From 00a4cdb84e3a6abc180e06403ea5d70693d65059 Mon Sep 17 00:00:00 2001
From: Jens Luedicke <jens.luedicke@gmail.com>
Date: Thu, 3 Jul 2025 09:15:18 +0200
Subject: [PATCH] Add System Administrator dashboard.

---
 app.py                                | 348 ++++++++++++++++++++++
 templates/layout.html                 |   4 +
 templates/system_admin_dashboard.html | 357 ++++++++++++++++++++++
 templates/system_admin_edit_user.html | 398 +++++++++++++++++++++++++
 templates/system_admin_users.html     | 411 ++++++++++++++++++++++++++
 5 files changed, 1518 insertions(+)
 create mode 100644 templates/system_admin_dashboard.html
 create mode 100644 templates/system_admin_edit_user.html
 create mode 100644 templates/system_admin_users.html

diff --git a/app.py b/app.py
index 38aabec..98b69bb 100644
--- a/app.py
+++ b/app.py
@@ -2188,6 +2188,354 @@ def admin_settings():
 
     return render_template('admin_settings.html', title='System Settings', settings=settings)
 
+@app.route('/system-admin/dashboard')
+@system_admin_required
+def system_admin_dashboard():
+    """System Administrator Dashboard - view all data across companies"""
+    
+    # Global statistics
+    total_companies = Company.query.count()
+    total_users = User.query.count()
+    total_teams = Team.query.count()
+    total_projects = Project.query.count()
+    total_time_entries = TimeEntry.query.count()
+    
+    # System admin count
+    system_admins = User.query.filter_by(role=Role.SYSTEM_ADMIN).count()
+    regular_admins = User.query.filter_by(role=Role.ADMIN).count()
+    
+    # Recent activity (last 7 days)
+    from datetime import datetime, timedelta
+    week_ago = datetime.now() - timedelta(days=7)
+    
+    recent_users = User.query.filter(User.created_at >= week_ago).count()
+    recent_companies = Company.query.filter(Company.created_at >= week_ago).count()
+    recent_time_entries = TimeEntry.query.filter(TimeEntry.start_time >= week_ago).count()
+    
+    # Top companies by user count
+    top_companies = db.session.query(
+        Company.name, 
+        Company.id,
+        db.func.count(User.id).label('user_count')
+    ).join(User).group_by(Company.id).order_by(db.func.count(User.id).desc()).limit(5).all()
+    
+    # Recent companies
+    recent_companies_list = Company.query.order_by(Company.created_at.desc()).limit(5).all()
+    
+    # System health checks
+    orphaned_users = User.query.filter_by(company_id=None).count()
+    orphaned_time_entries = TimeEntry.query.filter_by(user_id=None).count()
+    blocked_users = User.query.filter_by(is_blocked=True).count()
+    
+    return render_template('system_admin_dashboard.html', 
+                         title='System Administrator Dashboard',
+                         total_companies=total_companies,
+                         total_users=total_users,
+                         total_teams=total_teams,
+                         total_projects=total_projects,
+                         total_time_entries=total_time_entries,
+                         system_admins=system_admins,
+                         regular_admins=regular_admins,
+                         recent_users=recent_users,
+                         recent_companies=recent_companies,
+                         recent_time_entries=recent_time_entries,
+                         top_companies=top_companies,
+                         recent_companies_list=recent_companies_list,
+                         orphaned_users=orphaned_users,
+                         orphaned_time_entries=orphaned_time_entries,
+                         blocked_users=blocked_users)
+
+@app.route('/system-admin/users')
+@system_admin_required
+def system_admin_users():
+    """System Admin: View all users across all companies"""
+    filter_type = request.args.get('filter', '')
+    page = request.args.get('page', 1, type=int)
+    per_page = 50
+    
+    # Build query based on filter
+    query = User.query
+    
+    if filter_type == 'blocked':
+        query = query.filter_by(is_blocked=True)
+    elif filter_type == 'system_admins':
+        query = query.filter_by(role=Role.SYSTEM_ADMIN)
+    elif filter_type == 'admins':
+        query = query.filter_by(role=Role.ADMIN)
+    elif filter_type == 'unverified':
+        query = query.filter_by(is_verified=False)
+    elif filter_type == 'freelancers':
+        query = query.filter_by(account_type=AccountType.FREELANCER)
+    
+    # Add company join for display
+    query = query.join(Company).add_columns(Company.name.label('company_name'))
+    
+    # Order by creation date (newest first)
+    query = query.order_by(User.created_at.desc())
+    
+    # Paginate results
+    users = query.paginate(page=page, per_page=per_page, error_out=False)
+    
+    return render_template('system_admin_users.html', 
+                         title='System Admin - All Users',
+                         users=users,
+                         current_filter=filter_type)
+
+@app.route('/system-admin/users/<int:user_id>/edit', methods=['GET', 'POST'])
+@system_admin_required
+def system_admin_edit_user(user_id):
+    """System Admin: Edit any user across companies"""
+    user = User.query.get_or_404(user_id)
+    
+    if request.method == 'POST':
+        # Get form data
+        username = request.form.get('username')
+        email = request.form.get('email')
+        role = request.form.get('role')
+        is_blocked = request.form.get('is_blocked') == 'on'
+        is_verified = request.form.get('is_verified') == 'on'
+        company_id = request.form.get('company_id')
+        team_id = request.form.get('team_id') or None
+        
+        # Validation
+        error = None
+        
+        # Check if username is unique within the company
+        existing_user = User.query.filter(
+            User.username == username,
+            User.company_id == company_id,
+            User.id != user_id
+        ).first()
+        
+        if existing_user:
+            error = f'Username "{username}" is already taken in this company.'
+        
+        # Check if email is unique within the company  
+        existing_email = User.query.filter(
+            User.email == email,
+            User.company_id == company_id,
+            User.id != user_id
+        ).first()
+        
+        if existing_email:
+            error = f'Email "{email}" is already registered in this company.'
+        
+        if not error:
+            # Update user
+            user.username = username
+            user.email = email
+            user.role = Role(role)
+            user.is_blocked = is_blocked
+            user.is_verified = is_verified
+            user.company_id = company_id
+            user.team_id = team_id
+            
+            db.session.commit()
+            flash(f'User {username} updated successfully.', 'success')
+            return redirect(url_for('system_admin_users'))
+        
+        flash(error, 'error')
+    
+    # Get all companies and teams for form dropdowns
+    companies = Company.query.order_by(Company.name).all()
+    teams = Team.query.filter_by(company_id=user.company_id).order_by(Team.name).all()
+    roles = get_available_roles()
+    
+    return render_template('system_admin_edit_user.html',
+                         title=f'Edit User: {user.username}',
+                         user=user,
+                         companies=companies,
+                         teams=teams,
+                         roles=roles)
+
+@app.route('/system-admin/users/<int:user_id>/delete', methods=['POST'])
+@system_admin_required
+def system_admin_delete_user(user_id):
+    """System Admin: Delete any user (with safety checks)"""
+    user = User.query.get_or_404(user_id)
+    
+    # Safety check: prevent deleting the last system admin
+    if user.role == Role.SYSTEM_ADMIN:
+        system_admin_count = User.query.filter_by(role=Role.SYSTEM_ADMIN).count()
+        if system_admin_count <= 1:
+            flash('Cannot delete the last system administrator.', 'error')
+            return redirect(url_for('system_admin_users'))
+    
+    # Safety check: prevent deleting yourself
+    if user.id == g.user.id:
+        flash('Cannot delete your own account.', 'error')
+        return redirect(url_for('system_admin_users'))
+    
+    username = user.username
+    company_name = user.company.name if user.company else 'Unknown'
+    
+    # Delete related data first
+    TimeEntry.query.filter_by(user_id=user.id).delete()
+    WorkConfig.query.filter_by(user_id=user.id).delete()
+    
+    # Delete the user
+    db.session.delete(user)
+    db.session.commit()
+    
+    flash(f'User "{username}" from company "{company_name}" has been deleted.', 'success')
+    return redirect(url_for('system_admin_users'))
+
+@app.route('/system-admin/companies')
+@system_admin_required
+def system_admin_companies():
+    """System Admin: View all companies"""
+    page = request.args.get('page', 1, type=int)
+    per_page = 20
+    
+    companies = Company.query.order_by(Company.created_at.desc()).paginate(
+        page=page, per_page=per_page, error_out=False)
+    
+    # Get user counts for each company
+    company_stats = {}
+    for company in companies.items:
+        user_count = User.query.filter_by(company_id=company.id).count()
+        admin_count = User.query.filter(
+            User.company_id == company.id,
+            User.role.in_([Role.ADMIN, Role.SYSTEM_ADMIN])
+        ).count()
+        company_stats[company.id] = {
+            'user_count': user_count,
+            'admin_count': admin_count
+        }
+    
+    return render_template('system_admin_companies.html',
+                         title='System Admin - All Companies',
+                         companies=companies,
+                         company_stats=company_stats)
+
+@app.route('/system-admin/companies/<int:company_id>')
+@system_admin_required
+def system_admin_company_detail(company_id):
+    """System Admin: View detailed company information"""
+    company = Company.query.get_or_404(company_id)
+    
+    # Get company statistics
+    users = User.query.filter_by(company_id=company.id).all()
+    teams = Team.query.filter_by(company_id=company.id).all()
+    projects = Project.query.filter_by(company_id=company.id).all()
+    
+    # Recent activity
+    from datetime import datetime, timedelta
+    week_ago = datetime.now() - timedelta(days=7)
+    recent_time_entries = TimeEntry.query.join(User).filter(
+        User.company_id == company.id,
+        TimeEntry.start_time >= week_ago
+    ).count()
+    
+    # Role distribution
+    role_counts = {}
+    for role in Role:
+        count = User.query.filter_by(company_id=company.id, role=role).count()
+        if count > 0:
+            role_counts[role.value] = count
+    
+    return render_template('system_admin_company_detail.html',
+                         title=f'Company: {company.name}',
+                         company=company,
+                         users=users,
+                         teams=teams,
+                         projects=projects,
+                         recent_time_entries=recent_time_entries,
+                         role_counts=role_counts)
+
+@app.route('/system-admin/time-entries')
+@system_admin_required
+def system_admin_time_entries():
+    """System Admin: View time entries across all companies"""
+    page = request.args.get('page', 1, type=int)
+    company_filter = request.args.get('company', '')
+    per_page = 50
+    
+    # Build query
+    query = TimeEntry.query.join(User).join(Company)
+    
+    if company_filter:
+        query = query.filter(Company.id == company_filter)
+    
+    # Add columns for display
+    query = query.add_columns(
+        User.username,
+        Company.name.label('company_name'),
+        Project.name.label('project_name')
+    ).outerjoin(Project)
+    
+    # Order by start time (newest first)
+    query = query.order_by(TimeEntry.start_time.desc())
+    
+    # Paginate
+    entries = query.paginate(page=page, per_page=per_page, error_out=False)
+    
+    # Get companies for filter dropdown
+    companies = Company.query.order_by(Company.name).all()
+    
+    return render_template('system_admin_time_entries.html',
+                         title='System Admin - Time Entries',
+                         entries=entries,
+                         companies=companies,
+                         current_company=company_filter)
+
+@app.route('/system-admin/settings', methods=['GET', 'POST'])
+@system_admin_required
+def system_admin_settings():
+    """System Admin: Global system settings"""
+    if request.method == 'POST':
+        # Update system settings
+        registration_enabled = request.form.get('registration_enabled') == 'on'
+        email_verification = request.form.get('email_verification_required') == 'on'
+        
+        # Update or create settings
+        reg_setting = SystemSettings.query.filter_by(key='registration_enabled').first()
+        if reg_setting:
+            reg_setting.value = 'true' if registration_enabled else 'false'
+        else:
+            reg_setting = SystemSettings(
+                key='registration_enabled',
+                value='true' if registration_enabled else 'false',
+                description='Controls whether new user registration is allowed'
+            )
+            db.session.add(reg_setting)
+        
+        email_setting = SystemSettings.query.filter_by(key='email_verification_required').first()
+        if email_setting:
+            email_setting.value = 'true' if email_verification else 'false'
+        else:
+            email_setting = SystemSettings(
+                key='email_verification_required',
+                value='true' if email_verification else 'false',
+                description='Controls whether email verification is required for new accounts'
+            )
+            db.session.add(email_setting)
+        
+        db.session.commit()
+        flash('System settings updated successfully.', 'success')
+        return redirect(url_for('system_admin_settings'))
+    
+    # Get current settings
+    settings = {}
+    all_settings = SystemSettings.query.all()
+    for setting in all_settings:
+        if setting.key == 'registration_enabled':
+            settings['registration_enabled'] = setting.value == 'true'
+        elif setting.key == 'email_verification_required':
+            settings['email_verification_required'] = setting.value == 'true'
+    
+    # System statistics
+    total_companies = Company.query.count()
+    total_users = User.query.count()
+    total_system_admins = User.query.filter_by(role=Role.SYSTEM_ADMIN).count()
+    
+    return render_template('system_admin_settings.html',
+                         title='System Administrator Settings',
+                         settings=settings,
+                         total_companies=total_companies,
+                         total_users=total_users,
+                         total_system_admins=total_system_admins)
+
 @app.route('/admin/work-policies', methods=['GET', 'POST'])
 @admin_required
 @company_required
diff --git a/templates/layout.html b/templates/layout.html
index cd3228e..923866f 100644
--- a/templates/layout.html
+++ b/templates/layout.html
@@ -55,6 +55,10 @@
                     <li><a href="{{ url_for('admin_projects') }}" data-tooltip="Manage Projects"><i class="nav-icon">📝</i><span class="nav-text">Manage Projects</span></a></li>
                     <li><a href="{{ url_for('admin_work_policies') }}" data-tooltip="Work Policies"><i class="nav-icon">⚖️</i><span class="nav-text">Work Policies</span></a></li>
                     <li><a href="{{ url_for('admin_settings') }}" data-tooltip="System Settings"><i class="nav-icon">🔧</i><span class="nav-text">System Settings</span></a></li>
+                    {% if g.user.role == Role.SYSTEM_ADMIN %}
+                    <li class="nav-divider">System Admin</li>
+                    <li><a href="{{ url_for('system_admin_dashboard') }}" data-tooltip="System Dashboard"><i class="nav-icon">🌐</i><span class="nav-text">System Dashboard</span></a></li>
+                    {% endif %}
                     {% elif g.user.role in [Role.TEAM_LEADER, Role.SUPERVISOR] %}
                     <li class="nav-divider">{{ g.user.username }}</li>
                     <li><a href="{{ url_for('profile') }}" data-tooltip="Profile"><i class="nav-icon">👤</i><span class="nav-text">Profile</span></a></li>
diff --git a/templates/system_admin_dashboard.html b/templates/system_admin_dashboard.html
new file mode 100644
index 0000000..e7bc054
--- /dev/null
+++ b/templates/system_admin_dashboard.html
@@ -0,0 +1,357 @@
+{% extends "layout.html" %}
+
+{% block content %}
+<div class="container">
+    <h1>🔧 System Administrator Dashboard</h1>
+    <p class="subtitle">Global system overview and management tools</p>
+
+    <!-- System Overview Statistics -->
+    <div class="stats-section">
+        <h2>📊 System Overview</h2>
+        <div class="stats-grid">
+            <div class="stat-card">
+                <h3>{{ total_companies }}</h3>
+                <p>Total Companies</p>
+                <a href="{{ url_for('system_admin_companies') }}" class="stat-link">Manage →</a>
+            </div>
+            <div class="stat-card">
+                <h3>{{ total_users }}</h3>
+                <p>Total Users</p>
+                <a href="{{ url_for('system_admin_users') }}" class="stat-link">Manage →</a>
+            </div>
+            <div class="stat-card">
+                <h3>{{ total_teams }}</h3>
+                <p>Total Teams</p>
+            </div>
+            <div class="stat-card">
+                <h3>{{ total_projects }}</h3>
+                <p>Total Projects</p>
+            </div>
+            <div class="stat-card">
+                <h3>{{ total_time_entries }}</h3>
+                <p>Time Entries</p>
+                <a href="{{ url_for('system_admin_time_entries') }}" class="stat-link">View →</a>
+            </div>
+        </div>
+    </div>
+
+    <!-- Administrator Statistics -->
+    <div class="stats-section">
+        <h2>👤 Administrator Overview</h2>
+        <div class="stats-grid">
+            <div class="stat-card">
+                <h3>{{ system_admins }}</h3>
+                <p>System Administrators</p>
+            </div>
+            <div class="stat-card">
+                <h3>{{ regular_admins }}</h3>
+                <p>Company Administrators</p>
+            </div>
+            <div class="stat-card">
+                <h3>{{ blocked_users }}</h3>
+                <p>Blocked Users</p>
+                {% if blocked_users > 0 %}
+                    <a href="{{ url_for('system_admin_users', filter='blocked') }}" class="stat-link">Review →</a>
+                {% endif %}
+            </div>
+        </div>
+    </div>
+
+    <!-- Recent Activity -->
+    <div class="stats-section">
+        <h2>📈 Recent Activity (Last 7 Days)</h2>
+        <div class="stats-grid">
+            <div class="stat-card">
+                <h3>{{ recent_users }}</h3>
+                <p>New Users</p>
+            </div>
+            <div class="stat-card">
+                <h3>{{ recent_companies }}</h3>
+                <p>New Companies</p>
+            </div>
+            <div class="stat-card">
+                <h3>{{ recent_time_entries }}</h3>
+                <p>Time Entries</p>
+            </div>
+        </div>
+    </div>
+
+    <!-- System Health -->
+    {% if orphaned_users > 0 or orphaned_time_entries > 0 %}
+    <div class="stats-section alert-section">
+        <h2>⚠️ System Health Issues</h2>
+        <div class="stats-grid">
+            {% if orphaned_users > 0 %}
+            <div class="stat-card alert-card">
+                <h3>{{ orphaned_users }}</h3>
+                <p>Orphaned Users</p>
+                <small>Users without company assignment</small>
+            </div>
+            {% endif %}
+            {% if orphaned_time_entries > 0 %}
+            <div class="stat-card alert-card">
+                <h3>{{ orphaned_time_entries }}</h3>
+                <p>Orphaned Time Entries</p>
+                <small>Time entries without user assignment</small>
+            </div>
+            {% endif %}
+        </div>
+    </div>
+    {% endif %}
+
+    <div class="dashboard-grid">
+        <!-- Top Companies -->
+        <div class="dashboard-card">
+            <h3>🏢 Top Companies by Users</h3>
+            {% if top_companies %}
+                <table class="table">
+                    <thead>
+                        <tr>
+                            <th>Company</th>
+                            <th>Users</th>
+                            <th>Actions</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        {% for company in top_companies %}
+                        <tr>
+                            <td>{{ company.name }}</td>
+                            <td>{{ company.user_count }}</td>
+                            <td>
+                                <a href="{{ url_for('system_admin_company_detail', company_id=company.id) }}" class="btn btn-sm">View</a>
+                            </td>
+                        </tr>
+                        {% endfor %}
+                    </tbody>
+                </table>
+            {% else %}
+                <p>No companies found.</p>
+            {% endif %}
+        </div>
+
+        <!-- Recent Companies -->
+        <div class="dashboard-card">
+            <h3>🆕 Recent Companies</h3>
+            {% if recent_companies_list %}
+                <table class="table">
+                    <thead>
+                        <tr>
+                            <th>Company</th>
+                            <th>Created</th>
+                            <th>Type</th>
+                            <th>Actions</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        {% for company in recent_companies_list %}
+                        <tr>
+                            <td>{{ company.name }}</td>
+                            <td>{{ company.created_at.strftime('%Y-%m-%d') }}</td>
+                            <td>
+                                {% if company.is_personal %}
+                                    <span class="badge badge-freelancer">Freelancer</span>
+                                {% else %}
+                                    <span class="badge badge-company">Company</span>
+                                {% endif %}
+                            </td>
+                            <td>
+                                <a href="{{ url_for('system_admin_company_detail', company_id=company.id) }}" class="btn btn-sm">View</a>
+                            </td>
+                        </tr>
+                        {% endfor %}
+                    </tbody>
+                </table>
+            {% else %}
+                <p>No recent companies found.</p>
+            {% endif %}
+        </div>
+    </div>
+
+    <!-- Management Actions -->
+    <div class="admin-panel">
+        <h2>🛠️ System Management</h2>
+        <div class="admin-actions">
+            <a href="{{ url_for('system_admin_users') }}" class="btn btn-primary">
+                👥 Manage All Users
+            </a>
+            <a href="{{ url_for('system_admin_companies') }}" class="btn btn-primary">
+                🏢 Manage Companies
+            </a>
+            <a href="{{ url_for('system_admin_time_entries') }}" class="btn btn-primary">
+                ⏱️ View Time Entries
+            </a>
+            <a href="{{ url_for('system_admin_settings') }}" class="btn btn-primary">
+                ⚙️ System Settings
+            </a>
+        </div>
+    </div>
+</div>
+
+<style>
+.stats-section {
+    margin-bottom: 2rem;
+}
+
+.stats-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
+    gap: 1rem;
+    margin-bottom: 1rem;
+}
+
+.stat-card {
+    background: #f8f9fa;
+    border: 1px solid #dee2e6;
+    border-radius: 8px;
+    padding: 1.5rem;
+    text-align: center;
+    position: relative;
+}
+
+.stat-card h3 {
+    font-size: 2rem;
+    margin: 0 0 0.5rem 0;
+    color: #007bff;
+}
+
+.stat-card p {
+    margin: 0;
+    color: #6c757d;
+    font-weight: 500;
+}
+
+.stat-card small {
+    display: block;
+    color: #6c757d;
+    font-size: 0.8rem;
+    margin-top: 0.25rem;
+}
+
+.stat-link {
+    position: absolute;
+    bottom: 0.5rem;
+    right: 0.75rem;
+    font-size: 0.8rem;
+    color: #007bff;
+    text-decoration: none;
+}
+
+.stat-link:hover {
+    text-decoration: underline;
+}
+
+.alert-section {
+    border: 2px solid #dc3545;
+    border-radius: 8px;
+    padding: 1rem;
+    background: #f8d7da;
+}
+
+.alert-card {
+    background: #f5c6cb;
+    border-color: #dc3545;
+}
+
+.alert-card h3 {
+    color: #dc3545;
+}
+
+.dashboard-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(400px, 1fr));
+    gap: 2rem;
+    margin: 2rem 0;
+}
+
+.dashboard-card {
+    background: #fff;
+    border: 1px solid #dee2e6;
+    border-radius: 8px;
+    padding: 1.5rem;
+}
+
+.dashboard-card h3 {
+    margin-top: 0;
+    margin-bottom: 1rem;
+    color: #495057;
+}
+
+.table {
+    width: 100%;
+    border-collapse: collapse;
+    margin-top: 1rem;
+}
+
+.table th,
+.table td {
+    padding: 0.75rem;
+    text-align: left;
+    border-bottom: 1px solid #dee2e6;
+}
+
+.table th {
+    font-weight: 600;
+    background: #f8f9fa;
+}
+
+.badge {
+    padding: 0.25rem 0.5rem;
+    border-radius: 4px;
+    font-size: 0.75rem;
+    font-weight: 500;
+}
+
+.badge-company {
+    background: #d1ecf1;
+    color: #0c5460;
+}
+
+.badge-freelancer {
+    background: #d4edda;
+    color: #155724;
+}
+
+.admin-panel {
+    margin-top: 2rem;
+    padding: 2rem;
+    background: #f8f9fa;
+    border-radius: 8px;
+}
+
+.admin-actions {
+    display: flex;
+    gap: 1rem;
+    flex-wrap: wrap;
+}
+
+.btn {
+    display: inline-block;
+    padding: 0.75rem 1.5rem;
+    border: none;
+    border-radius: 4px;
+    text-decoration: none;
+    font-weight: 500;
+    cursor: pointer;
+    transition: background-color 0.2s;
+}
+
+.btn-primary {
+    background: #007bff;
+    color: white;
+}
+
+.btn-primary:hover {
+    background: #0056b3;
+}
+
+.btn-sm {
+    padding: 0.25rem 0.5rem;
+    font-size: 0.875rem;
+}
+
+.subtitle {
+    color: #6c757d;
+    margin-bottom: 2rem;
+}
+</style>
+{% endblock %}
\ No newline at end of file
diff --git a/templates/system_admin_edit_user.html b/templates/system_admin_edit_user.html
new file mode 100644
index 0000000..25c151c
--- /dev/null
+++ b/templates/system_admin_edit_user.html
@@ -0,0 +1,398 @@
+{% extends "layout.html" %}
+
+{% block content %}
+<div class="container">
+    <div class="header-section">
+        <h1>✏️ Edit User: {{ user.username }}</h1>
+        <p class="subtitle">System Administrator - Edit user across companies</p>
+        <a href="{{ url_for('system_admin_users') }}" class="btn btn-secondary">← Back to Users</a>
+    </div>
+
+    <div class="form-container">
+        <form method="POST">
+            <div class="form-grid">
+                <!-- Basic Information -->
+                <div class="form-section">
+                    <h3>Basic Information</h3>
+                    
+                    <div class="form-group">
+                        <label for="username">Username</label>
+                        <input type="text" id="username" name="username" 
+                               value="{{ user.username }}" required 
+                               class="form-control">
+                    </div>
+
+                    <div class="form-group">
+                        <label for="email">Email</label>
+                        <input type="email" id="email" name="email" 
+                               value="{{ user.email }}" required 
+                               class="form-control">
+                    </div>
+                </div>
+
+                <!-- Company & Team Assignment -->
+                <div class="form-section">
+                    <h3>Company & Team</h3>
+                    
+                    <div class="form-group">
+                        <label for="company_id">Company</label>
+                        <select id="company_id" name="company_id" required class="form-control">
+                            {% for company in companies %}
+                            <option value="{{ company.id }}" 
+                                    {% if company.id == user.company_id %}selected{% endif %}>
+                                {{ company.name }}
+                                {% if company.is_personal %}(Personal){% endif %}
+                            </option>
+                            {% endfor %}
+                        </select>
+                    </div>
+
+                    <div class="form-group">
+                        <label for="team_id">Team (Optional)</label>
+                        <select id="team_id" name="team_id" class="form-control">
+                            <option value="">No Team</option>
+                            {% for team in teams %}
+                            <option value="{{ team.id }}" 
+                                    {% if team.id == user.team_id %}selected{% endif %}>
+                                {{ team.name }}
+                            </option>
+                            {% endfor %}
+                        </select>
+                    </div>
+                </div>
+
+                <!-- Role & Permissions -->
+                <div class="form-section">
+                    <h3>Role & Permissions</h3>
+                    
+                    <div class="form-group">
+                        <label for="role">Role</label>
+                        <select id="role" name="role" required class="form-control">
+                            {% for role in roles %}
+                            <option value="{{ role.name }}" 
+                                    {% if role == user.role %}selected{% endif %}>
+                                {{ role.value }}
+                            </option>
+                            {% endfor %}
+                        </select>
+                        {% if user.role == Role.SYSTEM_ADMIN %}
+                        <small class="form-text">⚠️ Warning: This user is a System Administrator</small>
+                        {% endif %}
+                    </div>
+                </div>
+
+                <!-- Account Status -->
+                <div class="form-section">
+                    <h3>Account Status</h3>
+                    
+                    <div class="form-group">
+                        <label class="checkbox-label">
+                            <input type="checkbox" name="is_verified" 
+                                   {% if user.is_verified %}checked{% endif %}>
+                            <span class="checkmark"></span>
+                            Email Verified
+                        </label>
+                        <small class="form-text">Whether the user's email address has been verified</small>
+                    </div>
+
+                    <div class="form-group">
+                        <label class="checkbox-label">
+                            <input type="checkbox" name="is_blocked" 
+                                   {% if user.is_blocked %}checked{% endif %}>
+                            <span class="checkmark"></span>
+                            Account Blocked
+                        </label>
+                        <small class="form-text">Blocked users cannot log in to the system</small>
+                    </div>
+                </div>
+            </div>
+
+            <!-- User Information Display -->
+            <div class="info-section">
+                <h3>User Information</h3>
+                <div class="info-grid">
+                    <div class="info-item">
+                        <label>Account Type:</label>
+                        <span class="badge {% if user.account_type == AccountType.FREELANCER %}badge-freelancer{% else %}badge-company{% endif %}">
+                            {{ user.account_type.value }}
+                        </span>
+                    </div>
+                    
+                    <div class="info-item">
+                        <label>Created:</label>
+                        <span>{{ user.created_at.strftime('%Y-%m-%d %H:%M') }}</span>
+                    </div>
+                    
+                    {% if user.business_name %}
+                    <div class="info-item">
+                        <label>Business Name:</label>
+                        <span>{{ user.business_name }}</span>
+                    </div>
+                    {% endif %}
+                    
+                    <div class="info-item">
+                        <label>2FA Enabled:</label>
+                        <span class="{% if user.two_factor_enabled %}text-success{% else %}text-muted{% endif %}">
+                            {{ 'Yes' if user.two_factor_enabled else 'No' }}
+                        </span>
+                    </div>
+                </div>
+            </div>
+
+            <!-- Form Actions -->
+            <div class="form-actions">
+                <button type="submit" class="btn btn-primary">Save Changes</button>
+                <a href="{{ url_for('system_admin_users') }}" class="btn btn-secondary">Cancel</a>
+                
+                {% if user.id != g.user.id and not (user.role == Role.SYSTEM_ADMIN and user.id == g.user.id) %}
+                <div class="danger-zone">
+                    <h4>Danger Zone</h4>
+                    <p>Permanently delete this user account. This action cannot be undone.</p>
+                    <form method="POST" action="{{ url_for('system_admin_delete_user', user_id=user.id) }}" 
+                          style="display: inline;" 
+                          onsubmit="return confirm('Are you sure you want to delete user \'{{ user.username }}\'? This will also delete all their time entries and cannot be undone.')">
+                        <button type="submit" class="btn btn-danger">Delete User</button>
+                    </form>
+                </div>
+                {% endif %}
+            </div>
+        </form>
+    </div>
+</div>
+
+<style>
+.header-section {
+    margin-bottom: 2rem;
+}
+
+.subtitle {
+    color: #6c757d;
+    margin-bottom: 1rem;
+}
+
+.form-container {
+    max-width: 800px;
+    background: white;
+    border-radius: 8px;
+    padding: 2rem;
+    box-shadow: 0 1px 3px rgba(0,0,0,0.1);
+}
+
+.form-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+    gap: 2rem;
+    margin-bottom: 2rem;
+}
+
+.form-section {
+    border: 1px solid #dee2e6;
+    border-radius: 8px;
+    padding: 1.5rem;
+}
+
+.form-section h3 {
+    margin-top: 0;
+    margin-bottom: 1.5rem;
+    color: #495057;
+    border-bottom: 2px solid #e9ecef;
+    padding-bottom: 0.5rem;
+}
+
+.form-group {
+    margin-bottom: 1.5rem;
+}
+
+.form-group label {
+    display: block;
+    margin-bottom: 0.5rem;
+    font-weight: 500;
+    color: #495057;
+}
+
+.form-control {
+    width: 100%;
+    padding: 0.75rem;
+    border: 1px solid #ced4da;
+    border-radius: 4px;
+    font-size: 1rem;
+    transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+
+.form-control:focus {
+    border-color: #007bff;
+    outline: 0;
+    box-shadow: 0 0 0 2px rgba(0, 123, 255, 0.25);
+}
+
+.form-text {
+    display: block;
+    margin-top: 0.25rem;
+    font-size: 0.875rem;
+    color: #6c757d;
+}
+
+.checkbox-label {
+    display: flex;
+    align-items: center;
+    cursor: pointer;
+    font-weight: normal;
+}
+
+.checkbox-label input[type="checkbox"] {
+    margin-right: 0.5rem;
+    margin-bottom: 0;
+}
+
+.info-section {
+    background: #f8f9fa;
+    border-radius: 8px;
+    padding: 1.5rem;
+    margin-bottom: 2rem;
+}
+
+.info-section h3 {
+    margin-top: 0;
+    margin-bottom: 1rem;
+    color: #495057;
+}
+
+.info-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
+    gap: 1rem;
+}
+
+.info-item {
+    display: flex;
+    flex-direction: column;
+    gap: 0.25rem;
+}
+
+.info-item label {
+    font-weight: 600;
+    color: #6c757d;
+    font-size: 0.875rem;
+}
+
+.badge {
+    padding: 0.25rem 0.5rem;
+    border-radius: 4px;
+    font-size: 0.75rem;
+    font-weight: 500;
+    display: inline-block;
+}
+
+.badge-company {
+    background: #d1ecf1;
+    color: #0c5460;
+}
+
+.badge-freelancer {
+    background: #d4edda;
+    color: #155724;
+}
+
+.text-success {
+    color: #28a745;
+}
+
+.text-muted {
+    color: #6c757d;
+}
+
+.form-actions {
+    display: flex;
+    gap: 1rem;
+    align-items: center;
+    flex-wrap: wrap;
+}
+
+.btn {
+    display: inline-block;
+    padding: 0.75rem 1.5rem;
+    border: none;
+    border-radius: 4px;
+    text-decoration: none;
+    font-weight: 500;
+    cursor: pointer;
+    transition: background-color 0.2s;
+}
+
+.btn-primary {
+    background: #007bff;
+    color: white;
+}
+
+.btn-primary:hover {
+    background: #0056b3;
+}
+
+.btn-secondary {
+    background: #6c757d;
+    color: white;
+}
+
+.btn-secondary:hover {
+    background: #545b62;
+}
+
+.btn-danger {
+    background: #dc3545;
+    color: white;
+}
+
+.btn-danger:hover {
+    background: #c82333;
+}
+
+.danger-zone {
+    margin-left: auto;
+    padding: 1rem;
+    border: 2px solid #dc3545;
+    border-radius: 8px;
+    background: #f8d7da;
+    max-width: 300px;
+}
+
+.danger-zone h4 {
+    color: #721c24;
+    margin-top: 0;
+    margin-bottom: 0.5rem;
+}
+
+.danger-zone p {
+    color: #721c24;
+    font-size: 0.875rem;
+    margin-bottom: 1rem;
+}
+</style>
+
+<script>
+// Update teams when company changes
+document.getElementById('company_id').addEventListener('change', function() {
+    const companyId = this.value;
+    const teamSelect = document.getElementById('team_id');
+    
+    // Clear current options except "No Team"
+    teamSelect.innerHTML = '<option value="">No Team</option>';
+    
+    // Fetch teams for the selected company
+    if (companyId) {
+        fetch(`/api/companies/${companyId}/teams`)
+            .then(response => response.json())
+            .then(teams => {
+                teams.forEach(team => {
+                    const option = document.createElement('option');
+                    option.value = team.id;
+                    option.textContent = team.name;
+                    teamSelect.appendChild(option);
+                });
+            })
+            .catch(error => {
+                console.error('Error fetching teams:', error);
+            });
+    }
+});
+</script>
+{% endblock %}
\ No newline at end of file
diff --git a/templates/system_admin_users.html b/templates/system_admin_users.html
new file mode 100644
index 0000000..2752e0f
--- /dev/null
+++ b/templates/system_admin_users.html
@@ -0,0 +1,411 @@
+{% extends "layout.html" %}
+
+{% block content %}
+<div class="container">
+    <div class="header-section">
+        <h1>👥 System Admin - All Users</h1>
+        <p class="subtitle">Manage users across all companies</p>
+        <a href="{{ url_for('system_admin_dashboard') }}" class="btn btn-secondary">← Back to Dashboard</a>
+    </div>
+
+    <!-- Filter Options -->
+    <div class="filter-section">
+        <h3>Filter Users</h3>
+        <div class="filter-buttons">
+            <a href="{{ url_for('system_admin_users') }}" 
+               class="btn btn-filter {% if not current_filter %}active{% endif %}">
+                All Users ({{ users.total }})
+            </a>
+            <a href="{{ url_for('system_admin_users', filter='system_admins') }}" 
+               class="btn btn-filter {% if current_filter == 'system_admins' %}active{% endif %}">
+                System Admins
+            </a>
+            <a href="{{ url_for('system_admin_users', filter='admins') }}" 
+               class="btn btn-filter {% if current_filter == 'admins' %}active{% endif %}">
+                Company Admins
+            </a>
+            <a href="{{ url_for('system_admin_users', filter='blocked') }}" 
+               class="btn btn-filter {% if current_filter == 'blocked' %}active{% endif %}">
+                Blocked Users
+            </a>
+            <a href="{{ url_for('system_admin_users', filter='unverified') }}" 
+               class="btn btn-filter {% if current_filter == 'unverified' %}active{% endif %}">
+                Unverified
+            </a>
+            <a href="{{ url_for('system_admin_users', filter='freelancers') }}" 
+               class="btn btn-filter {% if current_filter == 'freelancers' %}active{% endif %}">
+                Freelancers
+            </a>
+        </div>
+    </div>
+
+    <!-- Users Table -->
+    {% if users.items %}
+    <div class="table-section">
+        <table class="table">
+            <thead>
+                <tr>
+                    <th>Username</th>
+                    <th>Email</th>
+                    <th>Company</th>
+                    <th>Role</th>
+                    <th>Account Type</th>
+                    <th>Status</th>
+                    <th>Created</th>
+                    <th>Actions</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for user_data in users.items %}
+                {% set user = user_data[0] %}
+                {% set company_name = user_data[1] %}
+                <tr class="{% if user.is_blocked %}blocked-user{% endif %}">
+                    <td>
+                        <strong>{{ user.username }}</strong>
+                        {% if user.id == g.user.id %}
+                            <span class="badge badge-self">You</span>
+                        {% endif %}
+                    </td>
+                    <td>{{ user.email }}</td>
+                    <td>
+                        <span class="company-name">{{ company_name }}</span>
+                        {% if user.company and user.company.is_personal %}
+                            <span class="badge badge-personal">Personal</span>
+                        {% endif %}
+                    </td>
+                    <td>
+                        <span class="role-badge role-{{ user.role.name.lower() }}">
+                            {{ user.role.value }}
+                        </span>
+                    </td>
+                    <td>
+                        <span class="badge {% if user.account_type == AccountType.FREELANCER %}badge-freelancer{% else %}badge-company{% endif %}">
+                            {{ user.account_type.value }}
+                        </span>
+                    </td>
+                    <td>
+                        {% if user.is_blocked %}
+                            <span class="status-badge status-blocked">Blocked</span>
+                        {% elif not user.is_verified %}
+                            <span class="status-badge status-unverified">Unverified</span>
+                        {% else %}
+                            <span class="status-badge status-active">Active</span>
+                        {% endif %}
+                    </td>
+                    <td>{{ user.created_at.strftime('%Y-%m-%d') }}</td>
+                    <td>
+                        <div class="action-buttons">
+                            <a href="{{ url_for('system_admin_edit_user', user_id=user.id) }}" 
+                               class="btn btn-sm btn-primary">Edit</a>
+                            
+                            {% if user.id != g.user.id and not (user.role == Role.SYSTEM_ADMIN and user.id == g.user.id) %}
+                            <form method="POST" action="{{ url_for('system_admin_delete_user', user_id=user.id) }}" 
+                                  style="display: inline;" 
+                                  onsubmit="return confirm('Are you sure you want to delete user \'{{ user.username }}\' from company \'{{ company_name }}\'? This action cannot be undone.')">
+                                <button type="submit" class="btn btn-sm btn-danger">Delete</button>
+                            </form>
+                            {% endif %}
+                        </div>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+    </div>
+
+    <!-- Pagination -->
+    {% if users.pages > 1 %}
+    <div class="pagination-section">
+        <div class="pagination">
+            {% if users.has_prev %}
+                <a href="{{ url_for('system_admin_users', page=users.prev_num, filter=current_filter) }}" class="page-link">← Previous</a>
+            {% endif %}
+            
+            {% for page_num in users.iter_pages() %}
+                {% if page_num %}
+                    {% if page_num != users.page %}
+                        <a href="{{ url_for('system_admin_users', page=page_num, filter=current_filter) }}" class="page-link">{{ page_num }}</a>
+                    {% else %}
+                        <span class="page-link current">{{ page_num }}</span>
+                    {% endif %}
+                {% else %}
+                    <span class="page-link">…</span>
+                {% endif %}
+            {% endfor %}
+            
+            {% if users.has_next %}
+                <a href="{{ url_for('system_admin_users', page=users.next_num, filter=current_filter) }}" class="page-link">Next →</a>
+            {% endif %}
+        </div>
+        
+        <p class="pagination-info">
+            Showing {{ users.per_page * (users.page - 1) + 1 }} - 
+            {{ users.per_page * (users.page - 1) + users.items|length }} of {{ users.total }} users
+        </p>
+    </div>
+    {% endif %}
+
+    {% else %}
+    <div class="empty-state">
+        <h3>No users found</h3>
+        <p>No users match the current filter criteria.</p>
+    </div>
+    {% endif %}
+</div>
+
+<style>
+.header-section {
+    margin-bottom: 2rem;
+}
+
+.subtitle {
+    color: #6c757d;
+    margin-bottom: 1rem;
+}
+
+.filter-section {
+    background: #f8f9fa;
+    padding: 1.5rem;
+    border-radius: 8px;
+    margin-bottom: 2rem;
+}
+
+.filter-section h3 {
+    margin-top: 0;
+    margin-bottom: 1rem;
+}
+
+.filter-buttons {
+    display: flex;
+    gap: 0.5rem;
+    flex-wrap: wrap;
+}
+
+.btn-filter {
+    padding: 0.5rem 1rem;
+    border: 1px solid #dee2e6;
+    background: white;
+    color: #495057;
+    text-decoration: none;
+    border-radius: 4px;
+    transition: all 0.2s;
+}
+
+.btn-filter:hover {
+    background: #e9ecef;
+}
+
+.btn-filter.active {
+    background: #007bff;
+    color: white;
+    border-color: #007bff;
+}
+
+.table-section {
+    background: white;
+    border-radius: 8px;
+    overflow: hidden;
+    box-shadow: 0 1px 3px rgba(0,0,0,0.1);
+}
+
+.table {
+    width: 100%;
+    border-collapse: collapse;
+    margin: 0;
+}
+
+.table th,
+.table td {
+    padding: 1rem;
+    text-align: left;
+    border-bottom: 1px solid #dee2e6;
+}
+
+.table th {
+    background: #f8f9fa;
+    font-weight: 600;
+    color: #495057;
+}
+
+.blocked-user {
+    background-color: #f8d7da !important;
+}
+
+.badge {
+    padding: 0.25rem 0.5rem;
+    border-radius: 4px;
+    font-size: 0.75rem;
+    font-weight: 500;
+}
+
+.badge-self {
+    background: #d1ecf1;
+    color: #0c5460;
+}
+
+.badge-personal {
+    background: #fff3cd;
+    color: #856404;
+}
+
+.badge-company {
+    background: #d1ecf1;
+    color: #0c5460;
+}
+
+.badge-freelancer {
+    background: #d4edda;
+    color: #155724;
+}
+
+.role-badge {
+    padding: 0.25rem 0.5rem;
+    border-radius: 4px;
+    font-size: 0.75rem;
+    font-weight: 500;
+}
+
+.role-team_member {
+    background: #e2e3e5;
+    color: #495057;
+}
+
+.role-team_leader {
+    background: #d4edda;
+    color: #155724;
+}
+
+.role-supervisor {
+    background: #d1ecf1;
+    color: #0c5460;
+}
+
+.role-admin {
+    background: #fff3cd;
+    color: #856404;
+}
+
+.role-system_admin {
+    background: #f1c0e8;
+    color: #6a1b99;
+}
+
+.status-badge {
+    padding: 0.25rem 0.5rem;
+    border-radius: 4px;
+    font-size: 0.75rem;
+    font-weight: 500;
+}
+
+.status-active {
+    background: #d4edda;
+    color: #155724;
+}
+
+.status-blocked {
+    background: #f8d7da;
+    color: #721c24;
+}
+
+.status-unverified {
+    background: #fff3cd;
+    color: #856404;
+}
+
+.action-buttons {
+    display: flex;
+    gap: 0.5rem;
+}
+
+.btn {
+    display: inline-block;
+    padding: 0.75rem 1.5rem;
+    border: none;
+    border-radius: 4px;
+    text-decoration: none;
+    font-weight: 500;
+    cursor: pointer;
+    transition: background-color 0.2s;
+}
+
+.btn-primary {
+    background: #007bff;
+    color: white;
+}
+
+.btn-primary:hover {
+    background: #0056b3;
+}
+
+.btn-secondary {
+    background: #6c757d;
+    color: white;
+}
+
+.btn-secondary:hover {
+    background: #545b62;
+}
+
+.btn-danger {
+    background: #dc3545;
+    color: white;
+}
+
+.btn-danger:hover {
+    background: #c82333;
+}
+
+.btn-sm {
+    padding: 0.25rem 0.5rem;
+    font-size: 0.875rem;
+}
+
+.pagination-section {
+    margin-top: 2rem;
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    flex-wrap: wrap;
+    gap: 1rem;
+}
+
+.pagination {
+    display: flex;
+    gap: 0.25rem;
+}
+
+.page-link {
+    padding: 0.5rem 0.75rem;
+    border: 1px solid #dee2e6;
+    color: #007bff;
+    text-decoration: none;
+    border-radius: 4px;
+}
+
+.page-link:hover {
+    background: #e9ecef;
+}
+
+.page-link.current {
+    background: #007bff;
+    color: white;
+    border-color: #007bff;
+}
+
+.pagination-info {
+    color: #6c757d;
+    margin: 0;
+    font-size: 0.9rem;
+}
+
+.empty-state {
+    text-align: center;
+    padding: 3rem;
+    color: #6c757d;
+}
+
+.company-name {
+    font-weight: 500;
+}
+</style>
+{% endblock %}
\ No newline at end of file