.75rem;
 		margin-top: 0;
 	}
 	.radio-button-ext > label .icon {
 		margin-left: 0.25em;
 	}
 	div.select-wrap {
 		display: block;
 		border-bottom: $w-s4 solid $primary-500;
--- a/snikket_web/static/img/icons.svg
+++ b/snikket_web/static/img/icons.svg
@@ -37,6 +37,11 @@ licensed under the terms of the Apache 2.0 License -->
 <path d="M0 0h24v24H0V0z" fill="none" />
 <path d="M10.79 16.29c.39.39 1.02.39 1.41 0l3.59-3.59c.39-.39.39-1.02 0-1.41L12.2 7.7c-.39-.39-1.02-.39-1.41 0-.39.39-.39 1.02 0 1.41L12.67 11H4c-.55 0-1 .45-1 1s.45 1 1 1h8.67l-1.88 1.88c-.39.39-.38 1.03 0 1.41zM19 3H5c-1.11 0-2 .9-2 2v3c0 .55.45 1 1 1s1-.45 1-1V6c0-.55.45-1 1-1h12c.55 0 1 .45 1 1v12c0 .55-.45 1-1 1H6c-.55 0-1-.45-1-1v-2c0-.55-.45-1-1-1s-1 .45-1 1v3c0 1.1.9 2 2 2h14c1.1 0 2-.9 2-2V5c0-1.1-.9-2-2-2z" />
 </symbol>
 <!-- from: action/lock/materialiconsround/24px.svg -->
 <symbol id="icon-lock" viewBox="0 0 24 24">
 <g fill="none"><path d="M0 0h24v24H0V0z" /><path d="M0 0h24v24H0V0z" opacity=".87" /></g>
 <path d="M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zM9 8V6c0-1.66 1.34-3 3-3s3 1.34 3 3v2H9z" />
 </symbol>
 <!-- from: communication/qr_code/materialiconsround/24px.svg -->
 <symbol id="icon-qrcode" viewBox="0 0 24 24">
 <g><rect fill="none" height="24" width="24" /><rect fill="none" height="24" width="24" /></g>
--- a/snikket_web/templates/admin_delete_user.html
+++ b/snikket_web/templates/admin_delete_user.html
@@ -16,7 +16,7 @@
 	<p>{% trans %}The user and their data will be deleted irrevocably, permanently and immediately upon pushing the below button. <strong>There is no way back!</strong>{% endtrans %}</p>
 	{% endcall %}
 	<div class="f-bbox">
-		{%- call standard_button("back", url_for(".index"), class="secondary") %}{% trans %}Back{% endtrans %}{% endcall -%}
+		{%- call standard_button("back", url_for(".edit_user", localpart=target_user.localpart), class="tertiary") %}{% trans %}Back{% endtrans %}{% endcall -%}
 		{%- call form_button("delete", form.action_delete, class="primary danger") %}{% endcall -%}
 	</div>
 </form></div>
--- a/snikket_web/templates/admin_edit_circle.html
+++ b/snikket_web/templates/admin_edit_circle.html
@@ -40,7 +40,7 @@
 		{%- endif -%}
 	</div>
 	<div class="f-bbox">
-		{%- call standard_button("back", url_for(".circles"), class="secondary") -%}
+		{%- call standard_button("back", url_for(".circles"), class="tertiary") -%}
 			{% trans %}Return to circle list{% endtrans %}
 		{%- endcall -%}
 		{%- call form_button("done", form.action_save, class="primary") %}{% endcall -%}
--- a/snikket_web/templates/admin_edit_invite.html
+++ b/snikket_web/templates/admin_edit_invite.html
@@ -44,10 +44,10 @@
 		<dd>{{ invite.created_at | format_date }}</dd>
 	</dl>
 	<div class="f-bbox">
-		{%- call form_button("remove_link", form.action_revoke, class="secondary danger") %}{% endcall -%}
+		{%- call standard_button("back", url_for(".invitations"), class="tertiary") %}
 		{%- call standard_button("back", url_for(".invitations"), class="primary") %}
 			{% trans %}Return to invitation list{% endtrans %}
 		{%- endcall %}
 		{%- call form_button("remove_link", form.action_revoke, class="primary danger") %}{% endcall -%}
 	</div>
 </div>
 </form>
--- a/snikket_web/templates/admin_edit_user.html
+++ b/snikket_web/templates/admin_edit_user.html
@@ -0,0 +1,79 @@
 {% extends "admin_app.html" %}
 {% from "library.j2" import box, form_button, standard_button, icon %}
 {% macro access_level_description(role, caller=None) %}
 {%- if role == "prosody:restricted" -%}
 {% trans %}Limited users can interact with users on the same Snikket service and be members of circles.{% endtrans %}
 {%- elif role == "prosody:normal" -%}
 {% trans %}Like limited users and can also interact with users on other Snikket services.{% endtrans %}
 {%- elif role == "prosody:admin" -%}
 {% trans %}Like normal users and can access the admin panel in the web portal.{% endtrans %}
 {%- endif -%}
 {% endmacro %}
 {% macro access_level_icon(role, caller=None) %}
 {%- if role == "prosody:restricted" -%}
 {% call icon("lock") %}{% endcall %}
 {%- elif role == "prosody:admin" -%}
 {% call icon("admin") %}{% endcall %}
 {%- endif -%}
 {% endmacro %}
 {% block content %}
 <h1>{% trans user_name=target_user.localpart %}Edit user {{ user_name }}{% endtrans %}</h1>
 <div class="form layout-expanded"><form method="POST">
 	{{ form.csrf_token }}
 	<h2 class="form-title">{% trans %}Edit user{% endtrans %}</h2>
 	<div class="f-ebox">
 		{{ form.localpart.label }}
 		{{ form.localpart(readonly="readonly") }}
 		<p class="form-desc weak">{% trans %}The login name cannot be changed.{% endtrans %}</p>
 	</div>
 	<div class="f-ebox">
 		{{ form.display_name.label }}
 		{{ form.display_name }}
 	</div>
 	<h3 class="form-title">{% trans %}Access Level{% endtrans %}</h3>
 	<p class="form-descr weak">{% trans %}The access level of a user determines what interactions are allowed for them on your Snikket service.{% endtrans %}</p>
 	<div class="f-ebox">
 		<fieldset>{#- -#}
 			<legend class="a11y-only">{{ form.role.label.text }}</legend>
 			{%- for level in form.role -%}
 			<div class="radio-button-ext">
 				{{ level }}<label for="{{ level.id }}">
 					{%- trans title=level.label.text, icon=access_level_icon(level.data), description=access_level_description(level.data) -%}
 					<strong>{{ title }}{{ icon }}</strong><p>{{ description }}</p>
 					{%- endtrans -%}
 				</label>
 			</div>
 			{%- endfor -%}
 		</fieldset>
 	</div>
 	<div class="f-bbox">
 		{%- call standard_button("back", url_for(".users"), class="tertiary") -%}
 			{%- trans -%}Return to user list{%- endtrans -%}
 		{%- endcall -%}
 		{%- call standard_button("delete", url_for(".delete_user", localpart=target_user.localpart), class="secondary") -%}
 			{%- trans -%}Delete user{%- endtrans -%}
 		{%- endcall -%}
 		{%- call form_button("done", form.action_save, class="primary") %}{% endcall -%}
 	</div>
 </form></div>
 <h2>{% trans %}Further actions{% endtrans %}</h2>
 <div class="form layout-expanded"><form method="POST">
 	<h2 class="form-title">{% trans %}Reset password{% endtrans %}</h2>
 	{{ form.csrf_token }}
 	<p class="form-desc">
 		{% trans %}If the user has lost their password, you can use the button below to create a special link which allows to change the password of the account, once.{% endtrans %}
 	</p>
 	<div class="f-bbox">
 		{%- call form_button("passwd", form.action_create_reset, class="primary") -%}{%- endcall -%}
 	</div>
 	<h2 class="form-title">{% trans %}Debug information{% endtrans %}</h2>
 	<p class="form-desc">
 		{% trans %}In some cases, extended information about the user account and the connected devices is necessary to troubleshoot issues. The button below reveals this (sensitive) information.{% endtrans %}
 	</p>
 	<div class="f-bbox">
 		{%- call standard_button("bug_report", url_for(".debug_user", localpart=target_user.localpart), class="primary") -%}
 			{%- trans -%}Show debug information{%- endtrans -%}
 		{%- endcall -%}
 	</div>
 </form></div>
 {% endblock %}
--- a/snikket_web/templates/admin_reset_user_password.html
+++ b/snikket_web/templates/admin_reset_user_password.html
@@ -9,7 +9,7 @@
 <form method="POST">
 {{- form.csrf_token -}}
 <div class="form layout-expanded">
-	<h2 class="form-title">{% trans user_name=target_user.localpart %}Password reset link for {{ user_name }}{% endtrans %}</h2>
+	<h2 class="form-title">{% trans user_name=localpart %}Password reset link for {{ user_name }}{% endtrans %}</h2>
 	<p class="form-desc">{% trans %}The following link will allow the user to reset their password on their device, once.{% endtrans %}</p>
 	<dd>
 		<dt>{% trans %}Valid until{% endtrans %}</dt>
@@ -21,7 +21,7 @@
 		{%- call custom_form_button("remove_link", form.action_revoke.name, reset_link.id_, class="secondary danger") -%}
 			{% trans %}Destroy link{% endtrans %}
 		{%- endcall -%}
-		{%- call standard_button("back", url_for(".users"), class="primary") -%}
+		{%- call standard_button("back", url_for(".edit_user", localpart=localpart), class="primary") -%}
 			{% trans %}Back{% endtrans %}
 		{%- endcall -%}
 	</div>
--- a/snikket_web/templates/admin_users.html
+++ b/snikket_web/templates/admin_users.html
@@ -1,9 +1,7 @@
 {% extends "admin_app.html" %}
-{% from "library.j2" import action_button, value_or_hint, custom_form_button %}
+{% from "library.j2" import action_button, icon, value_or_hint, custom_form_button %}
 {% block content %}
 <h1>{% trans %}Manage users{% endtrans %}</h1>
 <form method="POST" action="{{ url_for(".create_password_reset_link") }}">
 {{- reset_form.csrf_token -}}
 <div class="elevated el-2"><table>
 	<thead>
 		<tr>
@@ -15,17 +13,19 @@
 	<tbody>
 {% for user in users %}
 		<tr>
-			<td>{{ user.localpart }}</td>
+			<td>
 				{{- user.localpart -}}
 				{%- if user.has_admin_role -%}
 					<span class="with-tooltip above" data-tooltip="{% trans %}The user is an administrator.{% endtrans %}">{% call icon("admin") %}{% trans %} (Administrator){% endtrans %}{% endcall %}</span>
 				{%- endif -%}
 				{%- if user.has_restricted_role -%}
 					<span class="with-tooltip above" data-tooltip="{% trans %}The user is restricted.{% endtrans %}">{% call icon("lock") %}{% trans %} (Restricted){% endtrans %}{% endcall %}</span>
 				{%- endif -%}
 			</td>
 			<td>{% call value_or_hint(user.display_name) %}{% endcall %}</td>
 			<td class="nowrap">
-				{%- call action_button("delete", url_for(".delete_user", localpart=user.localpart), class="secondary") -%}
+				{%- call action_button("edit", url_for(".edit_user", localpart=user.localpart), class="primary") -%}
-					{% trans user_name=user.localpart %}Delete user {{ user_name }}{% endtrans %}
+					{% trans user_name=user.localpart %}Edit user {{ user_name }}{% endtrans %}
 				{%- endcall -%}
 				{%- call action_button("bug_report", url_for(".debug_user", localpart=user.localpart), class="secondary") -%}
 					{% trans user_name=user.localpart %}Show debug information for {{ user_name }}{% endtrans %}
 				{%- endcall -%}
 				{%- call custom_form_button("passwd", reset_form.action_create.name, user.localpart, class="secondary", slim=True) -%}
 					{% trans user_name=user.localpart %}Create password reset link for {{ user_name }}{% endtrans %}
 				{%- endcall -%}
 				</form>
 			</td>
@@ -33,6 +33,5 @@
 {% endfor %}
 	</tbody>
 </table></div>
 </form>
 {%- include "admin_create_invite_form.html" -%}
 {% endblock %}
--- a/snikket_web/templates/user_logout.html
+++ b/snikket_web/templates/user_logout.html
@@ -6,7 +6,7 @@
 	<p class="form-desc">{% trans %}Click below to log yourself out of the web portal. This does not affect any other connected devices.{% endtrans %}</p>
 	{{ form.csrf_token }}
 	<div class="f-bbox">
-		{%- call standard_button("back", url_for("user.index"), class="secondary") -%}
+		{%- call standard_button("back", url_for("user.index"), class="tertiary") -%}
 			{% trans %}Back{% endtrans %}
 		{%- endcall -%}
 		{%- call form_button("logout", form.action_signout, class="primary") %}{% endcall -%}
--- a/snikket_web/templates/user_passwd.html
+++ b/snikket_web/templates/user_passwd.html
@@ -24,7 +24,7 @@
 		<p>{% trans %}After changing your password, you will have to enter the new password on all of your devices.{% endtrans %}</p>
 	</div>
 	<div class="f-bbox">
-		{%- call standard_button("back", url_for('.index'), class="secondary") %}{% trans %}Back{% endtrans %}{% endcall -%}
+		{%- call standard_button("back", url_for('.index'), class="tertiary") %}{% trans %}Back{% endtrans %}{% endcall -%}
 		{%- call custom_form_button("passwd", "", "", class="primary") -%}
 			{% trans %}Change password{% endtrans %}
 		{%- endcall -%}
--- a/snikket_web/templates/user_profile.html
+++ b/snikket_web/templates/user_profile.html
@@ -29,7 +29,7 @@
 		</fieldset>
 	</div>
 	<div class="f-bbox">
-		{%- call standard_button("back", url_for('.index'), class="secondary") %}{% trans %}Back{% endtrans %}{% endcall -%}
+		{%- call standard_button("back", url_for('.index'), class="tertiary") %}{% trans %}Back{% endtrans %}{% endcall -%}
 		{%- call form_button("done", form.action_save, class="primary") %}{% endcall -%}
 	</div>
 	<script type="text/javascript">
--- a/snikket_web/translations/messages.pot
+++ b/snikket_web/translations/messages.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2021-03-22 15:08+0100\n"
+"POT-Creation-Date: 2021-03-25 17:32+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,130 +18,172 @@ msgstr ""
 "Generated-By: Babel 2.9.0\n"
 #: snikket_web/admin.py:59
-msgid "Delete user permanently"
+msgid "Limited"
 msgstr ""
-#: snikket_web/admin.py:72
+#: snikket_web/admin.py:64 snikket_web/templates/admin_delete_user.html:10
-msgid "User deleted"
+#: snikket_web/templates/admin_users.html:8
 msgid "Login name"
 msgstr ""
-#: snikket_web/admin.py:115
+#: snikket_web/admin.py:68 snikket_web/templates/admin_delete_user.html:12
 #: snikket_web/templates/admin_users.html:9 snikket_web/user.py:61
 msgid "Display name"
 msgstr ""
 #: snikket_web/admin.py:72 snikket_web/templates/admin_edit_user.html:33
 msgid "Access Level"
 msgstr ""
 #: snikket_web/admin.py:77
 msgid "Normal user"
 msgstr ""
 #: snikket_web/admin.py:78
 msgid "Administrator"
 msgstr ""
 #: snikket_web/admin.py:83
 msgid "Update user"
 msgstr ""
 #: snikket_web/admin.py:87
 msgid "Create password reset link"
 msgstr ""
 #: snikket_web/admin.py:105
 msgid "Password reset link created"
 msgstr ""
-#: snikket_web/admin.py:121
+#: snikket_web/admin.py:120
-msgid "Password reset link deleted"
+msgid "User information updated."
 msgstr ""
-#: snikket_web/admin.py:140
+#: snikket_web/admin.py:142
-msgid "Invite to circle"
+msgid "Delete user permanently"
 msgstr ""
 #: snikket_web/admin.py:146
 msgid "At least one circle must be selected"
 msgstr ""
 #: snikket_web/admin.py:151
 msgid "Valid for"
 msgstr ""
 #: snikket_web/admin.py:153
 msgid "One hour"
 msgstr ""
 #: snikket_web/admin.py:154
 msgid "Twelve hours"
 msgstr ""
 #: snikket_web/admin.py:155
 msgid "User deleted"
 msgstr ""
 #: snikket_web/admin.py:193
 msgid "Password reset link not found"
 msgstr ""
 #: snikket_web/admin.py:205
 msgid "Password reset link deleted"
 msgstr ""
 #: snikket_web/admin.py:225
 msgid "Invite to circle"
 msgstr ""
 #: snikket_web/admin.py:231
 msgid "At least one circle must be selected"
 msgstr ""
 #: snikket_web/admin.py:236
 msgid "Valid for"
 msgstr ""
 #: snikket_web/admin.py:238
 msgid "One hour"
 msgstr ""
 #: snikket_web/admin.py:239
 msgid "Twelve hours"
 msgstr ""
 #: snikket_web/admin.py:240
 msgid "One day"
 msgstr ""
-#: snikket_web/admin.py:156
+#: snikket_web/admin.py:241
 msgid "One week"
 msgstr ""
-#: snikket_web/admin.py:157
+#: snikket_web/admin.py:242
 msgid "Four weeks"
 msgstr ""
-#: snikket_web/admin.py:163 snikket_web/templates/admin_edit_invite.html:17
+#: snikket_web/admin.py:248 snikket_web/templates/admin_edit_invite.html:17
 msgid "Invitation type"
 msgstr ""
-#: snikket_web/admin.py:165 snikket_web/templates/library.j2:116
+#: snikket_web/admin.py:250 snikket_web/templates/library.j2:116
 msgid "Individual"
 msgstr ""
-#: snikket_web/admin.py:166 snikket_web/templates/library.j2:114
+#: snikket_web/admin.py:251 snikket_web/templates/library.j2:114
 msgid "Group"
 msgstr ""
-#: snikket_web/admin.py:172
+#: snikket_web/admin.py:257
 msgid "New invitation link"
 msgstr ""
-#: snikket_web/admin.py:234
+#: snikket_web/admin.py:319
 msgid "Revoke"
 msgstr ""
-#: snikket_web/admin.py:258
+#: snikket_web/admin.py:343
 msgid "Invitation created"
 msgstr ""
-#: snikket_web/admin.py:274
+#: snikket_web/admin.py:359
 msgid "No such invitation exists"
 msgstr ""
-#: snikket_web/admin.py:289
+#: snikket_web/admin.py:374
 msgid "Invitation revoked"
 msgstr ""
-#: snikket_web/admin.py:306 snikket_web/admin.py:354
+#: snikket_web/admin.py:391 snikket_web/admin.py:439
 msgid "Name"
 msgstr ""
-#: snikket_web/admin.py:311 snikket_web/templates/admin_circles.html:47
+#: snikket_web/admin.py:396 snikket_web/templates/admin_circles.html:47
 msgid "Create circle"
 msgstr ""
-#: snikket_web/admin.py:341
+#: snikket_web/admin.py:426
 msgid "Circle created"
 msgstr ""
-#: snikket_web/admin.py:359
+#: snikket_web/admin.py:444
 msgid "Select user"
 msgstr ""
-#: snikket_web/admin.py:364
+#: snikket_web/admin.py:449
 msgid "Update circle"
 msgstr ""
-#: snikket_web/admin.py:368
+#: snikket_web/admin.py:453
 msgid "Delete circle permanently"
 msgstr ""
-#: snikket_web/admin.py:374
+#: snikket_web/admin.py:459
 msgid "Add user"
 msgstr ""
-#: snikket_web/admin.py:390
+#: snikket_web/admin.py:475
 msgid "No such circle exists"
 msgstr ""
-#: snikket_web/admin.py:427
+#: snikket_web/admin.py:512
 msgid "Circle data updated"
 msgstr ""
-#: snikket_web/admin.py:433
+#: snikket_web/admin.py:518
 msgid "Circle deleted"
 msgstr ""
-#: snikket_web/admin.py:444
+#: snikket_web/admin.py:529
 msgid "User added to circle"
 msgstr ""
-#: snikket_web/admin.py:453
+#: snikket_web/admin.py:538
 msgid "User removed from circle"
 msgstr ""
@@ -234,11 +276,6 @@ msgstr ""
 msgid "Everyone"
 msgstr ""
 #: snikket_web/templates/admin_delete_user.html:12
 #: snikket_web/templates/admin_users.html:11 snikket_web/user.py:61
 msgid "Display name"
 msgstr ""
 #: snikket_web/user.py:65
 msgid "Avatar"
 msgstr ""
@@ -384,7 +421,7 @@ msgstr ""
 #: snikket_web/templates/admin_circles.html:15
 #: snikket_web/templates/admin_invites.html:24
-#: snikket_web/templates/admin_users.html:12
+#: snikket_web/templates/admin_users.html:10
 msgid "Actions"
 msgstr ""
@@ -455,12 +492,12 @@ msgid "Copy complete output"
 msgstr ""
 #: snikket_web/templates/admin_delete_user.html:4
 #: snikket_web/templates/admin_users.html:22
 #, python-format
 msgid "Delete user %(user_name)s"
 msgstr ""
 #: snikket_web/templates/admin_delete_user.html:6
 #: snikket_web/templates/admin_edit_user.html:54
 msgid "Delete user"
 msgstr ""
@@ -468,11 +505,6 @@ msgstr ""
 msgid "Are you sure you want to delete the following user?"
 msgstr ""
 #: snikket_web/templates/admin_delete_user.html:10
 #: snikket_web/templates/admin_users.html:10
 msgid "Login name"
 msgstr ""
 #: snikket_web/templates/admin_delete_user.html:15
 msgid "Danger"
 msgstr ""
@@ -606,10 +638,85 @@ msgstr ""
 msgid "Created"
 msgstr ""
-#: snikket_web/templates/admin_edit_invite.html:49
+#: snikket_web/templates/admin_edit_invite.html:48
 msgid "Return to invitation list"
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:5
 msgid ""
 "Limited users can interact with users on the same Snikket service and be "
 "members of circles."
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:7
 msgid ""
 "Like limited users and can also interact with users on other Snikket "
 "services."
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:9
 msgid "Like normal users and can access the admin panel in the web portal."
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:20
 #: snikket_web/templates/admin_users.html:28
 #, python-format
 msgid "Edit user %(user_name)s"
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:23
 msgid "Edit user"
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:27
 msgid "The login name cannot be changed."
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:34
 msgid ""
 "The access level of a user determines what interactions are allowed for "
 "them on your Snikket service."
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:41
 #, python-format
 msgid "<strong>%(title)s%(icon)s</strong><p>%(description)s</p>"
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:51
 msgid "Return to user list"
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:59
 msgid "Further actions"
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:61
 msgid "Reset password"
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:64
 msgid ""
 "If the user has lost their password, you can use the button below to "
 "create a special link which allows to change the password of the account,"
 " once."
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:69
 msgid "Debug information"
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:71
 msgid ""
 "In some cases, extended information about the user account and the "
 "connected devices is necessary to troubleshoot issues. The button below "
 "reveals this (sensitive) information."
 msgstr ""
 #: snikket_web/templates/admin_edit_user.html:75
 msgid "Show debug information"
 msgstr ""
 #: snikket_web/templates/admin_home.html:4
 msgid "Welcome to the admin panel!"
 msgstr ""
@@ -704,14 +811,20 @@ msgstr ""
 msgid "Destroy link"
 msgstr ""
-#: snikket_web/templates/admin_users.html:25
+#: snikket_web/templates/admin_users.html:19
-#, python-format
+msgid "The user is an administrator."
 msgid "Show debug information for %(user_name)s"
 msgstr ""
-#: snikket_web/templates/admin_users.html:28
+#: snikket_web/templates/admin_users.html:19
-#, python-format
+msgid " (Administrator)"
-msgid "Create password reset link for %(user_name)s"
+msgstr ""
 #: snikket_web/templates/admin_users.html:22
 msgid "The user is restricted."
 msgstr ""
 #: snikket_web/templates/admin_users.html:22
 msgid " (Restricted)"
 msgstr ""
 #: snikket_web/templates/app.html:4
@@ -1054,12 +1167,12 @@ msgstr ""
 #: snikket_web/templates/invite_view.html:99
 msgid ""
-"After downloading Snikket from the app store, you have to return to this "
+"After downloading Snikket from the App Store, you have to return to this "
 "invite link and tap on \"Open the app\" to proceed."
 msgstr ""
 #: snikket_web/templates/invite_view.html:101
-msgid "First download Snikket from the app store using the button below:"
+msgid "First download Snikket from the App Store using the button below:"
 msgstr ""
 #: snikket_web/templates/invite_view.html:103
--- a/tools/icons.list
+++ b/tools/icons.list
@@ -5,6 +5,7 @@ action/delete:delete
 action/logout:logout
 action/login:login
 action/exit_to_app:exit_to_app
 action/lock:lock
 communication/qr_code:qrcode
 communication/vpn_key:passwd
 content/add_circle_outline:add