- Add helpers/company_context.py with get_active_company_id() fallback logic
- Add inject_company_context() context processor to app.py (user_companies, active_company, has_multiple_companies)
- Add /api/switch-company/<id> POST endpoint in public blueprint
- Set session['active_company_id'] on login (both standard and 2FA paths)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents confusing "link invalid" error when verification link is
clicked twice (or prefetched by email clients like Outlook). The token
now expires naturally instead of being cleared on first use.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- /profil/<user_id>: simple profile for users without person_id,
redirects to /osoba/ if person_id exists
- event.html: all attendees are now clickable links (green)
- Auto-link User→Person by name match on every login (no manual scripts)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- POST /konto/avatar: upload, center-crop to square, resize 300x300
- POST /konto/avatar/delete: remove file and clear DB
- dane.html: interactive avatar editor with hover overlay
- person_detail.html: show photo if available, fallback to initials
- Migration 070: avatar_path column on users table
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sends email to admin when a user with last_login=NULL successfully
sets their password via reset link (first-time activation).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New column: users.notify_email_messages (default true)
- Send email via MS Graph when someone receives a private message
- Toggle in /konto/prywatnosc to enable/disable email notifications
- Email includes message preview, sender name, and direct link
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OAuth integrations page was hardcoded to maciej.pienczyn@inpi.pl.
Now accessible to any user with MANAGER role or higher.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Registration now assigns company_role=NONE instead of VIEWER - users
with a company NIP must be approved by admin/office manager before
getting any company dashboard access. Admin panel shows yellow alert
banner and "Oczekujący" filter tab when users are pending approval.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New accounts should have minimal permissions (VIEWER = view company
dashboard only). Admins, office managers, or company managers promote
users to higher roles manually.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Users could register with just a first name, causing incomplete data
in participant lists. Added backend validation (min 2 words) and
HTML pattern attribute. Also fixed Polish characters in flash message.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously only validated format (10 digits). Now also validates
the NIP checksum (weights 6,5,7,2,3,4,5,6,7, mod 11) to catch
typos like the one that left a user unlinked from their company.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Hide Integracje link in user menu for non-owner users
- Add server-side access check on /konto/integracje route
- Add owner-only visual indicator on the link
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Company users should connect their own Google/Meta accounts, not admins.
- Add /konto/integracje route for company users (auth blueprint)
- OAuth callbacks now redirect to /konto/integracje
- Template breadcrumb adapts to user vs admin view
- Admin route /admin/companies/<id>/settings kept for admin access
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add /auth/check-verification-status API endpoint
- Add JS polling every 3s on registration success page
- When email is verified elsewhere, redirect to dashboard automatically
- No need for user to manually navigate back
This improves UX by detecting verification in the original tab
Registration flow improvements:
- New dedicated success page (/registration-success) with clear instructions
- Shows email address where verification link was sent
- Step-by-step guide what to do next
- Link validity reminder (24 hours)
- Easy access to resend verification
Verification flow improvements:
- Auto-login after email verification (no need to enter password)
- Redirect to dashboard instead of login page
- If already verified, auto-login and redirect to dashboard
- Audit logging for verification and auto-login events
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Log successful logins (password and 2FA) to audit_logs
- Log failed login attempts to audit_logs
- Log logout events to audit_logs
- Enables tracking of login activity in admin status dashboard
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
