maciejpi/nordabiz
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: Use SessionLocal instead of db_session in board routes
Some checks are pending
NordaBiz Tests / Unit & Integration Tests (push) Waiting to run
Details
NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions
Details
NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions
Details
NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions
Details

Browse Source 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Maciej Pienczyn 2026-02-03 18:43:20 +01:00
parent 650c0d5760
commit 86d10c8d70
1 changed files with 86 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
blueprints/board/routes.py
View File

@ -15,13 +15,13 @@ import os
from datetime import datetime
from flask import (
render_template, request, redirect, url_for, flash,
send_file, abort, current_app
send_file, current_app
)
from flask_login import login_required, current_user
from sqlalchemy import desc
from sqlalchemy import desc, extract
from . import bp
from database import db_session, BoardDocument, SystemRole
from database import SessionLocal, BoardDocument, SystemRole
from utils.decorators import rada_member_required, office_manager_required
from services.document_upload_service import DocumentUploadService
@ -36,46 +36,43 @@ def index():
month = request.args.get('month', type=int)
doc_type = request.args.get('type', '')
# Build query
query = db_session.query(BoardDocument).filter(BoardDocument.is_active == True)
db = SessionLocal()
try:
# Build query
query = db.query(BoardDocument).filter(BoardDocument.is_active == True)
if year:
from sqlalchemy import extract
query = query.filter(extract('year', BoardDocument.meeting_date) == year)
if month:
from sqlalchemy import extract
query = query.filter(extract('month', BoardDocument.meeting_date) == month)
if doc_type and doc_type in BoardDocument.DOCUMENT_TYPES:
query = query.filter(BoardDocument.document_type == doc_type)
if year:
query = query.filter(extract('year', BoardDocument.meeting_date) == year)
if month:
query = query.filter(extract('month', BoardDocument.meeting_date) == month)
if doc_type and doc_type in BoardDocument.DOCUMENT_TYPES:
query = query.filter(BoardDocument.document_type == doc_type)
# Order by meeting date descending
documents = query.order_by(desc(BoardDocument.meeting_date)).all()
# Order by meeting date descending
documents = query.order_by(desc(BoardDocument.meeting_date)).all()
# Get available years for filter
years_query = db_session.query(
db_session.query(BoardDocument.meeting_date).distinct()
).filter(BoardDocument.is_active == True).all()
# Get available years for filter
all_docs = db.query(BoardDocument).filter(BoardDocument.is_active == True).all()
available_years = sorted(set(
doc.meeting_date.year for doc in all_docs if doc.meeting_date
), reverse=True)
available_years = sorted(set(
doc.meeting_date.year for doc in
db_session.query(BoardDocument).filter(BoardDocument.is_active == True).all()
if doc.meeting_date
), reverse=True)
# Check if user can upload (office_manager or admin)
can_upload = current_user.has_role(SystemRole.OFFICE_MANAGER)
# Check if user can upload (office_manager or admin)
can_upload = current_user.has_role(SystemRole.OFFICE_MANAGER)
return render_template(
'board/index.html',
documents=documents,
available_years=available_years,
document_types=BoardDocument.DOCUMENT_TYPES,
type_labels=BoardDocument.DOCUMENT_TYPE_LABELS,
current_year=year,
current_month=month,
current_type=doc_type,
can_upload=can_upload
)
return render_template(
'board/index.html',
documents=documents,
available_years=available_years,
document_types=BoardDocument.DOCUMENT_TYPES,
type_labels=BoardDocument.DOCUMENT_TYPE_LABELS,
current_year=year,
current_month=month,
current_type=doc_type,
can_upload=can_upload
)
finally:
db.close()
@bp.route('/upload', methods=['GET', 'POST'])
@ -163,19 +160,22 @@ def upload():
uploaded_by=current_user.id
)
db = SessionLocal()
try:
db_session.add(document)
db_session.commit()
db.add(document)
db.commit()
flash(f'Dokument "{title}" został dodany.', 'success')
current_app.logger.info(f"Board document uploaded: {title} by user {current_user.id}")
return redirect(url_for('board.index'))
except Exception as e:
db_session.rollback()
db.rollback()
# Clean up uploaded file
DocumentUploadService.delete_file(stored_filename)
current_app.logger.error(f"Failed to create board document record: {e}")
flash('Błąd podczas tworzenia rekordu. Spróbuj ponownie.', 'error')
return redirect(url_for('board.upload'))
finally:
db.close()
# GET request - show upload form
return render_template(
@ -191,38 +191,42 @@ def upload():
@rada_member_required
def download(doc_id):
"""Download board document (secure, authenticated)"""
document = db_session.query(BoardDocument).filter(
BoardDocument.id == doc_id,
BoardDocument.is_active == True
).first()
db = SessionLocal()
try:
document = db.query(BoardDocument).filter(
BoardDocument.id == doc_id,
BoardDocument.is_active == True
).first()
if not document:
flash('Dokument nie został znaleziony.', 'error')
return redirect(url_for('board.index'))
if not document:
flash('Dokument nie został znaleziony.', 'error')
return redirect(url_for('board.index'))
# Get file path
file_path = DocumentUploadService.get_file_path(
document.stored_filename,
document.uploaded_at
)
# Get file path
file_path = DocumentUploadService.get_file_path(
document.stored_filename,
document.uploaded_at
)
if not os.path.exists(file_path):
current_app.logger.error(f"Board document file not found: {file_path}")
flash('Plik dokumentu nie został znaleziony.', 'error')
return redirect(url_for('board.index'))
if not os.path.exists(file_path):
current_app.logger.error(f"Board document file not found: {file_path}")
flash('Plik dokumentu nie został znaleziony.', 'error')
return redirect(url_for('board.index'))
# Log download
current_app.logger.info(
f"Board document downloaded: {document.title} (ID: {doc_id}) by user {current_user.id}"
)
# Log download
current_app.logger.info(
f"Board document downloaded: {document.title} (ID: {doc_id}) by user {current_user.id}"
)
# Send file with original filename
return send_file(
file_path,
as_attachment=True,
download_name=document.original_filename,
mimetype=document.mime_type
)
# Send file with original filename
return send_file(
file_path,
as_attachment=True,
download_name=document.original_filename,
mimetype=document.mime_type
)
finally:
db.close()
@bp.route('/<int:doc_id>/delete', methods=['POST'])
@ -230,29 +234,32 @@ def download(doc_id):
@office_manager_required
def delete(doc_id):
"""Soft delete board document"""
document = db_session.query(BoardDocument).filter(
BoardDocument.id == doc_id,
BoardDocument.is_active == True
).first()
if not document:
flash('Dokument nie został znaleziony.', 'error')
return redirect(url_for('board.index'))
db = SessionLocal()
try:
document = db.query(BoardDocument).filter(
BoardDocument.id == doc_id,
BoardDocument.is_active == True
).first()
if not document:
flash('Dokument nie został znaleziony.', 'error')
return redirect(url_for('board.index'))
# Soft delete
document.is_active = False
document.updated_at = datetime.now()
document.updated_by = current_user.id
db_session.commit()
db.commit()
flash(f'Dokument "{document.title}" został usunięty.', 'success')
current_app.logger.info(
f"Board document deleted: {document.title} (ID: {doc_id}) by user {current_user.id}"
)
except Exception as e:
db_session.rollback()
db.rollback()
current_app.logger.error(f"Failed to delete board document: {e}")
flash('Błąd podczas usuwania dokumentu.', 'error')
finally:
db.close()
return redirect(url_for('board.index'))