auto-claude: subtask-3-3 - Add GBP audit route accessible to logged-in users

Add user-facing GBP audit dashboard route at /audit/gbp/<company_slug>: - Requires login (@login_required) - Admin users can view audit for any company - Regular users can only view audit for their own company - Passes can_audit flag to template for run audit button visibility - Gracefully handles missing audit data (template shows "no audit" state) - Logs audit dashboard views for monitoring Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 19:17:32 +01:00 · 2026-01-08 19:17:32 +01:00 · 8fa23bc77e
commit 8fa23bc77e
parent 0bb6b718f5
1 changed files with 68 additions and 0 deletions
--- a/app.py
+++ b/app.py
@ -3961,6 +3961,74 @@ def api_gbp_audit_trigger():
        db.close()


+# ============================================================
+# GBP AUDIT USER-FACING DASHBOARD
+# ============================================================
+
+@app.route('/audit/gbp/<slug>')
+@login_required
+def gbp_audit_dashboard(slug):
+    """
+    User-facing GBP audit dashboard for a specific company.
+
+    Displays Google Business Profile completeness audit results with:
+    - Overall completeness score (0-100)
+    - Field-by-field status breakdown
+    - AI-generated improvement recommendations
+    - Historical audit data
+
+    Access control:
+    - Admin users can view audit for any company
+    - Regular users can only view audit for their own company
+
+    Args:
+        slug: Company slug identifier
+
+    Returns:
+        Rendered gbp_audit.html template with company and audit data
+    """
+    if not GBP_AUDIT_AVAILABLE:
+        flash('Usługa audytu Google Business Profile jest tymczasowo niedostępna.', 'error')
+        return redirect(url_for('dashboard'))
+
+    db = SessionLocal()
+    try:
+        # Find company by slug
+        company = db.query(Company).filter_by(slug=slug, status='active').first()
+
+        if not company:
+            flash('Firma nie została znaleziona.', 'error')
+            return redirect(url_for('dashboard'))
+
+        # Access control: admin can view any company, member only their own
+        if not current_user.is_admin:
+            if current_user.company_id != company.id:
+                flash('Brak uprawnień. Możesz przeglądać audyt tylko własnej firmy.', 'error')
+                return redirect(url_for('dashboard'))
+
+        # Get latest audit for this company
+        audit = gbp_get_company_audit(db, company.id)
+
+        # If no audit exists, we still render the page (template handles this)
+        # The user can trigger an audit from the dashboard
+
+        # Determine if user can run audit (admin or company owner)
+        can_audit = current_user.is_admin or current_user.company_id == company.id
+
+        logger.info(f"GBP audit dashboard viewed by {current_user.email} for company: {company.name}")
+
+        return render_template('gbp_audit.html',
+            company=company,
+            audit=audit,
+            can_audit=can_audit,
+            gbp_audit_available=GBP_AUDIT_AVAILABLE,
+            gbp_audit_version=GBP_AUDIT_VERSION
+        )
+
+    finally:
+        db.close()
+
+
@app.route('/api/check-email', methods=['POST'])
 def api_check_email():
    """API: Check if email is available"""