- Backend: reject identical title+content from same author within 60s
(mirrors existing protection on forum_reply)
- Frontend: disable submit button + 'Wysyłanie…' label on first click
Daniel Kochański accidentally created 7 identical 'Local content w praktyce'
topics within 5 seconds. Soft-deleted IDs 25-30 on prod, kept 24.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Admin fees yearly view now shows all active companies (including child brands)
- Child brand rows are indented with striped month cells and "firma córka" badge
- Parent companies show expandable brand list, Stawka column with 200/300 zł logic
- Expected fee per month computed from number of active child brands
- Rate change month shown when brand joins mid-year (e.g. "I-III: 200 zł / od IV: 300 zł")
- Sorting groups children directly under their parent
- Reminder logic skipped for child companies
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Shows expected fee per company (200 zł for 1 brand, 300 zł for 2+)
- Child companies shown with striped "nie dotyczy" tiles
- Rate change month displayed (e.g., "I-III: 200 zł, od IV: 300 zł")
- Expandable brand list under parent company name
- Children grouped after their parent in the table
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add sort keys and data-sort-value attributes to 'Upr. firmowe' and 'Rola' columns
- Add filter tabs for MANAGER, OFFICE_MANAGER, company-role NONE and MANAGER
- Add data-company-role attribute to user rows for JS filtering
- Grant OFFICE_MANAGER access to admin_users, assign-company, reset-password, change-role, get-roles endpoints
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All "Powrót do wiadomości" links in compose, view, sent, and group_compose
templates now point to messages.conversations_page instead of legacy
messages_inbox.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- "Profil firmy" button becomes a dropdown listing all companies
- Subtitle under name shows all companies separated by dots
- Single-company users see no changes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace company_id from current_user with active company from session in
the colleagues API endpoint, and autofill guest org from active_company.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Users with multiple companies now see a dropdown to choose which company
a B2B classified ad is posted for. Single-company users get a hidden field.
Server-side validates the selected company_id against user's actual memberships.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace single "Moja firma" link with a switchable company list for users
with multiple companies, using POST forms with CSRF and active-state highlighting.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace textarea with Quill editor in new/edit classified forms
- Sanitize HTML with sanitize_html() on save (XSS prevention)
- Render HTML in classified detail view, strip tags in list view
- New script: classified_expiry_notifier.py sends email 3 days before
expiry with link to extend. Run daily via cron at 8:00.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Added to GeoIP tab:
- Last 20 blocked requests with IP, country, path, timestamp
- Top 10 most targeted URL paths with hit counts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reply seen-by section was hardcoded to show initials only.
Added avatar_path check matching topic readers pattern.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Added CSS rule for .reader-avatar img with absolute positioning
to properly display avatar photos inside the 28px circles.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Portal is production - no more test topics. Changed topic #1 category
from 'test' to 'announcement'. Removed toggle-test UI from forum list.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Expired classifieds show 'Wygasło' badge on list and detail view
- Closed classifieds show 'Zamknięte' badge on list
- Author can extend by 30 days with one click
- Homepage 'Nowe na portalu' excludes expired classifieds
- List shows all classifieds, active first
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use raw SQL UPDATE for views_count to bypass SQLAlchemy onupdate.
Restore updated_at display in homepage cards - now accurate.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
updated_at was being triggered by views_count increment on every page
view, making dates misleading. Reverted to created_at for display and sort.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Forum cards now show date of latest reply (not topic creation).
B2B cards show updated_at (not created_at), sorted by most recent activity.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace 'Najnowszy wpis na forum' (duplicate with Nowe na portalu)
with 'Nowi użytkownicy portalu' showing 4 latest registered users
with avatars, names, dates and company names.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Shows 2 latest forum topics + 2 latest B2B classifieds in a 4-column
grid between events and NordaGPT banner. Responsive 2-col on mobile.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New edit route with form pre-filled with existing data
- Edit existing attachments (mark for deletion) + add new ones
- Edit button visible to classified author on detail view
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New ClassifiedAttachment model with migration
- FileUploadService extended with 'classified' type
- Dropzone with drag & drop, paste, multi-file preview in creation form
- Image gallery with lightbox in classified detail view
- Max 10 files, 5MB each, JPG/PNG/GIF
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Left-align grid (max-width 900px)
- Show 12 events instead of 8
- Add filter buttons (Wszystkie / Norda Biznes / Zewnętrzne)
- Green gradient for external events matching homepage style
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New "Karty" view shows up to 8 upcoming events as dark gradient cards
in a 2-column grid, matching the homepage event banner style.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add profile links to usernames and avatars across forum, classifieds,
announcements, company recommendations, board members, and group messages.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Added global parseUTC() helper in base.html that appends 'Z' to
naive ISO dates from server. Applied to:
- Notification bell (base.html) — formatTimeAgo
- NordaGPT conversation sort (chat.html)
- B2B interest dates (classifieds/view.html)
- Admin forum moderation dates (admin/forum.html)
- Admin AI insights dates (admin/insights.html)
Same fix as conversations.js parseUTC, now available globally.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The clipboard.onPaste override broke text pasting in Quill 2.x
where this internal API is no longer public. Replaced with a DOM
paste event listener on quill.root that only intercepts image
pastes and lets Quill handle text paste natively.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Added "X odpow." counter next to views count on each classified
card in the B2B board listing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Added avatar_path photo display for: author avatar, seen-by readers,
and Q&A question authors on the classified detail page. Falls back
to colored initial circle when no photo is uploaded.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When clicking "Skontaktuj się" on a classified ad, the conversation
now starts with a pre-filled message: "Hej, piszę w sprawie ogłoszenia
na tablicy B2B: „<tytuł>"". If conversation already exists, the
context is pre-filled in the editor for the user to send.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The interest endpoint was returning 400 because fetch sent
Content-Type:application/json with an empty body, causing Flask
to fail JSON parsing. Removed the header since no JSON body is
sent. Also reverted unnecessary CSRF blueprint exemption.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Changed B2B classified contact link from old messages_new to new
conversations page with ?new_to=USER_ID parameter. JS creates a
1:1 conversation via API and opens it, or opens existing one if
already present. Messages now visible in the conversations inbox.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
