Adds user_companies table with BEFORE/AFTER triggers to sync primary
company to users.company_id. Dashboard shows all user's companies with
edit buttons. Company edit routes accept optional company_id parameter.
Admin API endpoints for managing user-company associations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify all 18 historical release notes for non-technical readers.
Replace jargon with clear Polish descriptions explaining changes
from the user's perspective. Merge duplicate entries describing
the same feature (PWA 3→1, email polling 2→1, blocking 2→1).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify release notes for non-technical readers. Remove jargon
(RBAC, regex, CSRF, SQL injection), use clear Polish descriptions
that explain what changed from the user's perspective.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The class is named AuditResult in gbp_audit_service.py but was imported
as GBPAuditResult. Using alias to maintain compatibility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The import was looking for 'seo_audit_service' module which no longer
exists. The SEOAuditor class lives in scripts/seo_audit.py. Fixed to
use sys.path like routes_social_audit.py does.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shows per-company recommendations: missing platforms, Facebook numeric
ID warning, etc. Color-coded by severity in a new "Zalecenia" column.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds "Pobierz dane urzędowe" button on company detail page (admin-only)
that fetches data from KRS, Biała Lista VAT, or CEIDG registries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Allow company owners/employees to edit marketing fields (descriptions,
services, contacts, social media) directly without admin intervention.
Legal fields (NIP, KRS, name) remain admin-only. Per-tab permission
checks with delegated permissions support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace static stats (recommendations=0, forum=total) with live data
(unread notifications, upcoming events). Add 5 content widgets:
events with RSVP badges, announcements, forum topics, B2B classifieds,
and new member companies. 2-column responsive grid layout.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- HIGH: Fix SQL injection in ZOPK knowledge service (3 functions) — replace f-strings with parameterized queries
- MEDIUM: Sanitize tsquery/LIKE input in SearchService to prevent injection
- MEDIUM: Add @login_required + @role_required(ADMIN) to /health/full endpoint
- MEDIUM: Add @role_required(ADMIN) to ZOPK knowledge search API
- MEDIUM: Add bleach HTML sanitization on write for announcements, events, board proceedings (stored XSS via |safe)
- MEDIUM: Remove partial API key from Gemini service logs
- MEDIUM: Remove @csrf.exempt from chat endpoints, add X-CSRFToken headers in JS
- MEDIUM: Add missing CSRF tokens to 3 POST forms (data_request, benefits_form, benefits_list)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Email notifications sent to topic subscribers when new reply posted
- Auto-subscribe users when they reply to a topic
- Custom CSS tooltip on "seen by" avatars (replaces native title)
- GET /forum/<id>/unsubscribe endpoint for email unsubscribe links
- Clean up ROADMAP.md (remove unimplemented priorities, add RBAC/Slack)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add @role_required to 2 missing routes (krs_api PDF download, zopk milestones)
- Add role-based menu visibility in admin bar (hide Users, Security, Benefits,
Model Comparison, Debug from OFFICE_MANAGER users)
- Inject SystemRole into Jinja2 context processor for template role checks
- Replace is_admin checkbox with role select dropdown in user creation form
- Migrate routes.py and routes_users_api.py from is_admin to SystemRole-based
role assignment via set_role()
- Add deprecation notice to is_admin database column
- Add 23 RBAC unit tests (hierarchy, has_role, set_role, permissions)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace ~20 remaining is_admin references across backend, templates and scripts
with proper SystemRole checks. Column is_admin stays as deprecated (synced by
set_role()) until DB migration removes it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Workflow: Active → Archive → Permanent Delete (hard delete from DB).
Only ADMIN role can permanently delete, and only archived companies.
FK cleanup across 35+ tables before deletion.
Also adds 4 missing items to v1.25.0 release notes:
- Strefa RADA simplified (removed documents section)
- Korzyści commission column visibility
- Company hard-delete feature
- User delete FK cascade fix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Expunge user from ORM session and use raw SQL DELETE to prevent
SQLAlchemy from trying to SET NULL on backref relationships.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Clean up FK references with NO ACTION before user deletion:
- SET NULL for nullable FK columns (30+ tables)
- DELETE records for NOT NULL FK columns without CASCADE
Prevents IntegrityError on user_notifications and other tables.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
WeasyPrint raises OSError (not ImportError) when pango/cairo system
libraries are not installed. Catch both to allow graceful fallback.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace redundant documents tab with PDF generation from meeting data
using weasyprint. Meetings become the main /rada/ view with board
members section. Remove upload/view/download document routes and
templates.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changes:
- Add staff users dropdown for secretary selection (Magdalena Klóska)
- Implement 3-status attendance (present/absent/unknown) with colors
- Add automatic quorum calculation with visual indicator
- Add print buttons for agenda and protocol (opens formatted print view)
- Add quick edit action button in meetings list
- Fix Polish diacritics across all board templates
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add BoardMeeting model with JSON fields for flexible data storage
- Add migration 049_board_meetings.sql
- Add routes for creating, editing, viewing meetings
- Add publish workflows for agenda and protocol
- Add templates: meetings_list, meeting_form (with tabs), meeting_view
- Support for: agenda items, attendance tracking, proceedings
- Pre-filled defaults for chairperson, secretary, location
- Quorum calculation (9/16 for majority)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Converts DOCX/DOC to PDF using soffice --headless
- Caches converted PDFs alongside originals
- Falls back to mammoth HTML if LibreOffice fails
- Preserves full document formatting and graphics
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /rada/<id>/view endpoint for document preview
- PDF files displayed inline in browser
- DOCX files converted to HTML using mammoth library
- Add board members section showing all is_rada_member users
- Add "Podgląd" button next to "Pobierz" in document list
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add @rada_member_required decorator for access control
- Add BoardDocument model for storing protocols and documents
- Create document upload service (PDF, DOCX, DOC up to 50MB)
- Add /rada/ blueprint with list, upload, download endpoints
- Add "Rada" link in navigation (visible only for board members)
- Add "Rada" badge and toggle button in admin user management
- Create SQL migration to set up board_documents table and assign
is_rada_member=True to 16 board members by email
Storage: /data/board-docs/ (outside webroot for security)
Access: is_rada_member=True OR role >= OFFICE_MANAGER
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Check for pending membership application on homepage
- Show blue "Deklaracja w toku" banner with status info
- Different messages for: draft, submitted, under_review, pending_user_approval, changes_requested
- Link to membership status page instead of application form
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Notify ADMIN and OFFICE_MANAGER users when new membership application is submitted
- Include applicant name, company name, and link to application detail
- Use notification_type='alert' for visibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Block company detail access for non-members (redirect to membership form)
- Show membership CTA header instead of catalog header for non-members
- Add info banner explaining access restriction
- Non-members can still see company list on homepage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Filter next_event by user's view permissions
- Check user_can_attend before showing "Zapisz się" button
- Show "🔒 Rada Izby" badge for restricted events
- Add "Złóż deklarację" banner for non-NORDA members on homepage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add access_level field to norda_events (public, members_only, rada_only)
- Add is_rada_member field to users table
- Add can_user_view() and can_user_attend() methods to NordaEvent model
- Update calendar routes to filter events by user permissions
- Add access_level dropdown to admin event form
- Rada Izby events only visible to designated board members
- Regular member meetings visible to all NORDA members
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Benefit and BenefitClick models for tracking affiliate offers
- Create /korzysci blueprint with admin-only access (test mode)
- Add admin panel at /admin/benefits for managing offers
- Include WisprFlow as first benefit with branded link ref.wisprflow.ai/norda
- Add QR code support for printed materials
- Track clicks with user attribution and analytics
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /auth/check-verification-status API endpoint
- Add JS polling every 3s on registration success page
- When email is verified elsewhere, redirect to dashboard automatically
- No need for user to manually navigate back
This improves UX by detecting verification in the original tab
Registration flow improvements:
- New dedicated success page (/registration-success) with clear instructions
- Shows email address where verification link was sent
- Step-by-step guide what to do next
- Link validity reminder (24 hours)
- Easy access to resend verification
Verification flow improvements:
- Auto-login after email verification (no need to enter password)
- Redirect to dashboard instead of login page
- If already verified, auto-login and redirect to dashboard
- Audit logging for verification and auto-login events
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Best practices additions:
- .pre-commit-config.yaml with ruff, bandit, and quick tests
- pyproject.toml with modern Python tooling config
- CI/CD badge in README.md
- Release notes v1.24.0 documenting testing infrastructure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added comprehensive changelog including:
- Membership application system with registry lookup
- KRS/CEIDG integration and data display
- Website content updater
- Company profile cleanup
- All bug fixes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Summary of changes:
- Migration from is_admin to 6-tier role hierarchy
- NordaGPT, Messages, B2B, Contacts restricted to MEMBER role
- New decorators: @office_manager_required, @member_required
- Promotional landing page for non-members on /chat
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Modules now requiring MEMBER role or higher:
- NordaGPT (/chat) - with dedicated landing page for non-members
- Wiadomości (/wiadomosci) - private messaging
- Tablica B2B (/tablica) - business classifieds
- Kontakty (/kontakty) - member contact information
Non-members see a promotional page explaining the benefits
of NordaGPT membership instead of being simply redirected.
This provides clear value proposition for NORDA membership
while protecting member-exclusive features.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace ~170 manual `if not current_user.is_admin` checks with:
- @role_required(SystemRole.ADMIN) for user management, security, ZOPK
- @role_required(SystemRole.OFFICE_MANAGER) for content management
- current_user.can_access_admin_panel() for admin UI access
- current_user.can_moderate_forum() for forum moderation
- current_user.can_edit_company(id) for company permissions
Add @office_manager_required decorator shortcut.
Add SQL migration to sync existing users' role field.
Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add _enrich_company_from_krs() helper function
- Import board members (zarząd) to CompanyPerson table
- Import PKD codes to CompanyPKD table
- Set data_source='KRS API' for proper template rendering
- Show status message to admin about KRS data fetch
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Build address_full from components
- Auto-detect legal_form from company name
- Format address with title case
- Remove dashes from NIP
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change address_postal_code to address_postal (correct Company field name)
- Combine address_street + address_number into address_street (Company has no address_number field)
- Fix template reference to company.address_postal
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SQLAlchemy doesn't detect in-place changes to JSONB columns.
Using flag_modified() and creating new list ensures changes are saved.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create notification for all admins when user accepts proposed changes
- Create notification for all admins when user rejects proposed changes
- Clear proposed_changes fields after user decision
- Include rejection reason in admin notification
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace all alert() calls with showNotification() for consistent UX
- Add UserNotification creation when admin proposes changes
- User sees notification in bell icon with link to review changes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When admin proposes changes from KRS/CEIDG registry, the application
now goes to 'pending_user_approval' status. User must review and
accept/reject proposed changes before final approval.
Changes:
- New status: pending_user_approval
- New fields: proposed_changes, proposed_changes_at, proposed_changes_by_id
- Admin endpoint: POST /admin/membership/<id>/propose-changes
- User endpoints: GET/POST /membership/review-changes/<id>/accept|reject
- New template: templates/membership/review_changes.html
- Migration: 043_membership_proposed_changes.sql
Workflow: submitted → under_review → pending_user_approval → under_review → approved
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use official Ministry of Finance API (wl-api.mf.gov.pl) to get KRS from NIP
- Add KRS field to membership application form
- Workflow: NIP → Biała Lista → KRS Open API → full company data
- Fallback to CEIDG for JDG (sole proprietorship)
- Remove rejestr.io dependency - only official government APIs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement full online membership application workflow:
- 3-step wizard form with KRS/CEIDG auto-fill
- Admin panel for application review (approve/reject/request changes)
- Company data update requests for existing members
- Dashboard CTA for users without company
- API endpoints for NIP lookup and draft management
New files:
- database/migrations/042_membership_applications.sql
- blueprints/membership/ (routes, templates)
- blueprints/admin/routes_membership.py
- blueprints/api/routes_membership.py
- templates/membership/ and templates/admin/membership*.html
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove confusing "Zweryfikowano 2x | Jakość: 100%" badge
- Create AiEnrichmentProposal model for pending AI suggestions
- Modify AI enrichment to create proposals instead of direct saves
- Add approve/reject API endpoints for proposals
- Update frontend to show approval buttons after AI analysis
- Proposals expire after 30 days if not reviewed
The workflow now requires owner/admin approval before AI-generated
data is applied to company profiles. This prevents unwanted data
from being automatically added.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add role dropdown column in users table
- Add /admin/users-api/change-role endpoint
- Sync is_admin flag when role changes
- Auto-create UserCompanyPermissions for EMPLOYEE
- Prevent self-demotion from admin
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- B2B classifieds interactions (interest, Q&A, context messages)
- Forum and B2B read tracking with seen-by avatars
- Admin modules for Companies and People management
- Status dashboard with SSL, deploy, security metrics
- Audit logging for login/logout events
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ClassifiedInterest model for tracking user interest in listings
- Add ClassifiedQuestion model for public Q&A on listings
- Add context_type/context_id to PrivateMessage for B2B linking
- Add interest toggle button and interests list modal
- Add Q&A section with ask/answer/hide functionality
- Update messages to show B2B context badge
- Create migration 034_classified_interactions.sql
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ForumTopicRead, ForumReplyRead, ClassifiedRead models
- Add SQL migration for new tables
- Record reads when user views forum topic (topic + all visible replies)
- Record reads when user views B2B classified
- Display "Seen by" avatars in forum topic and B2B detail pages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Log successful logins (password and 2FA) to audit_logs
- Log failed login attempts to audit_logs
- Log logout events to audit_logs
- Enables tracking of login activity in admin status dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Prevents "transaction is aborted" cascade errors when
pg_stat_statements extension is not installed or other
SQL queries fail.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New admin features:
- Analytics dashboard with stats, charts (Chart.js), user rankings
- CSV export of forum activity with date range
- Topic category move functionality
- Merge multiple topics into one
- Admin search across all posts (including deleted)
- User activity log with stats
New endpoints:
- GET /admin/forum/analytics
- GET /admin/forum/export-activity
- POST /admin/forum/topic/<id>/move
- POST /admin/forum/merge-topics
- GET /admin/forum/search
- GET /admin/forum/user/<id>/activity
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/api/routes_seo_audit.py with 3 routes:
- /api/seo/audit (GET)
- /api/seo/audit/<slug> (GET)
- /api/seo/audit (POST - trigger)
- Includes helper functions for building audit responses
- Removed ~420 lines from app.py (6770 -> 6348)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/api/routes_contacts.py with 2 routes:
- /api/contacts/ai-parse (POST)
- /api/contacts/bulk-create (POST)
- Includes AI prompts for contact parsing
- Removed ~300 lines from app.py (7063 -> 6764)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/admin/routes_krs_api.py with 3 routes:
- /admin/krs-api/audit (POST)
- /admin/krs-api/audit/batch (POST)
- /admin/krs-api/pdf/<company_id>
- Updated templates to use new URL paths
- Added endpoint aliases for backward compatibility
- Removed ~420 lines from app.py (8150 -> 7729)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/public/routes_zopk.py with 3 public routes:
- /zopk (zopk_index)
- /zopk/projekty/<slug> (zopk_project_detail)
- /zopk/aktualnosci (zopk_news_list)
- Added endpoint aliases for backward compatibility
- Removed ZOPK public routes from app.py
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Templates use url_for('admin_zopk') but blueprint endpoints are
'admin.admin_zopk'. Added aliases in blueprints/__init__.py.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created routes_model_comparison.py with model comparison functionality
- Updated base.html to use full blueprint name
- Added aliases for backward compatibility
- Commented old routes in app.py with _old_ prefix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added admin_ai_usage and admin_ai_usage_user to routes_analytics.py
- Updated templates to use full blueprint names (admin.admin_ai_usage)
- Added aliases for backward compatibility
- Commented old routes in app.py with _old_ prefix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create new blueprints/admin/routes_analytics.py (~350 lines)
- Move admin_analytics and admin_analytics_export routes
- Update templates to use full blueprint names
- Add endpoint aliases for backward compatibility
Phase 6.2b - Analytics dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add api_ai_learning_status and api_chat_stats to routes_insights.py
- Update chat_analytics template to use new API path
- Add endpoint aliases for backward compatibility
Phase 6.2b - AI API routes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create new blueprints/admin/routes_insights.py
- Move 5 insights routes (dashboard + API endpoints)
- Update template to use new /admin/insights-api/* paths
- Add endpoint aliases for backward compatibility
Phase 6.2b - Insights routes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create new blueprints/admin/routes_announcements.py
- Move 6 announcements routes to blueprint
- Update templates to use full blueprint names
- Add endpoint aliases for backward compatibility
Phase 6.2d - Announcements routes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move IT audit dashboard route to blueprints/admin/routes_audits.py
- Add ITAudit, ITCollaborationMatch imports
- Update base.html template to use full blueprint name
- Add endpoint alias for backward compatibility
Phase 6.2f continued
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move routes from app.py to blueprints/admin/routes_audits.py
- Add endpoint aliases for backward compatibility
- Update base.html template to use full blueprint names
- Comment old routes in app.py with _old_ prefix
Phase 6.2f of blueprint migration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Przeniesiono 2 trasy do blueprints/admin/routes_social.py:
- admin_social_media (analytics dashboard)
- admin_social_audit (audit dashboard)
Zaktualizowano szablony:
- base.html, dashboard.html, social_audit_dashboard.html
Dodano aliasy dla kompatybilności wstecznej.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Przeniesiono 9 tras do blueprints/admin/routes_status.py:
- admin_status, api_admin_status
- admin_health, api_admin_health
- debug_panel
- api_get_logs, api_logs_stream, api_clear_logs, api_test_log
Zaktualizowano szablony na pełne nazwy blueprintów:
- base.html: admin.admin_status, admin.admin_health
- health_dashboard.html: admin.admin_status
Dodano aliasy dla kompatybilności wstecznej.
Stare trasy w app.py oznaczone jako _old_* (do usunięcia po weryfikacji).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dodano aliasy w blueprints/__init__.py dla admin_seo i admin_gbp_audit
- Poprawiono url_for('chat_analytics') na url_for('chat.chat_analytics')
(trasa już jest w blueprincie chat)
Minimalne, bezpieczne zmiany zgodne z metodologią.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/admin/routes_audits.py (2 routes)
- admin_seo, admin_gbp_audit moved from app.py
- Aliases created for backward compatibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dodano 2 filmy: zajawka 30s i tutorial 2min
- Modal z odtwarzaczem wideo (klik na kartę)
- Badge "Nowe" dla dostępnych materiałów
- Podgląd pierwszej klatki wideo
- Obsługa klawisza Escape do zamknięcia
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Nowy blueprint /edukacja z materiałami szkoleniowymi
- Link "Edukacja" w menu (tylko dla zalogowanych)
- Strona placeholder z listą przyszłych materiałów
- Dostęp wymaga logowania (@login_required)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
