Maciej Pienczyn
4181a2e760
Replace ~170 manual `if not current_user.is_admin` checks with: - @role_required(SystemRole.ADMIN) for user management, security, ZOPK - @role_required(SystemRole.OFFICE_MANAGER) for content management - current_user.can_access_admin_panel() for admin UI access - current_user.can_moderate_forum() for forum moderation - current_user.can_edit_company(id) for company permissions Add @office_manager_required decorator shortcut. Add SQL migration to sync existing users' role field. Role hierarchy: UNAFFILIATED(10) < MEMBER(20) < EMPLOYEE(30) < MANAGER(40) < OFFICE_MANAGER(50) < ADMIN(100) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
815 lines
27 KiB
Python
815 lines
27 KiB
Python
"""
|
|
Admin Routes
|
|
============
|
|
|
|
Admin panel: users, recommendations, fees, calendar management.
|
|
"""
|
|
|
|
import os
|
|
import csv
|
|
import json
|
|
import re
|
|
import logging
|
|
import secrets
|
|
import string
|
|
from io import StringIO
|
|
from datetime import datetime, timedelta
|
|
from decimal import Decimal
|
|
|
|
from flask import render_template, request, redirect, url_for, flash, jsonify, Response
|
|
from flask_login import login_required, current_user
|
|
from werkzeug.security import generate_password_hash
|
|
|
|
from . import bp
|
|
from database import (
|
|
SessionLocal, User, Company, CompanyRecommendation,
|
|
MembershipFee, MembershipFeeConfig, NordaEvent, EventAttendee,
|
|
SystemRole
|
|
)
|
|
from utils.decorators import role_required
|
|
import gemini_service
|
|
|
|
# Logger
|
|
logger = logging.getLogger(__name__)
|
|
|
|
# Polish month names for fees
|
|
MONTHS_PL = [
|
|
(1, 'Styczen'), (2, 'Luty'), (3, 'Marzec'), (4, 'Kwiecien'),
|
|
(5, 'Maj'), (6, 'Czerwiec'), (7, 'Lipiec'), (8, 'Sierpien'),
|
|
(9, 'Wrzesien'), (10, 'Pazdziernik'), (11, 'Listopad'), (12, 'Grudzien')
|
|
]
|
|
|
|
|
|
# ============================================================
|
|
# RECOMMENDATIONS ADMIN ROUTES
|
|
# ============================================================
|
|
|
|
@bp.route('/recommendations')
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_recommendations():
|
|
"""Admin panel for recommendations moderation"""
|
|
db = SessionLocal()
|
|
try:
|
|
recommendations = db.query(CompanyRecommendation).order_by(
|
|
CompanyRecommendation.created_at.desc()
|
|
).all()
|
|
|
|
pending_recommendations = db.query(CompanyRecommendation).filter(
|
|
CompanyRecommendation.status == 'pending'
|
|
).order_by(CompanyRecommendation.created_at.desc()).all()
|
|
|
|
total_recommendations = len(recommendations)
|
|
pending_count = len(pending_recommendations)
|
|
approved_count = db.query(CompanyRecommendation).filter(
|
|
CompanyRecommendation.status == 'approved'
|
|
).count()
|
|
rejected_count = db.query(CompanyRecommendation).filter(
|
|
CompanyRecommendation.status == 'rejected'
|
|
).count()
|
|
|
|
logger.info(f"Admin {current_user.email} accessed recommendations panel - {pending_count} pending")
|
|
|
|
return render_template(
|
|
'admin/recommendations.html',
|
|
recommendations=recommendations,
|
|
pending_recommendations=pending_recommendations,
|
|
total_recommendations=total_recommendations,
|
|
pending_count=pending_count,
|
|
approved_count=approved_count,
|
|
rejected_count=rejected_count
|
|
)
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/recommendations/<int:recommendation_id>/approve', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_recommendation_approve(recommendation_id):
|
|
"""Approve a recommendation"""
|
|
db = SessionLocal()
|
|
try:
|
|
recommendation = db.query(CompanyRecommendation).filter(
|
|
CompanyRecommendation.id == recommendation_id
|
|
).first()
|
|
|
|
if not recommendation:
|
|
return jsonify({'success': False, 'error': 'Rekomendacja nie istnieje'}), 404
|
|
|
|
recommendation.status = 'approved'
|
|
recommendation.moderated_by = current_user.id
|
|
recommendation.moderated_at = datetime.utcnow()
|
|
recommendation.rejection_reason = None
|
|
db.commit()
|
|
|
|
logger.info(f"Admin {current_user.email} approved recommendation #{recommendation_id}")
|
|
return jsonify({
|
|
'success': True,
|
|
'message': 'Rekomendacja zatwierdzona'
|
|
})
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/recommendations/<int:recommendation_id>/reject', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_recommendation_reject(recommendation_id):
|
|
"""Reject a recommendation"""
|
|
db = SessionLocal()
|
|
try:
|
|
recommendation = db.query(CompanyRecommendation).filter(
|
|
CompanyRecommendation.id == recommendation_id
|
|
).first()
|
|
|
|
if not recommendation:
|
|
return jsonify({'success': False, 'error': 'Rekomendacja nie istnieje'}), 404
|
|
|
|
rejection_reason = request.json.get('reason', '') if request.is_json else request.form.get('reason', '')
|
|
|
|
recommendation.status = 'rejected'
|
|
recommendation.moderated_by = current_user.id
|
|
recommendation.moderated_at = datetime.utcnow()
|
|
recommendation.rejection_reason = rejection_reason.strip() if rejection_reason else None
|
|
db.commit()
|
|
|
|
logger.info(f"Admin {current_user.email} rejected recommendation #{recommendation_id}")
|
|
return jsonify({
|
|
'success': True,
|
|
'message': 'Rekomendacja odrzucona'
|
|
})
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
# ============================================================
|
|
# USER MANAGEMENT ADMIN ROUTES
|
|
# ============================================================
|
|
|
|
@bp.route('/users')
|
|
@login_required
|
|
@role_required(SystemRole.ADMIN)
|
|
def admin_users():
|
|
"""Admin panel for user management"""
|
|
db = SessionLocal()
|
|
try:
|
|
users = db.query(User).order_by(User.created_at.desc()).all()
|
|
companies = db.query(Company).order_by(Company.name).all()
|
|
|
|
total_users = len(users)
|
|
admin_count = sum(1 for u in users if u.is_admin)
|
|
verified_count = sum(1 for u in users if u.is_verified)
|
|
unverified_count = total_users - verified_count
|
|
|
|
logger.info(f"Admin {current_user.email} accessed users panel - {total_users} users")
|
|
|
|
return render_template(
|
|
'admin/users.html',
|
|
users=users,
|
|
companies=companies,
|
|
total_users=total_users,
|
|
admin_count=admin_count,
|
|
verified_count=verified_count,
|
|
unverified_count=unverified_count
|
|
)
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/users/add', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.ADMIN)
|
|
def admin_user_add():
|
|
"""Create a new user (admin only)"""
|
|
db = SessionLocal()
|
|
try:
|
|
data = request.get_json() or {}
|
|
|
|
email = data.get('email', '').strip().lower()
|
|
if not email:
|
|
return jsonify({'success': False, 'error': 'Email jest wymagany'}), 400
|
|
|
|
existing_user = db.query(User).filter(User.email == email).first()
|
|
if existing_user:
|
|
return jsonify({'success': False, 'error': 'Użytkownik z tym adresem email już istnieje'}), 400
|
|
|
|
password_chars = string.ascii_letters + string.digits + "!@#$%^&*"
|
|
generated_password = ''.join(secrets.choice(password_chars) for _ in range(16))
|
|
password_hash = generate_password_hash(generated_password, method='pbkdf2:sha256')
|
|
|
|
new_user = User(
|
|
email=email,
|
|
password_hash=password_hash,
|
|
name=data.get('name', '').strip() or None,
|
|
company_id=data.get('company_id') or None,
|
|
is_admin=data.get('is_admin', False),
|
|
is_verified=data.get('is_verified', True),
|
|
is_active=True
|
|
)
|
|
|
|
db.add(new_user)
|
|
db.commit()
|
|
db.refresh(new_user)
|
|
|
|
logger.info(f"Admin {current_user.email} created new user: {email} (ID: {new_user.id})")
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'user_id': new_user.id,
|
|
'generated_password': generated_password,
|
|
'message': f'Użytkownik {email} został utworzony'
|
|
})
|
|
|
|
except Exception as e:
|
|
db.rollback()
|
|
logger.error(f"Error creating user: {e}")
|
|
return jsonify({'success': False, 'error': 'Błąd podczas tworzenia użytkownika'}), 500
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/users/<int:user_id>/toggle-admin', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.ADMIN)
|
|
def admin_user_toggle_admin(user_id):
|
|
"""Toggle admin status for a user"""
|
|
if user_id == current_user.id:
|
|
return jsonify({'success': False, 'error': 'Nie możesz zmienić własnych uprawnień'}), 400
|
|
|
|
db = SessionLocal()
|
|
try:
|
|
user = db.query(User).filter(User.id == user_id).first()
|
|
if not user:
|
|
return jsonify({'success': False, 'error': 'Użytkownik nie znaleziony'}), 404
|
|
|
|
user.is_admin = not user.is_admin
|
|
db.commit()
|
|
|
|
logger.info(f"Admin {current_user.email} {'granted' if user.is_admin else 'revoked'} admin for user {user.email}")
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'is_admin': user.is_admin,
|
|
'message': f"{'Nadano' if user.is_admin else 'Odebrano'} uprawnienia admina"
|
|
})
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/users/<int:user_id>/toggle-verified', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.ADMIN)
|
|
def admin_user_toggle_verified(user_id):
|
|
"""Toggle verified status for a user"""
|
|
db = SessionLocal()
|
|
try:
|
|
user = db.query(User).filter(User.id == user_id).first()
|
|
if not user:
|
|
return jsonify({'success': False, 'error': 'Użytkownik nie znaleziony'}), 404
|
|
|
|
user.is_verified = not user.is_verified
|
|
if user.is_verified:
|
|
user.verified_at = datetime.utcnow()
|
|
else:
|
|
user.verified_at = None
|
|
db.commit()
|
|
|
|
logger.info(f"Admin {current_user.email} {'verified' if user.is_verified else 'unverified'} user {user.email}")
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'is_verified': user.is_verified,
|
|
'message': f"Użytkownik {'zweryfikowany' if user.is_verified else 'niezweryfikowany'}"
|
|
})
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/users/<int:user_id>/update', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.ADMIN)
|
|
def admin_user_update(user_id):
|
|
"""Update user data (name, email)"""
|
|
db = SessionLocal()
|
|
try:
|
|
user = db.query(User).filter(User.id == user_id).first()
|
|
if not user:
|
|
return jsonify({'success': False, 'error': 'Użytkownik nie znaleziony'}), 404
|
|
|
|
data = request.get_json() or {}
|
|
|
|
if 'name' in data:
|
|
user.name = data['name'].strip() if data['name'] else None
|
|
|
|
if 'email' in data:
|
|
new_email = data['email'].strip().lower()
|
|
if new_email and new_email != user.email:
|
|
existing = db.query(User).filter(User.email == new_email, User.id != user_id).first()
|
|
if existing:
|
|
return jsonify({'success': False, 'error': 'Ten email jest już używany'}), 400
|
|
user.email = new_email
|
|
|
|
if 'phone' in data:
|
|
user.phone = data['phone'].strip() if data['phone'] else None
|
|
|
|
db.commit()
|
|
|
|
logger.info(f"Admin {current_user.email} updated user {user.email}: name={user.name}, phone={user.phone}")
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'user': {
|
|
'id': user.id,
|
|
'name': user.name,
|
|
'email': user.email,
|
|
'phone': user.phone
|
|
},
|
|
'message': 'Dane użytkownika zaktualizowane'
|
|
})
|
|
except Exception as e:
|
|
db.rollback()
|
|
logger.error(f"Error updating user {user_id}: {e}")
|
|
return jsonify({'success': False, 'error': str(e)}), 500
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/users/<int:user_id>/assign-company', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.ADMIN)
|
|
def admin_user_assign_company(user_id):
|
|
"""Assign a company to a user"""
|
|
db = SessionLocal()
|
|
try:
|
|
user = db.query(User).filter(User.id == user_id).first()
|
|
if not user:
|
|
return jsonify({'success': False, 'error': 'Użytkownik nie znaleziony'}), 404
|
|
|
|
data = request.get_json() or {}
|
|
company_id = data.get('company_id')
|
|
|
|
if company_id:
|
|
company = db.query(Company).filter(Company.id == company_id).first()
|
|
if not company:
|
|
return jsonify({'success': False, 'error': 'Firma nie znaleziona'}), 404
|
|
user.company_id = company_id
|
|
company_name = company.name
|
|
else:
|
|
user.company_id = None
|
|
company_name = None
|
|
|
|
db.commit()
|
|
|
|
logger.info(f"Admin {current_user.email} assigned company '{company_name}' to user {user.email}")
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'company_name': company_name,
|
|
'message': f"Przypisano firmę: {company_name}" if company_name else "Odłączono od firmy"
|
|
})
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/users/<int:user_id>/delete', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.ADMIN)
|
|
def admin_user_delete(user_id):
|
|
"""Delete a user"""
|
|
if user_id == current_user.id:
|
|
return jsonify({'success': False, 'error': 'Nie możesz usunąć własnego konta'}), 400
|
|
|
|
db = SessionLocal()
|
|
try:
|
|
user = db.query(User).filter(User.id == user_id).first()
|
|
if not user:
|
|
return jsonify({'success': False, 'error': 'Użytkownik nie znaleziony'}), 404
|
|
|
|
email = user.email
|
|
db.delete(user)
|
|
db.commit()
|
|
|
|
logger.info(f"Admin {current_user.email} deleted user {email}")
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'message': f"Użytkownik {email} został usunięty"
|
|
})
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/users/<int:user_id>/reset-password', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.ADMIN)
|
|
def admin_user_reset_password(user_id):
|
|
"""Generate password reset token for a user"""
|
|
db = SessionLocal()
|
|
try:
|
|
user = db.query(User).filter(User.id == user_id).first()
|
|
if not user:
|
|
return jsonify({'success': False, 'error': 'Użytkownik nie znaleziony'}), 404
|
|
|
|
reset_token = secrets.token_urlsafe(32)
|
|
user.reset_token = reset_token
|
|
user.reset_token_expires = datetime.utcnow() + timedelta(hours=1)
|
|
db.commit()
|
|
|
|
base_url = os.getenv('APP_URL', 'https://nordabiznes.pl')
|
|
reset_url = f"{base_url}/reset-password/{reset_token}"
|
|
|
|
logger.info(f"Admin {current_user.email} generated reset token for user {user.email}: {reset_token[:8]}...")
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'reset_url': reset_url,
|
|
'message': f"Link do resetu hasła wygenerowany (ważny 1 godzinę)"
|
|
})
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
# ============================================================
|
|
# MEMBERSHIP FEES ADMIN
|
|
# ============================================================
|
|
|
|
@bp.route('/fees')
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_fees():
|
|
"""Admin panel for membership fee management"""
|
|
db = SessionLocal()
|
|
try:
|
|
from sqlalchemy import func, case
|
|
|
|
year = request.args.get('year', datetime.now().year, type=int)
|
|
month = request.args.get('month', type=int)
|
|
status_filter = request.args.get('status', '')
|
|
|
|
companies = db.query(Company).filter(Company.status == 'active').order_by(Company.name).all()
|
|
|
|
fee_query = db.query(MembershipFee).filter(MembershipFee.fee_year == year)
|
|
if month:
|
|
fee_query = fee_query.filter(MembershipFee.fee_month == month)
|
|
|
|
fees = {(f.company_id, f.fee_month): f for f in fee_query.all()}
|
|
|
|
companies_fees = []
|
|
for company in companies:
|
|
if month:
|
|
fee = fees.get((company.id, month))
|
|
companies_fees.append({
|
|
'company': company,
|
|
'fee': fee,
|
|
'status': fee.status if fee else 'brak'
|
|
})
|
|
else:
|
|
company_data = {'company': company, 'months': {}}
|
|
for m in range(1, 13):
|
|
fee = fees.get((company.id, m))
|
|
company_data['months'][m] = fee
|
|
companies_fees.append(company_data)
|
|
|
|
if status_filter and month:
|
|
if status_filter == 'paid':
|
|
companies_fees = [cf for cf in companies_fees if cf.get('status') == 'paid']
|
|
elif status_filter == 'pending':
|
|
companies_fees = [cf for cf in companies_fees if cf.get('status') in ('pending', 'brak')]
|
|
elif status_filter == 'overdue':
|
|
companies_fees = [cf for cf in companies_fees if cf.get('status') == 'overdue']
|
|
|
|
total_companies = len(companies)
|
|
if month:
|
|
month_fees = [cf.get('fee') for cf in companies_fees if cf.get('fee')]
|
|
paid_count = sum(1 for f in month_fees if f and f.status == 'paid')
|
|
pending_count = total_companies - paid_count
|
|
total_due = sum(float(f.amount) for f in month_fees if f) if month_fees else Decimal(0)
|
|
total_paid = sum(float(f.amount_paid or 0) for f in month_fees if f) if month_fees else Decimal(0)
|
|
else:
|
|
all_fees = list(fees.values())
|
|
paid_count = sum(1 for f in all_fees if f.status == 'paid')
|
|
pending_count = len(all_fees) - paid_count
|
|
total_due = sum(float(f.amount) for f in all_fees) if all_fees else Decimal(0)
|
|
total_paid = sum(float(f.amount_paid or 0) for f in all_fees) if all_fees else Decimal(0)
|
|
|
|
fee_config = db.query(MembershipFeeConfig).filter(
|
|
MembershipFeeConfig.scope == 'global',
|
|
MembershipFeeConfig.valid_until == None
|
|
).first()
|
|
default_fee = float(fee_config.monthly_amount) if fee_config else 100.00
|
|
|
|
return render_template(
|
|
'admin/fees.html',
|
|
companies_fees=companies_fees,
|
|
year=year,
|
|
month=month,
|
|
status_filter=status_filter,
|
|
total_companies=total_companies,
|
|
paid_count=paid_count,
|
|
pending_count=pending_count,
|
|
total_due=total_due,
|
|
total_paid=total_paid,
|
|
default_fee=default_fee,
|
|
years=list(range(2024, datetime.now().year + 2)),
|
|
months=MONTHS_PL
|
|
)
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/fees/generate', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_fees_generate():
|
|
"""Generate fee records for all companies for a given month"""
|
|
db = SessionLocal()
|
|
try:
|
|
year = request.form.get('year', type=int)
|
|
month = request.form.get('month', type=int)
|
|
|
|
if not year or not month:
|
|
return jsonify({'success': False, 'error': 'Brak roku lub miesiaca'}), 400
|
|
|
|
fee_config = db.query(MembershipFeeConfig).filter(
|
|
MembershipFeeConfig.scope == 'global',
|
|
MembershipFeeConfig.valid_until == None
|
|
).first()
|
|
default_fee = fee_config.monthly_amount if fee_config else 100.00
|
|
|
|
companies = db.query(Company).filter(Company.status == 'active').all()
|
|
|
|
created = 0
|
|
for company in companies:
|
|
existing = db.query(MembershipFee).filter(
|
|
MembershipFee.company_id == company.id,
|
|
MembershipFee.fee_year == year,
|
|
MembershipFee.fee_month == month
|
|
).first()
|
|
|
|
if not existing:
|
|
fee = MembershipFee(
|
|
company_id=company.id,
|
|
fee_year=year,
|
|
fee_month=month,
|
|
amount=default_fee,
|
|
status='pending'
|
|
)
|
|
db.add(fee)
|
|
created += 1
|
|
|
|
db.commit()
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'message': f'Utworzono {created} rekordow skladek'
|
|
})
|
|
except Exception as e:
|
|
db.rollback()
|
|
logger.error(f"Error generating fees: {e}")
|
|
return jsonify({'success': False, 'error': str(e)}), 500
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/fees/<int:fee_id>/mark-paid', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_fees_mark_paid(fee_id):
|
|
"""Mark a fee as paid"""
|
|
db = SessionLocal()
|
|
try:
|
|
fee = db.query(MembershipFee).filter(MembershipFee.id == fee_id).first()
|
|
if not fee:
|
|
return jsonify({'success': False, 'error': 'Nie znaleziono skladki'}), 404
|
|
|
|
amount_paid = request.form.get('amount_paid', type=float)
|
|
payment_date = request.form.get('payment_date')
|
|
payment_method = request.form.get('payment_method', 'transfer')
|
|
payment_reference = request.form.get('payment_reference', '')
|
|
notes = request.form.get('notes', '')
|
|
|
|
fee.amount_paid = amount_paid or float(fee.amount)
|
|
fee.payment_date = datetime.strptime(payment_date, '%Y-%m-%d').date() if payment_date else datetime.now().date()
|
|
fee.payment_method = payment_method
|
|
fee.payment_reference = payment_reference
|
|
fee.notes = notes
|
|
fee.recorded_by = current_user.id
|
|
fee.recorded_at = datetime.now()
|
|
|
|
if fee.amount_paid >= float(fee.amount):
|
|
fee.status = 'paid'
|
|
elif fee.amount_paid > 0:
|
|
fee.status = 'partial'
|
|
|
|
db.commit()
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'message': 'Skladka zostala zarejestrowana'
|
|
})
|
|
except Exception as e:
|
|
db.rollback()
|
|
logger.error(f"Error marking fee as paid: {e}")
|
|
return jsonify({'success': False, 'error': str(e)}), 500
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/fees/bulk-mark-paid', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_fees_bulk_mark_paid():
|
|
"""Bulk mark fees as paid"""
|
|
db = SessionLocal()
|
|
try:
|
|
fee_ids = request.form.getlist('fee_ids[]', type=int)
|
|
|
|
if not fee_ids:
|
|
return jsonify({'success': False, 'error': 'Brak wybranych skladek'}), 400
|
|
|
|
updated = 0
|
|
for fee_id in fee_ids:
|
|
fee = db.query(MembershipFee).filter(MembershipFee.id == fee_id).first()
|
|
if fee and fee.status != 'paid':
|
|
fee.status = 'paid'
|
|
fee.amount_paid = fee.amount
|
|
fee.payment_date = datetime.now().date()
|
|
fee.recorded_by = current_user.id
|
|
fee.recorded_at = datetime.now()
|
|
updated += 1
|
|
|
|
db.commit()
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'message': f'Zaktualizowano {updated} rekordow'
|
|
})
|
|
except Exception as e:
|
|
db.rollback()
|
|
logger.error(f"Error in bulk action: {e}")
|
|
return jsonify({'success': False, 'error': str(e)}), 500
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/fees/export')
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_fees_export():
|
|
"""Export fees to CSV"""
|
|
db = SessionLocal()
|
|
try:
|
|
year = request.args.get('year', datetime.now().year, type=int)
|
|
month = request.args.get('month', type=int)
|
|
|
|
query = db.query(MembershipFee).join(Company).filter(
|
|
MembershipFee.fee_year == year
|
|
)
|
|
|
|
if month:
|
|
query = query.filter(MembershipFee.fee_month == month)
|
|
|
|
fees = query.order_by(Company.name, MembershipFee.fee_month).all()
|
|
|
|
output = StringIO()
|
|
writer = csv.writer(output)
|
|
writer.writerow([
|
|
'Firma', 'NIP', 'Rok', 'Miesiac', 'Kwota', 'Zaplacono',
|
|
'Status', 'Data platnosci', 'Metoda', 'Referencja', 'Notatki'
|
|
])
|
|
|
|
for fee in fees:
|
|
writer.writerow([
|
|
fee.company.name,
|
|
fee.company.nip,
|
|
fee.fee_year,
|
|
fee.fee_month,
|
|
fee.amount,
|
|
fee.amount_paid,
|
|
fee.status,
|
|
fee.payment_date,
|
|
fee.payment_method,
|
|
fee.payment_reference,
|
|
fee.notes
|
|
])
|
|
|
|
output.seek(0)
|
|
|
|
return Response(
|
|
output.getvalue(),
|
|
mimetype='text/csv',
|
|
headers={
|
|
'Content-Disposition': f'attachment; filename=skladki_{year}_{month or "all"}.csv'
|
|
}
|
|
)
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
# ============================================================
|
|
# CALENDAR ADMIN ROUTES
|
|
# ============================================================
|
|
|
|
@bp.route('/kalendarz')
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_calendar():
|
|
"""Panel admin - zarządzanie wydarzeniami"""
|
|
db = SessionLocal()
|
|
try:
|
|
events = db.query(NordaEvent).order_by(NordaEvent.event_date.desc()).all()
|
|
|
|
return render_template('calendar/admin.html', events=events)
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
@bp.route('/kalendarz/nowy', methods=['GET', 'POST'])
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_calendar_new():
|
|
"""Dodaj nowe wydarzenie"""
|
|
if request.method == 'POST':
|
|
db = SessionLocal()
|
|
try:
|
|
event = NordaEvent(
|
|
title=request.form.get('title', '').strip(),
|
|
description=request.form.get('description', '').strip(),
|
|
event_date=datetime.strptime(request.form.get('event_date'), '%Y-%m-%d').date(),
|
|
start_time=request.form.get('start_time') or None,
|
|
end_time=request.form.get('end_time') or None,
|
|
location=request.form.get('location', '').strip() or None,
|
|
event_type=request.form.get('event_type', 'meeting'),
|
|
max_participants=request.form.get('max_participants', type=int) or None,
|
|
registration_required=request.form.get('registration_required') == 'on',
|
|
is_public=request.form.get('is_public') == 'on',
|
|
created_by=current_user.id
|
|
)
|
|
|
|
db.add(event)
|
|
db.commit()
|
|
|
|
flash('Wydarzenie zostało dodane.', 'success')
|
|
return redirect(url_for('.admin_calendar'))
|
|
except Exception as e:
|
|
db.rollback()
|
|
flash(f'Błąd: {str(e)}', 'error')
|
|
finally:
|
|
db.close()
|
|
|
|
return render_template('calendar/admin_new.html', event=None)
|
|
|
|
|
|
@bp.route('/kalendarz/<int:event_id>/delete', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.OFFICE_MANAGER)
|
|
def admin_calendar_delete(event_id):
|
|
"""Usuń wydarzenie"""
|
|
db = SessionLocal()
|
|
try:
|
|
event = db.query(NordaEvent).filter(NordaEvent.id == event_id).first()
|
|
if not event:
|
|
return jsonify({'success': False, 'error': 'Wydarzenie nie istnieje'}), 404
|
|
|
|
# Delete RSVPs first
|
|
db.query(EventAttendee).filter(EventAttendee.event_id == event_id).delete()
|
|
db.delete(event)
|
|
db.commit()
|
|
|
|
return jsonify({'success': True, 'message': 'Wydarzenie usunięte'})
|
|
except Exception as e:
|
|
db.rollback()
|
|
logger.error(f"Error deleting event: {e}")
|
|
return jsonify({'success': False, 'error': str(e)}), 500
|
|
finally:
|
|
db.close()
|
|
|
|
|
|
# ============================================================
|
|
# RELEASE NOTIFICATIONS
|
|
# ============================================================
|
|
|
|
@bp.route('/notify-release', methods=['POST'])
|
|
@login_required
|
|
@role_required(SystemRole.ADMIN)
|
|
def admin_notify_release():
|
|
"""
|
|
Send notifications to all users about a new release.
|
|
Called manually by admin after deploying a new version.
|
|
"""
|
|
data = request.get_json() or {}
|
|
version = data.get('version')
|
|
highlights = data.get('highlights', [])
|
|
|
|
if not version:
|
|
return jsonify({'success': False, 'error': 'Brak wersji'}), 400
|
|
|
|
from utils.notifications import notify_all_users_release
|
|
count = notify_all_users_release(version=version, highlights=highlights)
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'message': f'Wysłano {count} powiadomień o wersji {version}'
|
|
})
|