nordabiz

maciejpi/nordabiz

Fork 0

Commit Graph

Author	SHA1	Message	Date
Maciej Pienczyn	7f77d7ebcd	feat(security): Restrict audit access to single designated user Some checks are pending NordaBiz Tests / Unit & Integration Tests (push) Waiting to run Details NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions Details NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions Details NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions Details Audits (SEO, IT, GBP, Social Media) are now visible only to the designated audit owner (maciej.pienczyn@inpi.pl). All other users, including admins, see 404 for audit routes and no audit links in navigation. KRS Audit and Digital Maturity remain unchanged. Adds /admin/access-overview panel showing the access matrix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-09 12:31:10 +01:00
Maciej Pienczyn	4181a2e760	refactor: Migrate access control from is_admin to role-based system Replace ~170 manual `if not current_user.is_admin` checks with: - @role_required(SystemRole.ADMIN) for user management, security, ZOPK - @role_required(SystemRole.OFFICE_MANAGER) for content management - current_user.can_access_admin_panel() for admin UI access - current_user.can_moderate_forum() for forum moderation - current_user.can_edit_company(id) for company permissions Add @office_manager_required decorator shortcut. Add SQL migration to sync existing users' role field. Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-01 21:05:22 +01:00
Maciej Pienczyn	236e929d10	refactor: Migrate IT Audit routes to it_audit blueprint - Created blueprints/it_audit/ with 5 routes: - /it-audit/form (it_audit_form) - /it-audit/save (it_audit_save) - /api/it-audit/matches/<company_id> - /api/it-audit/history/<company_id> - /api/it-audit/export - Added endpoint aliases for backward compatibility - Removed ~600 lines from app.py (8750 -> 8150) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 17:25:28 +01:00

Author

SHA1

Message

Date

Maciej Pienczyn

7f77d7ebcd

feat(security): Restrict audit access to single designated user

NordaBiz Tests / Unit & Integration Tests (push) Waiting to run

Details

NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions

Details

NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions

Details

NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions

Details

Audits (SEO, IT, GBP, Social Media) are now visible only to the
designated audit owner (maciej.pienczyn@inpi.pl). All other users,
including admins, see 404 for audit routes and no audit links in
navigation. KRS Audit and Digital Maturity remain unchanged.

Adds /admin/access-overview panel showing the access matrix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-09 12:31:10 +01:00

Maciej Pienczyn

4181a2e760

refactor: Migrate access control from is_admin to role-based system

Replace ~170 manual `if not current_user.is_admin` checks with:
- @role_required(SystemRole.ADMIN) for user management, security, ZOPK
- @role_required(SystemRole.OFFICE_MANAGER) for content management
- current_user.can_access_admin_panel() for admin UI access
- current_user.can_moderate_forum() for forum moderation
- current_user.can_edit_company(id) for company permissions

Add @office_manager_required decorator shortcut.
Add SQL migration to sync existing users' role field.

Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-01 21:05:22 +01:00

Maciej Pienczyn

236e929d10

refactor: Migrate IT Audit routes to it_audit blueprint

- Created blueprints/it_audit/ with 5 routes:
  - /it-audit/form (it_audit_form)
  - /it-audit/save (it_audit_save)
  - /api/it-audit/matches/<company_id>
  - /api/it-audit/history/<company_id>
  - /api/it-audit/export
- Added endpoint aliases for backward compatibility
- Removed ~600 lines from app.py (8750 -> 8150)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 17:25:28 +01:00

3 Commits