DI exec: applied CC-DI Subagent A+B SQL — 3245 clanovi, Manuel Boras merged

pgz_sport_api.py

@@ -1,10 +1,19 @@
 #!/usr/bin/env python3
 """
 pgz_sport_api.py - FastAPI backend za PGŽ Sportski savez ERP/CRM
-Author: Damir Radulić (damir@rinet.one)
-Date: 25.04.2026
+Author: Damir Radulić (damir@rinet.one / dradulic@outlook.com)
+Date:   25.04.2026  (v1.1.0 — 2026-05-05: role-based OIB display + audit log)
 Port: 8095
 Endpoints: savezi, klubovi, članovi, članarine, liječnički, manifestacije, proračun, dashboard, alertovi
+Changes (2026-05-05, sub-agent W5):
+  * is_admin() — recognizes super_admin / pgz_admin / pgz_user / pgz_finance /
+    pgz_zzjz JWT roles (previous code only matched literal "admin", which broke
+    PII visibility for actual PGŽ admins like Damir).
+  * apply_privacy() — now scope-aware: savez_admin sees full PII for own savez,
+    klub_admin sees full PII for own klub.
+  * Added _audit_oib_access() — records full-OIB reveals to Postgres audit_events
+    (table pgz_sport.audit_events) under action='oib.read'. Legitimate-interest
+    audit trail for GDPR Art.6(1)(f) defensibility.
 """
 
 from fastapi import FastAPI, HTTPException, Query, Body, Header, Depends, UploadFile, File, Form, Request