Symetria z push — panel /konto/prywatnosc rozszerzony o 3 dodatkowe
toggle w karcie "Powiadomienia e-mail":
- Pytanie pod moim ogłoszeniem B2B (notify_email_classified_question)
- Odpowiedź pod moim pytaniem B2B (notify_email_classified_answer)
- Ogłoszenie wygasa za 3 dni (notify_email_classified_expiry)
Migracja 102 dodaje kolumny (default TRUE — nie zmienia zachowania
istniejących userów). Endpointy ask_question / answer_question teraz
czytają dedykowaną flagę zamiast notify_email_messages (która zostaje
tylko dla wiadomości prywatnych). Skrypt classified_expiry_notifier.py
pomija userów z wyłączonym notify_email_classified_expiry.
W kolejnych sub-fazach D.2/D.3 symetrycznie dojdą triggery e-mail +
toggle dla forum/broadcast/wydarzeń — z defaults dobranymi tak, by
nie zalać inbox użytkowników (broadcast OFF, personalne ON).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Migracja 101 dodaje 8 nowych kolumn notify_push_* na users (wszystkie
default TRUE). Panel preferencji rozszerzony o kartę "Powiadomienia
push (na urządzeniu)" z 3 podsekcjami (interakcje dot. mnie, aktualności
Izby, wydarzenia) — 9 przełączników. "Nowa wiadomość prywatna" świadomie
jest w obu kartach (e-mail + push) — userzy mogą niezależnie wybrać
oba kanały.
Triggery B2B:
- zainteresowanie ogłoszeniem (ClassifiedInterest) → push do autora
z notify_push_classified_interest
- pytanie do ogłoszenia (ClassifiedQuestion) → push do autora z
notify_push_classified_question
Fazy D.2 (forum + broadcast) i D.3 (wydarzenia + cron) w kolejnych PR.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
B2B ogłoszenia mogły zostać stworzone 3x (user 81 Bormax 14.04.2026
w ciągu 2 sekund) — brak dedup window server-side i disable submit
button. Rozszerzam zabezpieczenie także na announcements i board
meeting form.
- classifieds POST /nowe: odrzuć duplikat z ostatnich 60s (ten sam
author+company+title) → redirect do istniejącego z flash info
- classifieds new.html: disable submitBtn + "Wysyłanie..." po
walidacji; ponowne kliknięcie blokowane event.preventDefault
- announcements_form.html + board/meeting_form.html: jednolity
handler disable wszystkich button[type="submit"] po pierwszym
submit
Forum topic/reply już miały analogiczne zabezpieczenie (bez zmian).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SQLAlchemy ORM tries to UPDATE classified_reads.classified_id = NULL
before deleting the classifieds row, even though the FK has ON DELETE
CASCADE at DB level. The NOT NULL constraint on classified_id then
raises IntegrityError. Same pattern as the forum_reply_reads fix from
2026-02. Manually delete reads, interests, questions, attachments
before db.delete(classified).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Previously when server validation failed (e.g. missing required field),
the whole form re-rendered with all values cleared — user had to retype
everything. Also Quill empty-content showed an alert dialog.
Now:
- Server-side: form_data + missing_fields passed to template; values
re-populate inputs, missing fields get .field-error class (red border)
- Quill empty: red border on the editor container instead of alert,
cleared as soon as user starts typing
- Other required fields (radio, select, title): same .field-error
treatment plus :invalid CSS for live HTML5 feedback
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Users with multiple companies now see a dropdown to choose which company
a B2B classified ad is posted for. Single-company users get a hidden field.
Server-side validates the selected company_id against user's actual memberships.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace textarea with Quill editor in new/edit classified forms
- Sanitize HTML with sanitize_html() on save (XSS prevention)
- Render HTML in classified detail view, strip tags in list view
- New script: classified_expiry_notifier.py sends email 3 days before
expiry with link to extend. Run daily via cron at 8:00.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Expired classifieds show 'Wygasło' badge on list and detail view
- Closed classifieds show 'Zamknięte' badge on list
- Author can extend by 30 days with one click
- Homepage 'Nowe na portalu' excludes expired classifieds
- List shows all classifieds, active first
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
updated_at now refreshes on: edit, new Q&A question, new Q&A answer.
Does NOT refresh on: page views, interest clicks, close.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Removed onupdate from Classified.updated_at, set it manually in edit route.
Ensures toggle_interest, close, and views don't alter the date.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use raw SQL UPDATE for views_count to bypass SQLAlchemy onupdate.
Restore updated_at display in homepage cards - now accurate.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New edit route with form pre-filled with existing data
- Edit existing attachments (mark for deletion) + add new ones
- Edit button visible to classified author on detail view
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New ClassifiedAttachment model with migration
- FileUploadService extended with 'classified' type
- Dropzone with drag & drop, paste, multi-file preview in creation form
- Image gallery with lightbox in classified detail view
- Max 10 files, 5MB each, JPG/PNG/GIF
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three new notification types:
- New question → author gets in-app + email
- Answer to question → questioner gets in-app + email
- Someone interested → author gets in-app only
Previously the B2B board had zero notifications, so authors never
knew someone asked a question about their listing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
csrf.exempt on the full classifieds blueprint during registration,
same pattern as API blueprint. All classifieds endpoints are behind
@login_required + @member_required so CSRF exemption is safe.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The /tablica/<id>/interest AJAX POST was returning 400 because
Flask-WTF CSRF validation rejected the token despite X-CSRFToken
header being present. Endpoint is protected by @login_required
and @member_required, so CSRF exemption is safe.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Modules now requiring MEMBER role or higher:
- NordaGPT (/chat) - with dedicated landing page for non-members
- Wiadomości (/wiadomosci) - private messaging
- Tablica B2B (/tablica) - business classifieds
- Kontakty (/kontakty) - member contact information
Non-members see a promotional page explaining the benefits
of NordaGPT membership instead of being simply redirected.
This provides clear value proposition for NORDA membership
while protecting member-exclusive features.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace ~170 manual `if not current_user.is_admin` checks with:
- @role_required(SystemRole.ADMIN) for user management, security, ZOPK
- @role_required(SystemRole.OFFICE_MANAGER) for content management
- current_user.can_access_admin_panel() for admin UI access
- current_user.can_moderate_forum() for forum moderation
- current_user.can_edit_company(id) for company permissions
Add @office_manager_required decorator shortcut.
Add SQL migration to sync existing users' role field.
Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ClassifiedInterest model for tracking user interest in listings
- Add ClassifiedQuestion model for public Q&A on listings
- Add context_type/context_id to PrivateMessage for B2B linking
- Add interest toggle button and interests list modal
- Add Q&A section with ask/answer/hide functionality
- Update messages to show B2B context badge
- Create migration 034_classified_interactions.sql
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ForumTopicRead, ForumReplyRead, ClassifiedRead models
- Add SQL migration for new tables
- Record reads when user views forum topic (topic + all visible replies)
- Record reads when user views B2B classified
- Display "Seen by" avatars in forum topic and B2B detail pages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
