user_loader was closing the SQLAlchemy session after loading User,
causing lazy-load of company_associations to fail when dashboard template
calls can_edit_company(). Eagerly load associations in user_loader.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Audits (SEO, IT, GBP, Social Media) are now visible only to the
designated audit owner (maciej.pienczyn@inpi.pl). All other users,
including admins, see 404 for audit routes and no audit links in
navigation. KRS Audit and Digital Maturity remain unchanged.
Adds /admin/access-overview panel showing the access matrix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Switch primary model from flash-lite (2.5) to 3-flash (Gemini 3 Flash Preview)
for better reasoning and thinking mode across all AI features
- Add _is_retryable() method to handle 503 UNAVAILABLE (server overload)
in addition to existing 429 rate limit fallback
- Fallback chain: 3-flash → 2.5-flash-lite → 2.5-flash
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Switch primary model to flash-lite (1000 RPD) with automatic fallback
to 3-flash-preview (20 RPD) and flash (20 RPD) on RESOURCE_EXHAUSTED,
giving 1040 req/day on free tier instead of 20.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- HIGH: Fix SQL injection in ZOPK knowledge service (3 functions) — replace f-strings with parameterized queries
- MEDIUM: Sanitize tsquery/LIKE input in SearchService to prevent injection
- MEDIUM: Add @login_required + @role_required(ADMIN) to /health/full endpoint
- MEDIUM: Add @role_required(ADMIN) to ZOPK knowledge search API
- MEDIUM: Add bleach HTML sanitization on write for announcements, events, board proceedings (stored XSS via |safe)
- MEDIUM: Remove partial API key from Gemini service logs
- MEDIUM: Remove @csrf.exempt from chat endpoints, add X-CSRFToken headers in JS
- MEDIUM: Add missing CSRF tokens to 3 POST forms (data_request, benefits_form, benefits_list)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add @role_required to 2 missing routes (krs_api PDF download, zopk milestones)
- Add role-based menu visibility in admin bar (hide Users, Security, Benefits,
Model Comparison, Debug from OFFICE_MANAGER users)
- Inject SystemRole into Jinja2 context processor for template role checks
- Replace is_admin checkbox with role select dropdown in user creation form
- Migrate routes.py and routes_users_api.py from is_admin to SystemRole-based
role assignment via set_role()
- Add deprecation notice to is_admin database column
- Add 23 RBAC unit tests (hierarchy, has_role, set_role, permissions)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace ~20 remaining is_admin references across backend, templates and scripts
with proper SystemRole checks. Column is_admin stays as deprecated (synced by
set_role()) until DB migration removes it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Both agenda and protocol publish forms were missing CSRF tokens,
causing 'CSRF Token is missing' raw error. Adds hidden csrf_token
inputs and a global CSRFError handler that shows a friendly flash
message instead of raw system error.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds staging-only UI elements: environment banner, TEST badges on nav
items, and floating test panel with feature checklist. Controlled by
STAGING=true env var — zero impact on production.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace ~170 manual `if not current_user.is_admin` checks with:
- @role_required(SystemRole.ADMIN) for user management, security, ZOPK
- @role_required(SystemRole.OFFICE_MANAGER) for content management
- current_user.can_access_admin_panel() for admin UI access
- current_user.can_moderate_forum() for forum moderation
- current_user.can_edit_company(id) for company permissions
Add @office_manager_required decorator shortcut.
Add SQL migration to sync existing users' role field.
Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Removed 33 dead functions that were left behind after migration to blueprints.
These were prefixed with _old_ and no longer referenced.
app.py: 4756 → 1523 lines (-3233, -68%)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/api/routes_seo_audit.py with 3 routes:
- /api/seo/audit (GET)
- /api/seo/audit/<slug> (GET)
- /api/seo/audit (POST - trigger)
- Includes helper functions for building audit responses
- Removed ~420 lines from app.py (6770 -> 6348)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/api/routes_contacts.py with 2 routes:
- /api/contacts/ai-parse (POST)
- /api/contacts/bulk-create (POST)
- Includes AI prompts for contact parsing
- Removed ~300 lines from app.py (7063 -> 6764)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/admin/routes_krs_api.py with 3 routes:
- /admin/krs-api/audit (POST)
- /admin/krs-api/audit/batch (POST)
- /admin/krs-api/pdf/<company_id>
- Updated templates to use new URL paths
- Added endpoint aliases for backward compatibility
- Removed ~420 lines from app.py (8150 -> 7729)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/public/routes_zopk.py with 3 public routes:
- /zopk (zopk_index)
- /zopk/projekty/<slug> (zopk_project_detail)
- /zopk/aktualnosci (zopk_news_list)
- Added endpoint aliases for backward compatibility
- Removed ZOPK public routes from app.py
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Templates use url_for('admin_zopk') but blueprint endpoints are
'admin.admin_zopk'. Added aliases in blueprints/__init__.py.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created routes_model_comparison.py with model comparison functionality
- Updated base.html to use full blueprint name
- Added aliases for backward compatibility
- Commented old routes in app.py with _old_ prefix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added admin_ai_usage and admin_ai_usage_user to routes_analytics.py
- Updated templates to use full blueprint names (admin.admin_ai_usage)
- Added aliases for backward compatibility
- Commented old routes in app.py with _old_ prefix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create new blueprints/admin/routes_analytics.py (~350 lines)
- Move admin_analytics and admin_analytics_export routes
- Update templates to use full blueprint names
- Add endpoint aliases for backward compatibility
Phase 6.2b - Analytics dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add api_ai_learning_status and api_chat_stats to routes_insights.py
- Update chat_analytics template to use new API path
- Add endpoint aliases for backward compatibility
Phase 6.2b - AI API routes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create new blueprints/admin/routes_insights.py
- Move 5 insights routes (dashboard + API endpoints)
- Update template to use new /admin/insights-api/* paths
- Add endpoint aliases for backward compatibility
Phase 6.2b - Insights routes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create new blueprints/admin/routes_announcements.py
- Move 6 announcements routes to blueprint
- Update templates to use full blueprint names
- Add endpoint aliases for backward compatibility
Phase 6.2d - Announcements routes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move IT audit dashboard route to blueprints/admin/routes_audits.py
- Add ITAudit, ITCollaborationMatch imports
- Update base.html template to use full blueprint name
- Add endpoint alias for backward compatibility
Phase 6.2f continued
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move routes from app.py to blueprints/admin/routes_audits.py
- Add endpoint aliases for backward compatibility
- Update base.html template to use full blueprint names
- Comment old routes in app.py with _old_ prefix
Phase 6.2f of blueprint migration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Przeniesiono 2 trasy do blueprints/admin/routes_social.py:
- admin_social_media (analytics dashboard)
- admin_social_audit (audit dashboard)
Zaktualizowano szablony:
- base.html, dashboard.html, social_audit_dashboard.html
Dodano aliasy dla kompatybilności wstecznej.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Przeniesiono 9 tras do blueprints/admin/routes_status.py:
- admin_status, api_admin_status
- admin_health, api_admin_health
- debug_panel
- api_get_logs, api_logs_stream, api_clear_logs, api_test_log
Zaktualizowano szablony na pełne nazwy blueprintów:
- base.html: admin.admin_status, admin.admin_health
- health_dashboard.html: admin.admin_status
Dodano aliasy dla kompatybilności wstecznej.
Stare trasy w app.py oznaczone jako _old_* (do usunięcia po weryfikacji).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created blueprints/admin/routes_audits.py (2 routes)
- admin_seo, admin_gbp_audit moved from app.py
- Aliases created for backward compatibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New user account management section with:
- /konto - Edit personal data (name, phone)
- /konto/prywatnosc - Privacy settings
- /konto/bezpieczenstwo - Security settings (2FA, password)
- /konto/blokady - User blocks management
Features:
- Consistent sidebar navigation across all pages
- Responsive layout (mobile-friendly)
- Polish UI with clear section names
Replaces scattered /settings/* routes with unified /konto/* structure.
Menu link updated from "Ustawienia" to "Moje konto".
Fixes user feedback issue #6: "Brak edycji profilu"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When user resets password, they've proven inbox access by clicking
the reset link. This change auto-verifies their email address,
eliminating the need to separately verify email after reset.
Fixes user feedback issue #2: "Reset hasła nie weryfikuje emaila"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
