nordabiz

maciejpi/nordabiz

Fork 0

Commit Graph

Author	SHA1	Message	Date
Maciej Pienczyn	4181a2e760	refactor: Migrate access control from is_admin to role-based system Replace ~170 manual `if not current_user.is_admin` checks with: - @role_required(SystemRole.ADMIN) for user management, security, ZOPK - @role_required(SystemRole.OFFICE_MANAGER) for content management - current_user.can_access_admin_panel() for admin UI access - current_user.can_moderate_forum() for forum moderation - current_user.can_edit_company(id) for company permissions Add @office_manager_required decorator shortcut. Add SQL migration to sync existing users' role field. Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-01 21:05:22 +01:00
Maciej Pienczyn	ae70ad326e	feat: Add hierarchical role system with delegated permissions Implements 6-tier role hierarchy: - ADMIN (100): Full system access - OFFICE_MANAGER (50): Admin panel without user management - MANAGER (40): Full company control + user management - EMPLOYEE (30): Edit company data (with delegated permissions) - MEMBER (20): Full content access (forum, contacts, chat) - UNAFFILIATED (10): Public profiles only Features: - SystemRole and CompanyRole enums in database.py - UserCompanyPermissions model for delegation - New decorators: @role_required(), @company_permission() - Auto-detection of MANAGER role from KRS data - Backward compatible with is_admin flag Migration: 035_add_role_system.sql Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-01 06:42:39 +01:00
Maciej Pienczyn	66856a697d	refactor(phase1): Extract blueprints for reports, contacts, classifieds, calendar Phase 1 of app.py refactoring - reducing from ~14,455 to ~13,699 lines. New structure: - blueprints/reports/ - 4 routes (/raporty/) - blueprints/community/contacts/ - 6 routes (/kontakty/) - blueprints/community/classifieds/ - 4 routes (/tablica/) - blueprints/community/calendar/ - 3 routes (/kalendarz/) - utils/ - decorators, helpers, notifications, analytics - extensions.py - Flask extensions (csrf, login_manager, limiter) - config.py - environment configurations Updated templates with blueprint-prefixed url_for() calls. ⚠️ DO NOT DEPLOY before presentation on 2026-01-30 19:00 Tested on DEV: all endpoints working correctly. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-27 10:10:45 +01:00

Author

SHA1

Message

Date

Maciej Pienczyn

4181a2e760

refactor: Migrate access control from is_admin to role-based system

Replace ~170 manual `if not current_user.is_admin` checks with:
- @role_required(SystemRole.ADMIN) for user management, security, ZOPK
- @role_required(SystemRole.OFFICE_MANAGER) for content management
- current_user.can_access_admin_panel() for admin UI access
- current_user.can_moderate_forum() for forum moderation
- current_user.can_edit_company(id) for company permissions

Add @office_manager_required decorator shortcut.
Add SQL migration to sync existing users' role field.

Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-01 21:05:22 +01:00

Maciej Pienczyn

ae70ad326e

feat: Add hierarchical role system with delegated permissions

Implements 6-tier role hierarchy:
- ADMIN (100): Full system access
- OFFICE_MANAGER (50): Admin panel without user management
- MANAGER (40): Full company control + user management
- EMPLOYEE (30): Edit company data (with delegated permissions)
- MEMBER (20): Full content access (forum, contacts, chat)
- UNAFFILIATED (10): Public profiles only

Features:
- SystemRole and CompanyRole enums in database.py
- UserCompanyPermissions model for delegation
- New decorators: @role_required(), @company_permission()
- Auto-detection of MANAGER role from KRS data
- Backward compatible with is_admin flag

Migration: 035_add_role_system.sql

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-01 06:42:39 +01:00

Maciej Pienczyn

66856a697d

refactor(phase1): Extract blueprints for reports, contacts, classifieds, calendar

Phase 1 of app.py refactoring - reducing from ~14,455 to ~13,699 lines.

New structure:
- blueprints/reports/ - 4 routes (/raporty/*)
- blueprints/community/contacts/ - 6 routes (/kontakty/*)
- blueprints/community/classifieds/ - 4 routes (/tablica/*)
- blueprints/community/calendar/ - 3 routes (/kalendarz/*)
- utils/ - decorators, helpers, notifications, analytics
- extensions.py - Flask extensions (csrf, login_manager, limiter)
- config.py - environment configurations

Updated templates with blueprint-prefixed url_for() calls.

⚠️ DO NOT DEPLOY before presentation on 2026-01-30 19:00

Tested on DEV: all endpoints working correctly.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-27 10:10:45 +01:00

3 Commits