The onboarding widget added in b76d275 uses current_app.root_path but
current_app was not imported from flask. This caused NameError for all
logged-in users visiting /dashboard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Visual timeline showing company profile completion status:
- 6 steps computed from existing DB data (no new tables)
- Color-coded badges: member/office/auto responsibility
- Collapsible with localStorage persistence
- Green "complete" state when all steps done
- Action links for incomplete member-owned steps
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously only validated format (10 digits). Now also validates
the NIP checksum (weights 6,5,7,2,3,4,5,6,7, mod 11) to catch
typos like the one that left a user unlinked from their company.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Child companies (with parent_company_id) now show parent's NIP and can
fetch data from KRS/CEIDG using inherited NIP. Fixes Alter Energy showing
no NIP despite sharing one with Fiume Studio.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Display up to 3 next events with RSVP status instead of just one
- Add import script for WhatsApp Norda group data (Feb 2026):
events, company updates, Alter Energy, Croatia announcement
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Employees clicking "Edytuj profil" now see a modal with their company's
management team contacts instead of being sent to an edit form they can't use.
Managers and admins continue to access the edit form directly. Direct URL
access to /firma/edytuj is also guarded with redirect + flash message.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New analyze_roadmap_with_ai() function sends existing milestones and recent
knowledge facts to Gemini for comprehensive analysis. Returns new milestone
suggestions, status update recommendations, and identified roadmap gaps.
Adds PATCH endpoint for milestone status updates and tabbed UI modal.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Role field stores uppercase 'ADMIN' (from SystemRole enum). Use
is_admin boolean property which is synced by set_role() for reliable checks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
4 new features visible only to admin (role=='admin'):
- Homepage: "Czy wiesz, że?" widget with 3 random high-confidence facts
- /zopk: Knowledge stats, top entities, key numeric facts, fact type distribution
- /zopk: Dated facts timeline (CSS-only vertical timeline)
- /zopk: D3.js entity co-occurrence graph with slider control
No migrations needed - read-only SELECT queries only.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Long-running Gemini extractions (30-120s per article) caused SSE
connection timeout. Now runs extraction in a thread and sends
heartbeat updates every 10s to keep the connection alive.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Admin was confused by red "Błędy: 2" when scraping/extraction had
expected issues (403, content too short). Changes:
- All scraper/extractor messages translated to Polish
- HTTP 403/404/429 get specific descriptive messages
- Expected failures shown as yellow "Pominięte" instead of red "Błędy"
- "No chunks created" → "Treść za krótka do ekstrakcji"
- Summary label "Błędy" → "Pominięte"
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The scrape stream used 'type' field and lacked 'percent', 'message',
'details' - format incompatible with the shared SSE modal handler.
Aligned to match knowledge stream format: status/percent/message/details.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The SSE scrape stream was filtering on ZOPKNews.content_scraped which
doesn't exist in the model. The correct field is scrape_status with
values 'pending', 'failed', 'scraped', 'skipped'.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Flask-Login's current_user proxy loses context inside generator
functions. Same fix as applied to search stream endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Brave free tier was returning 429 for ~50% of queries due to back-to-back
requests. Added 1.1s delay between queries and retry with exponential
backoff (1.5s, 3s). Heartbeat endpoint exempted from Flask-Limiter and
interval increased from 30s to 60s to reduce log noise.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create separate SessionLocal() in run_search() thread instead of sharing
main thread's session (SQLAlchemy sessions are not thread-safe). Increase
connection pool_size to 10 with pool_pre_ping for gthread worker support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Flask-Login's current_user proxy loses context inside generator
functions, causing 'NoneType' has no attribute 'id' error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace simulated progress animation with Server-Sent Events streaming
that shows actual backend progress in real-time during ZOPK news search.
Prevents timeout errors by keeping the connection alive with heartbeat
events. Old POST endpoint preserved as automatic fallback.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After refactoring to blueprints, templates still used bare endpoint names
(e.g., url_for('admin_zopk')) instead of prefixed names (e.g.,
url_for('admin.admin_zopk')). While most worked via backward-compat aliases,
api_zopk_search_news was missing from the alias list causing 500 on /admin/zopk.
Fixed 19 template files and added missing alias for api_zopk_search_news.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Hide Integracje link in user menu for non-owner users
- Add server-side access check on /konto/integracje route
- Add owner-only visual indicator on the link
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Admin can now set passwords directly via modal with generator (crypto.getRandomValues),
replacing the confirm-dialog flow with a tabbed modal (set password / reset link).
Custom CSS tooltips replace native title="" for instant hover display.
New "Ostatnie logowanie" column shows last_login timestamps.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive rewrite of access control dashboard: role hierarchy table,
full function-by-role access matrix (7 columns incl. unauthenticated users),
Rada Izby members section, and all active accounts with Excel-like
collapsible grouping by role. Expand/collapse all controls included.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Audits (SEO, IT, GBP, Social Media) are now visible only to the
designated audit owner (maciej.pienczyn@inpi.pl). All other users,
including admins, see 404 for audit routes and no audit links in
navigation. KRS Audit and Digital Maturity remain unchanged.
Adds /admin/access-overview panel showing the access matrix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add GBP Performance API integration for visibility metrics (Maps/Search
impressions, call/website clicks, direction requests, search keywords).
Extend Search Console with URL Inspection, Sitemaps, device/country/type
breakdowns, and period-over-period trend comparison. Change OAuth scope
from webmasters.readonly to webmasters for URL Inspection support.
Migration 064 adds 24 new columns to company_website_analysis.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SEO dashboard: show step-by-step guide when GSC connected but site
not found in Search Console (instead of generic "connect" CTA)
- Integrations page: add info note about GSC site verification
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The SEO audit from admin panel uses seo_audit.py (SEOAuditor), not
audit_ai_service.py. Added GSC OAuth enrichment step after audit save.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add GSC columns to DB, persist OAuth data during audits, and render
clicks/impressions/CTR/position with top queries table on the dashboard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Company users should connect their own Google/Meta accounts, not admins.
- Add /konto/integracje route for company users (auth blueprint)
- OAuth callbacks now redirect to /konto/integracje
- Template breadcrumb adapts to user vs admin view
- Admin route /admin/companies/<id>/settings kept for admin access
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Company settings page with 4 OAuth cards (GBP, Search Console, Facebook, Instagram)
- 3 API service clients: GBP Management, Search Console, Facebook Graph
- OAuth enrichment in GBP audit (owner responses, posts), social media (FB/IG Graph API),
and SEO prompt (Search Console data)
- Fix OAuth callback redirects to point to company settings page
- All integrations have graceful fallback when no OAuth credentials configured
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 4 quick-win features to GBP dashboard:
- "Poproś o opinię" button with writeAReviewUri from Places API
- "Pokaż trasę" button with directionsUri
- Open/Closed badge showing business status at audit time
- NAP comparison table (Name, Address, Phone) vs Google data
New DB columns: google_maps_links (JSONB), google_open_now (BOOLEAN)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GBP: Places API data section, audit errors banner, special hours display
Social: Platform comparison table, refresh timestamp, 5-level activity status
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Google replaced First Input Delay (FID) with Interaction to Next Paint
(INP) as a Core Web Vital in March 2024. This renames the DB column
from first_input_delay_ms to interaction_to_next_paint_ms, updates the
PageSpeed client to prefer the INP audit key, and fixes all references
across routes, services, scripts, and report generators. Updated INP
thresholds: good ≤200ms, needs improvement ≤500ms.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Route passes 16 new fields from DB (technical SEO, meta tags, structured
data, performance) plus CrUX/security/image metrics. Template shows new
sections: Meta Tags & Content, CrUX Field Data, Security Headers (score
X/4), Image Optimization (% modern formats), and 9 new Technical SEO
checklist items. Migration 059 adds 16 columns for persisting live data.
AI service now saves CrUX/security/image data to DB during analysis.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Template was updated to use inp_ms (INP replaced FID in March 2024) but
the route dict still passed the old fid_ms key, causing UndefinedError.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New files:
- oauth_service.py: Shared OAuth 2.0 service supporting Google and Meta
providers with token exchange, refresh, and storage
- database/migrations/058_oauth_tokens.sql: oauth_tokens table with
company/provider/service unique constraint
- blueprints/api/routes_oauth.py: OAuth API endpoints for connect,
callback, status, and disconnect flows
Supports:
- Google OAuth (GBP Business Profile, Search Console)
- Meta OAuth (Facebook Pages, Instagram)
- CSRF state validation, token refresh, expiry tracking
- Per-company token storage with active/inactive status
Requires .env config:
- GOOGLE_OAUTH_CLIENT_ID, GOOGLE_OAUTH_CLIENT_SECRET (Google APIs)
- META_APP_ID, META_APP_SECRET (Facebook/Instagram)
- OAUTH_REDIRECT_BASE_URL (default: https://nordabiznes.pl)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The API route was explicitly mapping fields and omitting the 'previous'
key from the service result.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add "Users" button and modal in companies table to view/assign/unassign users
- New endpoint POST /admin/companies/<id>/unassign-user to detach user from company
- New endpoint GET /admin/users/list-all for user dropdown in assignment modal
- Modal shows assigned users with "Unpin" button and dropdown for adding new ones
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move percentage text from inside bars to separate column (always visible)
- Add cost (USD) column to "Wykorzystanie wg typu" section
- Add tokens+cost to type query in backend
- Fix same issues in company detail template
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add user/company/model/custom date range filters to AI usage dashboard
- Add model breakdown section showing per-model usage and costs
- Add company detail page (/admin/ai-usage/company/<id>) with per-user stats
- Add CSV export endpoint respecting all active filters
- Remove unused model-comparison page from navigation and imports
- Remove 20-item limit on user/company rankings (show all)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Users can now choose between Flash Lite (fastest, 1000 RPD), Flash
(thinking mode, 20 RPD) and Pro (premium). Default changed to Flash Lite.
Badge shows actual model used for full transparency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Gemini AI integration to SEO, GBP, and Social Media audits that
generates contextual analysis summaries and prioritized action items
with ready-to-use content (Schema.org, meta descriptions, social posts,
GBP descriptions, review responses, content calendars).
New files:
- audit_ai_service.py: Central AI service with caching (7-day TTL)
- blueprints/api/routes_audit_actions.py: 4 API endpoints
- database/migrations/056_audit_actions.sql: 3 new tables
- templates/partials/audit_ai_actions.html: Reusable UI component
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- google_places_service.py: Google Places API integration
- competitor_monitoring_service.py: Competitor tracking service
- scripts/competitor_monitor_cron.py, scripts/generate_audit_report.py
- blueprints/admin/routes_competitors.py, templates/admin/competitor_dashboard.html
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The admin social audit dashboard (/admin/social-audit) now shows:
- Yellow stat card with count of profiles needing verification
- Dedicated 'Profile do recznej weryfikacji' section listing all items
- Warning icon in recommendations column for verification-needed profiles
- Route now fetches profiles with check_status='needs_verification' alongside valid ones
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds user_companies table with BEFORE/AFTER triggers to sync primary
company to users.company_id. Dashboard shows all user's companies with
edit buttons. Company edit routes accept optional company_id parameter.
Admin API endpoints for managing user-company associations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify all 18 historical release notes for non-technical readers.
Replace jargon with clear Polish descriptions explaining changes
from the user's perspective. Merge duplicate entries describing
the same feature (PWA 3→1, email polling 2→1, blocking 2→1).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify release notes for non-technical readers. Remove jargon
(RBAC, regex, CSRF, SQL injection), use clear Polish descriptions
that explain what changed from the user's perspective.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The class is named AuditResult in gbp_audit_service.py but was imported
as GBPAuditResult. Using alias to maintain compatibility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The import was looking for 'seo_audit_service' module which no longer
exists. The SEOAuditor class lives in scripts/seo_audit.py. Fixed to
use sys.path like routes_social_audit.py does.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shows per-company recommendations: missing platforms, Facebook numeric
ID warning, etc. Color-coded by severity in a new "Zalecenia" column.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds "Pobierz dane urzędowe" button on company detail page (admin-only)
that fetches data from KRS, Biała Lista VAT, or CEIDG registries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Allow company owners/employees to edit marketing fields (descriptions,
services, contacts, social media) directly without admin intervention.
Legal fields (NIP, KRS, name) remain admin-only. Per-tab permission
checks with delegated permissions support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace static stats (recommendations=0, forum=total) with live data
(unread notifications, upcoming events). Add 5 content widgets:
events with RSVP badges, announcements, forum topics, B2B classifieds,
and new member companies. 2-column responsive grid layout.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- HIGH: Fix SQL injection in ZOPK knowledge service (3 functions) — replace f-strings with parameterized queries
- MEDIUM: Sanitize tsquery/LIKE input in SearchService to prevent injection
- MEDIUM: Add @login_required + @role_required(ADMIN) to /health/full endpoint
- MEDIUM: Add @role_required(ADMIN) to ZOPK knowledge search API
- MEDIUM: Add bleach HTML sanitization on write for announcements, events, board proceedings (stored XSS via |safe)
- MEDIUM: Remove partial API key from Gemini service logs
- MEDIUM: Remove @csrf.exempt from chat endpoints, add X-CSRFToken headers in JS
- MEDIUM: Add missing CSRF tokens to 3 POST forms (data_request, benefits_form, benefits_list)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Email notifications sent to topic subscribers when new reply posted
- Auto-subscribe users when they reply to a topic
- Custom CSS tooltip on "seen by" avatars (replaces native title)
- GET /forum/<id>/unsubscribe endpoint for email unsubscribe links
- Clean up ROADMAP.md (remove unimplemented priorities, add RBAC/Slack)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add @role_required to 2 missing routes (krs_api PDF download, zopk milestones)
- Add role-based menu visibility in admin bar (hide Users, Security, Benefits,
Model Comparison, Debug from OFFICE_MANAGER users)
- Inject SystemRole into Jinja2 context processor for template role checks
- Replace is_admin checkbox with role select dropdown in user creation form
- Migrate routes.py and routes_users_api.py from is_admin to SystemRole-based
role assignment via set_role()
- Add deprecation notice to is_admin database column
- Add 23 RBAC unit tests (hierarchy, has_role, set_role, permissions)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace ~20 remaining is_admin references across backend, templates and scripts
with proper SystemRole checks. Column is_admin stays as deprecated (synced by
set_role()) until DB migration removes it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Workflow: Active → Archive → Permanent Delete (hard delete from DB).
Only ADMIN role can permanently delete, and only archived companies.
FK cleanup across 35+ tables before deletion.
Also adds 4 missing items to v1.25.0 release notes:
- Strefa RADA simplified (removed documents section)
- Korzyści commission column visibility
- Company hard-delete feature
- User delete FK cascade fix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Expunge user from ORM session and use raw SQL DELETE to prevent
SQLAlchemy from trying to SET NULL on backref relationships.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Clean up FK references with NO ACTION before user deletion:
- SET NULL for nullable FK columns (30+ tables)
- DELETE records for NOT NULL FK columns without CASCADE
Prevents IntegrityError on user_notifications and other tables.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
WeasyPrint raises OSError (not ImportError) when pango/cairo system
libraries are not installed. Catch both to allow graceful fallback.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace redundant documents tab with PDF generation from meeting data
using weasyprint. Meetings become the main /rada/ view with board
members section. Remove upload/view/download document routes and
templates.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changes:
- Add staff users dropdown for secretary selection (Magdalena Klóska)
- Implement 3-status attendance (present/absent/unknown) with colors
- Add automatic quorum calculation with visual indicator
- Add print buttons for agenda and protocol (opens formatted print view)
- Add quick edit action button in meetings list
- Fix Polish diacritics across all board templates
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add BoardMeeting model with JSON fields for flexible data storage
- Add migration 049_board_meetings.sql
- Add routes for creating, editing, viewing meetings
- Add publish workflows for agenda and protocol
- Add templates: meetings_list, meeting_form (with tabs), meeting_view
- Support for: agenda items, attendance tracking, proceedings
- Pre-filled defaults for chairperson, secretary, location
- Quorum calculation (9/16 for majority)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Converts DOCX/DOC to PDF using soffice --headless
- Caches converted PDFs alongside originals
- Falls back to mammoth HTML if LibreOffice fails
- Preserves full document formatting and graphics
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /rada/<id>/view endpoint for document preview
- PDF files displayed inline in browser
- DOCX files converted to HTML using mammoth library
- Add board members section showing all is_rada_member users
- Add "Podgląd" button next to "Pobierz" in document list
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add @rada_member_required decorator for access control
- Add BoardDocument model for storing protocols and documents
- Create document upload service (PDF, DOCX, DOC up to 50MB)
- Add /rada/ blueprint with list, upload, download endpoints
- Add "Rada" link in navigation (visible only for board members)
- Add "Rada" badge and toggle button in admin user management
- Create SQL migration to set up board_documents table and assign
is_rada_member=True to 16 board members by email
Storage: /data/board-docs/ (outside webroot for security)
Access: is_rada_member=True OR role >= OFFICE_MANAGER
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Check for pending membership application on homepage
- Show blue "Deklaracja w toku" banner with status info
- Different messages for: draft, submitted, under_review, pending_user_approval, changes_requested
- Link to membership status page instead of application form
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Notify ADMIN and OFFICE_MANAGER users when new membership application is submitted
- Include applicant name, company name, and link to application detail
- Use notification_type='alert' for visibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Block company detail access for non-members (redirect to membership form)
- Show membership CTA header instead of catalog header for non-members
- Add info banner explaining access restriction
- Non-members can still see company list on homepage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Filter next_event by user's view permissions
- Check user_can_attend before showing "Zapisz się" button
- Show "🔒 Rada Izby" badge for restricted events
- Add "Złóż deklarację" banner for non-NORDA members on homepage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add access_level field to norda_events (public, members_only, rada_only)
- Add is_rada_member field to users table
- Add can_user_view() and can_user_attend() methods to NordaEvent model
- Update calendar routes to filter events by user permissions
- Add access_level dropdown to admin event form
- Rada Izby events only visible to designated board members
- Regular member meetings visible to all NORDA members
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Benefit and BenefitClick models for tracking affiliate offers
- Create /korzysci blueprint with admin-only access (test mode)
- Add admin panel at /admin/benefits for managing offers
- Include WisprFlow as first benefit with branded link ref.wisprflow.ai/norda
- Add QR code support for printed materials
- Track clicks with user attribution and analytics
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /auth/check-verification-status API endpoint
- Add JS polling every 3s on registration success page
- When email is verified elsewhere, redirect to dashboard automatically
- No need for user to manually navigate back
This improves UX by detecting verification in the original tab
Registration flow improvements:
- New dedicated success page (/registration-success) with clear instructions
- Shows email address where verification link was sent
- Step-by-step guide what to do next
- Link validity reminder (24 hours)
- Easy access to resend verification
Verification flow improvements:
- Auto-login after email verification (no need to enter password)
- Redirect to dashboard instead of login page
- If already verified, auto-login and redirect to dashboard
- Audit logging for verification and auto-login events
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Best practices additions:
- .pre-commit-config.yaml with ruff, bandit, and quick tests
- pyproject.toml with modern Python tooling config
- CI/CD badge in README.md
- Release notes v1.24.0 documenting testing infrastructure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added comprehensive changelog including:
- Membership application system with registry lookup
- KRS/CEIDG integration and data display
- Website content updater
- Company profile cleanup
- All bug fixes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Summary of changes:
- Migration from is_admin to 6-tier role hierarchy
- NordaGPT, Messages, B2B, Contacts restricted to MEMBER role
- New decorators: @office_manager_required, @member_required
- Promotional landing page for non-members on /chat
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Modules now requiring MEMBER role or higher:
- NordaGPT (/chat) - with dedicated landing page for non-members
- Wiadomości (/wiadomosci) - private messaging
- Tablica B2B (/tablica) - business classifieds
- Kontakty (/kontakty) - member contact information
Non-members see a promotional page explaining the benefits
of NordaGPT membership instead of being simply redirected.
This provides clear value proposition for NORDA membership
while protecting member-exclusive features.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace ~170 manual `if not current_user.is_admin` checks with:
- @role_required(SystemRole.ADMIN) for user management, security, ZOPK
- @role_required(SystemRole.OFFICE_MANAGER) for content management
- current_user.can_access_admin_panel() for admin UI access
- current_user.can_moderate_forum() for forum moderation
- current_user.can_edit_company(id) for company permissions
Add @office_manager_required decorator shortcut.
Add SQL migration to sync existing users' role field.
Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add _enrich_company_from_krs() helper function
- Import board members (zarząd) to CompanyPerson table
- Import PKD codes to CompanyPKD table
- Set data_source='KRS API' for proper template rendering
- Show status message to admin about KRS data fetch
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Build address_full from components
- Auto-detect legal_form from company name
- Format address with title case
- Remove dashes from NIP
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change address_postal_code to address_postal (correct Company field name)
- Combine address_street + address_number into address_street (Company has no address_number field)
- Fix template reference to company.address_postal
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SQLAlchemy doesn't detect in-place changes to JSONB columns.
Using flag_modified() and creating new list ensures changes are saved.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create notification for all admins when user accepts proposed changes
- Create notification for all admins when user rejects proposed changes
- Clear proposed_changes fields after user decision
- Include rejection reason in admin notification
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace all alert() calls with showNotification() for consistent UX
- Add UserNotification creation when admin proposes changes
- User sees notification in bell icon with link to review changes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When admin proposes changes from KRS/CEIDG registry, the application
now goes to 'pending_user_approval' status. User must review and
accept/reject proposed changes before final approval.
Changes:
- New status: pending_user_approval
- New fields: proposed_changes, proposed_changes_at, proposed_changes_by_id
- Admin endpoint: POST /admin/membership/<id>/propose-changes
- User endpoints: GET/POST /membership/review-changes/<id>/accept|reject
- New template: templates/membership/review_changes.html
- Migration: 043_membership_proposed_changes.sql
Workflow: submitted → under_review → pending_user_approval → under_review → approved
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use official Ministry of Finance API (wl-api.mf.gov.pl) to get KRS from NIP
- Add KRS field to membership application form
- Workflow: NIP → Biała Lista → KRS Open API → full company data
- Fallback to CEIDG for JDG (sole proprietorship)
- Remove rejestr.io dependency - only official government APIs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement full online membership application workflow:
- 3-step wizard form with KRS/CEIDG auto-fill
- Admin panel for application review (approve/reject/request changes)
- Company data update requests for existing members
- Dashboard CTA for users without company
- API endpoints for NIP lookup and draft management
New files:
- database/migrations/042_membership_applications.sql
- blueprints/membership/ (routes, templates)
- blueprints/admin/routes_membership.py
- blueprints/api/routes_membership.py
- templates/membership/ and templates/admin/membership*.html
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove confusing "Zweryfikowano 2x | Jakość: 100%" badge
- Create AiEnrichmentProposal model for pending AI suggestions
- Modify AI enrichment to create proposals instead of direct saves
- Add approve/reject API endpoints for proposals
- Update frontend to show approval buttons after AI analysis
- Proposals expire after 30 days if not reviewed
The workflow now requires owner/admin approval before AI-generated
data is applied to company profiles. This prevents unwanted data
from being automatically added.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add role dropdown column in users table
- Add /admin/users-api/change-role endpoint
- Sync is_admin flag when role changes
- Auto-create UserCompanyPermissions for EMPLOYEE
- Prevent self-demotion from admin
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- B2B classifieds interactions (interest, Q&A, context messages)
- Forum and B2B read tracking with seen-by avatars
- Admin modules for Companies and People management
- Status dashboard with SSL, deploy, security metrics
- Audit logging for login/logout events
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ClassifiedInterest model for tracking user interest in listings
- Add ClassifiedQuestion model for public Q&A on listings
- Add context_type/context_id to PrivateMessage for B2B linking
- Add interest toggle button and interests list modal
- Add Q&A section with ask/answer/hide functionality
- Update messages to show B2B context badge
- Create migration 034_classified_interactions.sql
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ForumTopicRead, ForumReplyRead, ClassifiedRead models
- Add SQL migration for new tables
- Record reads when user views forum topic (topic + all visible replies)
- Record reads when user views B2B classified
- Display "Seen by" avatars in forum topic and B2B detail pages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Log successful logins (password and 2FA) to audit_logs
- Log failed login attempts to audit_logs
- Log logout events to audit_logs
- Enables tracking of login activity in admin status dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Prevents "transaction is aborted" cascade errors when
pg_stat_statements extension is not installed or other
SQL queries fail.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New admin features:
- Analytics dashboard with stats, charts (Chart.js), user rankings
- CSV export of forum activity with date range
- Topic category move functionality
- Merge multiple topics into one
- Admin search across all posts (including deleted)
- User activity log with stats
New endpoints:
- GET /admin/forum/analytics
- GET /admin/forum/export-activity
- POST /admin/forum/topic/<id>/move
- POST /admin/forum/merge-topics
- GET /admin/forum/search
- GET /admin/forum/user/<id>/activity
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/api/routes_seo_audit.py with 3 routes:
- /api/seo/audit (GET)
- /api/seo/audit/<slug> (GET)
- /api/seo/audit (POST - trigger)
- Includes helper functions for building audit responses
- Removed ~420 lines from app.py (6770 -> 6348)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/api/routes_contacts.py with 2 routes:
- /api/contacts/ai-parse (POST)
- /api/contacts/bulk-create (POST)
- Includes AI prompts for contact parsing
- Removed ~300 lines from app.py (7063 -> 6764)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/admin/routes_krs_api.py with 3 routes:
- /admin/krs-api/audit (POST)
- /admin/krs-api/audit/batch (POST)
- /admin/krs-api/pdf/<company_id>
- Updated templates to use new URL paths
- Added endpoint aliases for backward compatibility
- Removed ~420 lines from app.py (8150 -> 7729)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/public/routes_zopk.py with 3 public routes:
- /zopk (zopk_index)
- /zopk/projekty/<slug> (zopk_project_detail)
- /zopk/aktualnosci (zopk_news_list)
- Added endpoint aliases for backward compatibility
- Removed ZOPK public routes from app.py
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Templates use url_for('admin_zopk') but blueprint endpoints are
'admin.admin_zopk'. Added aliases in blueprints/__init__.py.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created routes_model_comparison.py with model comparison functionality
- Updated base.html to use full blueprint name
- Added aliases for backward compatibility
- Commented old routes in app.py with _old_ prefix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added admin_ai_usage and admin_ai_usage_user to routes_analytics.py
- Updated templates to use full blueprint names (admin.admin_ai_usage)
- Added aliases for backward compatibility
- Commented old routes in app.py with _old_ prefix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create new blueprints/admin/routes_analytics.py (~350 lines)
- Move admin_analytics and admin_analytics_export routes
- Update templates to use full blueprint names
- Add endpoint aliases for backward compatibility
Phase 6.2b - Analytics dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add api_ai_learning_status and api_chat_stats to routes_insights.py
- Update chat_analytics template to use new API path
- Add endpoint aliases for backward compatibility
Phase 6.2b - AI API routes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create new blueprints/admin/routes_insights.py
- Move 5 insights routes (dashboard + API endpoints)
- Update template to use new /admin/insights-api/* paths
- Add endpoint aliases for backward compatibility
Phase 6.2b - Insights routes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create new blueprints/admin/routes_announcements.py
- Move 6 announcements routes to blueprint
- Update templates to use full blueprint names
- Add endpoint aliases for backward compatibility
Phase 6.2d - Announcements routes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move IT audit dashboard route to blueprints/admin/routes_audits.py
- Add ITAudit, ITCollaborationMatch imports
- Update base.html template to use full blueprint name
- Add endpoint alias for backward compatibility
Phase 6.2f continued
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move routes from app.py to blueprints/admin/routes_audits.py
- Add endpoint aliases for backward compatibility
- Update base.html template to use full blueprint names
- Comment old routes in app.py with _old_ prefix
Phase 6.2f of blueprint migration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Przeniesiono 2 trasy do blueprints/admin/routes_social.py:
- admin_social_media (analytics dashboard)
- admin_social_audit (audit dashboard)
Zaktualizowano szablony:
- base.html, dashboard.html, social_audit_dashboard.html
Dodano aliasy dla kompatybilności wstecznej.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Przeniesiono 9 tras do blueprints/admin/routes_status.py:
- admin_status, api_admin_status
- admin_health, api_admin_health
- debug_panel
- api_get_logs, api_logs_stream, api_clear_logs, api_test_log
Zaktualizowano szablony na pełne nazwy blueprintów:
- base.html: admin.admin_status, admin.admin_health
- health_dashboard.html: admin.admin_status
Dodano aliasy dla kompatybilności wstecznej.
Stare trasy w app.py oznaczone jako _old_* (do usunięcia po weryfikacji).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dodano aliasy w blueprints/__init__.py dla admin_seo i admin_gbp_audit
- Poprawiono url_for('chat_analytics') na url_for('chat.chat_analytics')
(trasa już jest w blueprincie chat)
Minimalne, bezpieczne zmiany zgodne z metodologią.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/admin/routes_audits.py (2 routes)
- admin_seo, admin_gbp_audit moved from app.py
- Aliases created for backward compatibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Dodano 2 filmy: zajawka 30s i tutorial 2min
- Modal z odtwarzaczem wideo (klik na kartę)
- Badge "Nowe" dla dostępnych materiałów
- Podgląd pierwszej klatki wideo
- Obsługa klawisza Escape do zamknięcia
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Nowy blueprint /edukacja z materiałami szkoleniowymi
- Link "Edukacja" w menu (tylko dla zalogowanych)
- Strona placeholder z listą przyszłych materiałów
- Dostęp wymaga logowania (@login_required)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
