From 419392b167a11a9800d737e7665fdb1ba1c88011 Mon Sep 17 00:00:00 2001
From: Maciej Pienczyn <maciej.pienczyn@inpi.pl>
Date: Thu, 19 Mar 2026 17:24:36 +0100
Subject: [PATCH] fix(audit): allow company MANAGER to view own audit
 dashboards

Previously only SUPERADMIN could access audit pages (SEO, GBP,
Social Media, IT). Now MANAGER+ of a company can view audits for
their own company. Route-level can_edit_company() check still
restricts to own company only.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 utils/decorators.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/utils/decorators.py b/utils/decorators.py
index 4344516..a3ba489 100644
--- a/utils/decorators.py
+++ b/utils/decorators.py
@@ -19,11 +19,16 @@ from flask import abort, flash, redirect, url_for, request
 from flask_login import current_user
 
 def is_audit_owner():
-    """True for SUPERADMIN users — full access to audits and technical panels."""
+    """True for SUPERADMIN or company MANAGER+ — can view audits.
+    SUPERADMIN sees all audits. MANAGER sees only own company (enforced in routes via can_edit_company).
+    """
     if not current_user.is_authenticated:
         return False
     from database import SystemRole
-    return current_user.has_role(SystemRole.SUPERADMIN)
+    if current_user.has_role(SystemRole.SUPERADMIN):
+        return True
+    # MANAGER of any company can access audit dashboards (route-level check restricts to own company)
+    return current_user.can_edit_company()
 
 # Import role enums (lazy import to avoid circular dependencies)
 def _get_system_role():