snapshot: preserve session hardening and account surface

2026-03-27 01:11:29 +01:00
parent bbc9b7b646
commit 8d228723f9
29 changed files with 825 additions and 42 deletions
--- a/backend/workflows/templates/workflows/includes/app_header.html
+++ b/backend/workflows/templates/workflows/includes/app_header.html
@@ -19,5 +19,35 @@
    {% if header_show_home %}
      <a class="btn btn-secondary" href="/">{% trans "Zur Startseite" %}</a>
    {% endif %}
+    {% if request.user.is_authenticated %}
+      <details class="app-user-menu">
+        <summary class="app-user-trigger">
+          <span class="app-user-avatar" aria-hidden="true">
+            {% if request.user.first_name or request.user.last_name %}
+              {{ request.user.first_name|slice:":1" }}{{ request.user.last_name|slice:":1" }}
+            {% else %}
+              {{ request.user.username|slice:":2" }}
+            {% endif %}
+          </span>
+          <span class="app-user-copy">
+            <strong>{{ request.user.get_full_name|default:request.user.username }}</strong>
+            <span>{{ role_label }}</span>
+          </span>
+          <span class="app-user-caret" aria-hidden="true">▾</span>
+        </summary>
+        <div class="app-user-panel">
+          <div class="app-user-panel-head">
+            <strong>{{ request.user.get_full_name|default:request.user.username }}</strong>
+            <span>{{ request.user.email|default:request.user.username }}</span>
+          </div>
+          <a href="{% url 'account_profile_page' %}">{% trans "Profil" %}</a>
+          <a href="{% url 'password_change' %}">{% trans "Passwort ändern" %}</a>
+          <form method="post" action="{% url 'logout' %}">
+            {% csrf_token %}
+            <button type="submit">{% trans "Abmelden" %}</button>
+          </form>
+        </div>
+      </details>
+    {% endif %}
  </div>
 </div>