maciejpi/nordabiz
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(privacy): Ustawienia prywatności użytkownika

Browse Source 
- Nowe pola: privacy_show_phone, privacy_show_email w tabeli users
- Nowy route /settings/privacy z UI do zarządzania prywatnością
- Link "Ustawienia" w menu użytkownika
- Toggle switches do włączania/wyłączania widoczności danych
- Migracja SQL: 028_add_user_privacy_settings.sql

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Maciej Pienczyn 2026-01-28 20:35:50 +01:00
parent 9f286d1790
commit 66f6c1d60e
5 changed files with 292 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
app.py
View File

@ -4064,6 +4064,37 @@ def settings_2fa():
db.close()
@app.route('/settings/privacy', methods=['GET', 'POST'])
@login_required
def settings_privacy():
"""Privacy settings - control visibility of phone and email"""
db = SessionLocal()
try:
user = db.query(User).get(current_user.id)
if request.method == 'POST':
# Update privacy settings
user.privacy_show_phone = request.form.get('show_phone') == 'on'
user.privacy_show_email = request.form.get('show_email') == 'on'
db.commit()
logger.info(f"Privacy settings updated for user: {user.email}")
flash('Ustawienia prywatności zostały zapisane.', 'success')
return redirect(url_for('settings_privacy'))
return render_template('settings/privacy.html',
user=user,
show_phone=user.privacy_show_phone if user.privacy_show_phone is not None else True,
show_email=user.privacy_show_email if user.privacy_show_email is not None else True)
except Exception as e:
logger.error(f"Privacy settings error: {e}")
flash('Wystąpił błąd.', 'error')
return redirect(url_for('dashboard'))
finally:
db.close()
@app.route('/forgot-password', methods=['GET', 'POST'])
@limiter.limit("5 per hour")
def forgot_password():

4
database.py
View File

@ -215,6 +215,10 @@ class User(Base, UserMixin):
totp_enabled = Column(Boolean, default=False)
totp_backup_codes = Column(StringArray, nullable=True) # Emergency backup codes
# Privacy settings
privacy_show_phone = Column(Boolean, default=True) # If FALSE, phone hidden from other users
privacy_show_email = Column(Boolean, default=True) # If FALSE, email hidden from other users
# Relationships
conversations = relationship('AIChatConversation', back_populates='user', cascade='all, delete-orphan')
forum_topics = relationship('ForumTopic', back_populates='author', cascade='all, delete-orphan', primaryjoin='User.id == ForumTopic.author_id')

14
database/migrations/028_add_user_privacy_settings.sql Normal file
View File

@ -0,0 +1,14 @@
-- Migration: Add privacy settings to users table
-- Date: 2026-01-28
-- Description: Adds fields to control visibility of phone and email in user profile
-- Add privacy columns to users table
ALTER TABLE users ADD COLUMN IF NOT EXISTS privacy_show_phone BOOLEAN DEFAULT TRUE;
ALTER TABLE users ADD COLUMN IF NOT EXISTS privacy_show_email BOOLEAN DEFAULT TRUE;
-- Comment for documentation
COMMENT ON COLUMN users.privacy_show_phone IS 'If FALSE, phone number is hidden from other users';
COMMENT ON COLUMN users.privacy_show_email IS 'If FALSE, email is hidden from other users';
-- Grant permissions
GRANT SELECT, UPDATE ON users TO nordabiz_app;

7
templates/base.html
View File

@ -1042,6 +1042,13 @@
<span class="user-menu-badge" id="userMenuUnreadBadge" style="display: none;">0</span>
</a>
<div class="user-menu-divider"></div>
<a href="{{ url_for('settings_privacy') }}" class="user-menu-item">
<svg width="16" height="16" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.065 2.572c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.572 1.065c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.065-2.572c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z"/>
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"/>
</svg>
Ustawienia
</a>
<a href="{{ url_for('release_notes') }}" class="user-menu-item">
<svg width="16" height="16" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-3 7h3m-3 4h3m-6-4h.01M9 16h.01"/>

236
templates/settings/privacy.html Normal file
View File

@ -0,0 +1,236 @@
{% extends "base.html" %}
{% block title %}Ustawienia prywatności - Norda Biznes Partner{% endblock %}
{% block extra_css %}
<style>
.settings-header {
margin-bottom: var(--spacing-xl);
}
.settings-header h1 {
font-size: var(--font-size-3xl);
color: var(--text-primary);
margin-bottom: var(--spacing-sm);
display: flex;
align-items: center;
gap: var(--spacing-md);
}
.settings-header p {
color: var(--text-secondary);
font-size: var(--font-size-lg);
}
.settings-card {
background: white;
border-radius: var(--radius-lg);
padding: var(--spacing-xl);
border: 1px solid var(--border-color);
box-shadow: var(--shadow);
margin-bottom: var(--spacing-lg);
}
.settings-card h2 {
font-size: var(--font-size-xl);
color: var(--text-primary);
margin-bottom: var(--spacing-md);
padding-bottom: var(--spacing-md);
border-bottom: 1px solid var(--border-color);
}
.setting-item {
display: flex;
justify-content: space-between;
align-items: center;
padding: var(--spacing-md) 0;
border-bottom: 1px solid var(--border-light);
}
.setting-item:last-child {
border-bottom: none;
}
.setting-info {
flex: 1;
}
.setting-label {
font-weight: 600;
color: var(--text-primary);
margin-bottom: var(--spacing-xs);
}
.setting-description {
font-size: var(--font-size-sm);
color: var(--text-secondary);
}
.toggle-switch {
position: relative;
width: 50px;
height: 26px;
flex-shrink: 0;
margin-left: var(--spacing-md);
}
.toggle-switch input {
opacity: 0;
width: 0;
height: 0;
}
.toggle-slider {
position: absolute;
cursor: pointer;
top: 0;
left: 0;
right: 0;
bottom: 0;
background-color: #ccc;
transition: 0.3s;
border-radius: 26px;
}
.toggle-slider:before {
position: absolute;
content: "";
height: 20px;
width: 20px;
left: 3px;
bottom: 3px;
background-color: white;
transition: 0.3s;
border-radius: 50%;
}
input:checked + .toggle-slider {
background-color: var(--success);
}
input:checked + .toggle-slider:before {
transform: translateX(24px);
}
.info-banner {
background: linear-gradient(135deg, #e0f2fe 0%, #bae6fd 100%);
border: 1px solid #7dd3fc;
border-radius: var(--radius-lg);
padding: var(--spacing-lg);
margin-bottom: var(--spacing-xl);
display: flex;
align-items: flex-start;
gap: var(--spacing-md);
}
.info-banner svg {
width: 24px;
height: 24px;
color: #0284c7;
flex-shrink: 0;
}
.info-banner .info-text {
color: #0369a1;
font-size: var(--font-size-sm);
}
.btn-save {
margin-top: var(--spacing-lg);
}
.settings-nav {
display: flex;
gap: var(--spacing-md);
margin-bottom: var(--spacing-xl);
flex-wrap: wrap;
}
.settings-nav a {
padding: var(--spacing-sm) var(--spacing-md);
border-radius: var(--radius-md);
text-decoration: none;
color: var(--text-secondary);
background: var(--bg-secondary);
transition: all 0.2s;
}
.settings-nav a:hover {
background: var(--bg-tertiary);
color: var(--text-primary);
}
.settings-nav a.active {
background: var(--primary);
color: white;
}
</style>
{% endblock %}
{% block content %}
<div class="settings-header">
<h1>
<svg width="32" height="32" fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24" style="color: var(--primary);">
<path d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z"/>
</svg>
Ustawienia prywatności
</h1>
<p>Kontroluj, które Twoje dane kontaktowe są widoczne dla innych użytkowników</p>
</div>
<div class="settings-nav">
<a href="{{ url_for('settings_privacy') }}" class="active">Prywatność</a>
<a href="{{ url_for('settings_2fa') }}">Uwierzytelnianie 2FA</a>
</div>
<div class="info-banner">
<svg fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24">
<path d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z"/>
</svg>
<div class="info-text">
Poniższe ustawienia kontrolują widoczność Twoich danych osobowych w portalu.
Dane Twojej firmy są zarządzane osobno w profilu firmy.
</div>
</div>
<form method="POST" action="{{ url_for('settings_privacy') }}">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="settings-card">
<h2>Widoczność danych kontaktowych</h2>
<div class="setting-item">
<div class="setting-info">
<div class="setting-label">Pokaż numer telefonu</div>
<div class="setting-description">
Twój numer telefonu ({{ user.phone or 'nie podano' }}) będzie widoczny dla innych członków
</div>
</div>
<label class="toggle-switch">
<input type="checkbox" name="show_phone" {% if show_phone %}checked{% endif %}>
<span class="toggle-slider"></span>
</label>
</div>
<div class="setting-item">
<div class="setting-info">
<div class="setting-label">Pokaż adres email</div>
<div class="setting-description">
Twój adres email ({{ user.email }}) będzie widoczny dla innych członków
</div>
</div>
<label class="toggle-switch">
<input type="checkbox" name="show_email" {% if show_email %}checked{% endif %}>
<span class="toggle-slider"></span>
</label>
</div>
</div>
<button type="submit" class="btn btn-primary btn-save">
<svg width="16" height="16" fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24" style="margin-right: 6px;">
<path d="M5 13l4 4L19 7"/>
</svg>
Zapisz ustawienia
</button>
</form>
{% endblock %}