feat: hide user nav links for admin, redirect admin to /admin/users on login

Connections/Catalog/VK/Sync nav links only shown for regular users or when
admin is viewing as a user. Admin/system users land on /admin/users after login.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

web/main.py

@@ -1,6 +1,6 @@
 import logging
 
-from fastapi import FastAPI, Request
+from fastapi import Depends, FastAPI, Request
 from fastapi.responses import HTMLResponse
 from fastapi.staticfiles import StaticFiles
 from starlette.middleware.sessions import SessionMiddleware
@@ -40,6 +40,8 @@ from web.routes.connections import router as connections_router  # noqa: E402
 from web.routes.vk_catalog import router as vk_catalog_router  # noqa: E402
 from web.routes.logs import router as logs_router  # noqa: E402
 from web.routes.sync import router as sync_router  # noqa: E402
+from web.database import get_db  # noqa: E402
+from web.models.user import User  # noqa: E402
 
 app.include_router(auth_router)
 app.include_router(reset_router)
@@ -69,10 +71,14 @@ async def health():
 
 # ── Root redirect ─────────────────────────────────────────────────────────────
 @app.get("/")
-async def root(request: Request):
+async def root(request: Request, db=Depends(get_db)):
     from fastapi.responses import RedirectResponse
+    from web.models.user import UserRoleEnum
     user_id = request.session.get("user_id")
     if user_id:
+        user = db.get(User, user_id)
+        if user and user.role in (UserRoleEnum.admin, UserRoleEnum.system):
+            return RedirectResponse("/admin/users", 303)
         return RedirectResponse("/profile", 303)
     return RedirectResponse("/login", 303)
 

web/templates/base.html

@@ -16,10 +16,12 @@
             </ul>
             <ul class="nav-links">
                 {% if user %}
+                    {% if user.role not in ('admin', 'system') or viewed_user %}
                     <li><a href="/connections">Подключения</a></li>
                     <li><a href="/catalog">Каталог Эвотор</a></li>
                     <li><a href="/vk-catalog/albums">Каталог ВК</a></li>
                     <li><a href="/sync">Синхронизация</a></li>
+                    {% endif %}
                     {% if user.role in ('admin', 'system') %}
                     <li><a href="/admin/users"><i class="bi bi-shield-lock"></i> Админ</a></li>
                     <li><a href="/admin/logs"><i class="bi bi-journal-text"></i> Логи</a></li>
@@ -34,10 +36,12 @@
             <details class="mobile-menu">
                 <summary role="button" class="outline secondary icon-btn"><i class="bi bi-list"></i></summary>
                 <ul>
+                    {% if user.role not in ('admin', 'system') or viewed_user %}
                     <li><a href="/connections">Подключения</a></li>
                     <li><a href="/catalog">Каталог Эвотор</a></li>
                     <li><a href="/vk-catalog/albums">Каталог ВК</a></li>
                     <li><a href="/sync">Синхронизация</a></li>
+                    {% endif %}
                     {% if user.role in ('admin', 'system') %}
                     <li><a href="/admin/users">Админ</a></li>
                     <li><a href="/admin/logs">Логи</a></li>