nordabiz

maciejpi/nordabiz

Fork 0

Commit Graph

Author	SHA1	Message	Date
Maciej Pienczyn	7f77d7ebcd	feat(security): Restrict audit access to single designated user Some checks are pending NordaBiz Tests / Unit & Integration Tests (push) Waiting to run Details NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions Details NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions Details NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions Details Audits (SEO, IT, GBP, Social Media) are now visible only to the designated audit owner (maciej.pienczyn@inpi.pl). All other users, including admins, see 404 for audit routes and no audit links in navigation. KRS Audit and Digital Maturity remain unchanged. Adds /admin/access-overview panel showing the access matrix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-09 12:31:10 +01:00
Maciej Pienczyn	4181a2e760	refactor: Migrate access control from is_admin to role-based system Replace ~170 manual `if not current_user.is_admin` checks with: - @role_required(SystemRole.ADMIN) for user management, security, ZOPK - @role_required(SystemRole.OFFICE_MANAGER) for content management - current_user.can_access_admin_panel() for admin UI access - current_user.can_moderate_forum() for forum moderation - current_user.can_edit_company(id) for company permissions Add @office_manager_required decorator shortcut. Add SQL migration to sync existing users' role field. Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-01 21:05:22 +01:00
Maciej Pienczyn	8e3346178d	refactor: Move GBP and Social Audit API routes to blueprints - Create blueprints/api/routes_gbp_audit.py (4 routes) - Create blueprints/api/routes_social_audit.py (1 route) - app.py: 6354 → 5860 lines (-494 total this batch) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 17:54:54 +01:00

Author

SHA1

Message

Date

Maciej Pienczyn

7f77d7ebcd

feat(security): Restrict audit access to single designated user

NordaBiz Tests / Unit & Integration Tests (push) Waiting to run

Details

NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions

Details

NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions

Details

NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions

Details

Audits (SEO, IT, GBP, Social Media) are now visible only to the
designated audit owner (maciej.pienczyn@inpi.pl). All other users,
including admins, see 404 for audit routes and no audit links in
navigation. KRS Audit and Digital Maturity remain unchanged.

Adds /admin/access-overview panel showing the access matrix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-09 12:31:10 +01:00

Maciej Pienczyn

4181a2e760

refactor: Migrate access control from is_admin to role-based system

Replace ~170 manual `if not current_user.is_admin` checks with:
- @role_required(SystemRole.ADMIN) for user management, security, ZOPK
- @role_required(SystemRole.OFFICE_MANAGER) for content management
- current_user.can_access_admin_panel() for admin UI access
- current_user.can_moderate_forum() for forum moderation
- current_user.can_edit_company(id) for company permissions

Add @office_manager_required decorator shortcut.
Add SQL migration to sync existing users' role field.

Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-01 21:05:22 +01:00

Maciej Pienczyn

8e3346178d

refactor: Move GBP and Social Audit API routes to blueprints

- Create blueprints/api/routes_gbp_audit.py (4 routes)
- Create blueprints/api/routes_social_audit.py (1 route)
- app.py: 6354 → 5860 lines (-494 total this batch)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 17:54:54 +01:00

3 Commits