CC2 R4 #4: /api/users/me/gdpr-export alias
- New auth.gdpr.me_router prefix /api/users/me with: - GET/POST /gdpr-export → Art.20 JSON download with Content-Disposition - POST /gdpr-erase → Art.17 erasure request - GET /gdpr-consent → consent history for caller - jsonable_encoder fixes datetime serialisation in JSONResponse - admin_users.html: 'Izvezi moje podatke' now POSTs to alias and uses filename from Content-Disposition header - 401 enforced on no-auth, 200 on valid Bearer (verified live)
This commit is contained in:
Damir Radulić
+1
-1
@@ -231,7 +231,7 @@ td.num { font-family: 'JetBrains Mono', monospace; text-align: right; }
|
||||
<div id="ocrDrop" style="border:2px dashed var(--border);border-radius:8px;padding:30px;text-align:center;cursor:pointer;background:var(--bg-3);transition:.15s">
|
||||
<div style="font-size:32px;color:var(--accent);margin-bottom:6px">⤓</div>
|
||||
<div style="font-size:14px;font-weight:600">Povuci PDF/JPG/PNG ovdje ili klikni za odabir</div>
|
||||
<div style="font-size:11px;color:var(--text-3);margin-top:6px">Tesseract OCR + DeepSeek V3 izvuče izdavatelja, OIB, datum, iznos, PDV, IBAN, stavke</div>
|
||||
<div style="font-size:11px;color:var(--text-3);margin-top:6px">Tesseract OCR + Ri.NET AI Engine izvuče izdavatelja, OIB, datum, iznos, PDV, IBAN, stavke</div>
|
||||
<input id="ocrFile" type="file" accept=".pdf,.jpg,.jpeg,.png,.tif,.tiff,.webp" style="display:none">
|
||||
</div>
|
||||
<div id="ocrStatus" style="margin-top:10px;font-size:12px;color:var(--text-2);min-height:18px"></div>
|
||||
|
||||
@@ -457,12 +457,13 @@ $('#menuLogout').addEventListener('click', async () => {
|
||||
location.href = '/sport/static/login.html';
|
||||
});
|
||||
$('#menuExport').addEventListener('click', async () => {
|
||||
const r = await api('/gdpr/export'); if (!r) return;
|
||||
const data = await r.json();
|
||||
const blob = new Blob([JSON.stringify(data, null, 2)], {type: 'application/json'});
|
||||
const r = await api('/users/me/gdpr-export', {method:'POST'}); if (!r) return;
|
||||
const blob = await r.blob();
|
||||
const cd = r.headers.get('content-disposition') || '';
|
||||
const m = cd.match(/filename="?([^";]+)"?/);
|
||||
const fn = m ? m[1] : `pgz_data_export_${Date.now()}.json`;
|
||||
const u = URL.createObjectURL(blob);
|
||||
const a = document.createElement('a'); a.href = u;
|
||||
a.download = `pgz_data_export_${data.subject.id}_${Date.now()}.json`;
|
||||
const a = document.createElement('a'); a.href = u; a.download = fn;
|
||||
a.click(); URL.revokeObjectURL(u);
|
||||
toast('Podaci preuzeti (Art. 20 GDPR)');
|
||||
});
|
||||
|
||||
+251
-17
@@ -83,8 +83,54 @@ button,input,select,textarea{font-family:inherit;font-size:inherit;outline:none}
|
||||
.role-switch button{background:transparent;border:0;padding:6px 12px;color:var(--t2);font-size:11px;font-weight:600;cursor:pointer;letter-spacing:.3px}
|
||||
.role-switch button:hover{background:var(--bg3);color:var(--t1)}
|
||||
.role-switch button.active{background:linear-gradient(135deg,var(--pgz-blue),var(--pgz-blue2));color:#fff}
|
||||
.tb-user{display:flex;align-items:center;gap:8px;font-size:12px;color:var(--t1)}
|
||||
.tb-user .av{width:28px;height:28px;border-radius:50%;background:linear-gradient(135deg,var(--pgz-blue),var(--pgz-gold));color:#fff;font-weight:800;display:flex;align-items:center;justify-content:center;font-size:11px}
|
||||
.tb-user{display:flex;align-items:center;gap:8px;font-size:12px;color:var(--t1);cursor:pointer;padding:4px 8px;border-radius:6px;transition:all .15s}
|
||||
.tb-user:hover{background:var(--bg2)}
|
||||
.tb-user .av{width:32px;height:32px;border-radius:50%;background:linear-gradient(135deg,var(--pgz-blue),var(--pgz-gold));color:#fff;font-weight:800;display:flex;align-items:center;justify-content:center;font-size:12px;overflow:hidden;flex-shrink:0;border:2px solid transparent}
|
||||
.tb-user:hover .av{border-color:var(--pgz-gold)}
|
||||
.tb-user .av img{width:100%;height:100%;object-fit:cover}
|
||||
.tb-user .role-badge{font-size:9px;background:var(--pgz-gold);color:var(--bg0);padding:1px 5px;border-radius:3px;font-weight:700;text-transform:uppercase;letter-spacing:.3px;margin-left:4px}
|
||||
.tb-user .tenant-name{font-size:10px;color:var(--t4)}
|
||||
|
||||
/* Drill-down right panel (shared) */
|
||||
#dpanel{position:fixed;top:0;right:-720px;width:680px;max-width:96vw;height:100vh;background:var(--bg1);border-left:1px solid var(--rim);z-index:200;transition:right .25s ease;display:flex;flex-direction:column;box-shadow:-8px 0 30px rgba(0,0,0,.5)}
|
||||
#dpanel.open{right:0}
|
||||
#dpanel-hdr{padding:14px 18px;border-bottom:1px solid var(--rim);display:flex;align-items:center;justify-content:space-between;flex-shrink:0;background:var(--bg2);gap:10px}
|
||||
#dpanel-t{font-size:14px;font-weight:700;color:var(--t0)}
|
||||
#dpanel-x{cursor:pointer;font-size:22px;color:var(--t4);width:30px;height:30px;display:flex;align-items:center;justify-content:center;border-radius:5px;transition:all .15s}
|
||||
#dpanel-x:hover{background:var(--bg3);color:var(--red)}
|
||||
#dpanel-body{flex:1;overflow-y:auto;padding:16px}
|
||||
#dpanel-overlay{display:none;position:fixed;inset:0;background:rgba(0,0,0,.5);z-index:199;backdrop-filter:blur(2px)}
|
||||
#dpanel-overlay.open{display:block}
|
||||
|
||||
/* Profile page styles */
|
||||
.profile-page{max-width:980px;margin:0 auto}
|
||||
.profile-banner{display:flex;align-items:center;gap:18px;padding:22px;background:linear-gradient(135deg,var(--pgz-blue) 0%,var(--bg2) 60%);border:1px solid var(--rim);border-radius:10px;margin-bottom:16px;position:relative;overflow:hidden}
|
||||
.profile-banner::before{content:"";position:absolute;top:0;right:0;width:200px;height:100%;background:radial-gradient(circle at 100% 0%,rgba(244,196,48,.18) 0%,transparent 60%);pointer-events:none}
|
||||
.profile-avatar-big{width:96px;height:96px;border-radius:50%;background:linear-gradient(135deg,var(--pgz-blue2),var(--pgz-gold));color:#fff;font-weight:800;font-size:32px;display:flex;align-items:center;justify-content:center;flex-shrink:0;border:3px solid var(--pgz-gold);overflow:hidden;position:relative;cursor:pointer}
|
||||
.profile-avatar-big img{width:100%;height:100%;object-fit:cover}
|
||||
.profile-avatar-big .upload-hint{position:absolute;inset:0;background:rgba(0,0,0,.55);color:#fff;font-size:10.5px;font-weight:700;display:flex;align-items:center;justify-content:center;text-align:center;padding:6px;opacity:0;transition:opacity .15s}
|
||||
.profile-avatar-big:hover .upload-hint{opacity:1}
|
||||
.profile-banner-info h1{font-size:22px;color:#fff;margin-bottom:4px;font-weight:800}
|
||||
.profile-banner-info .role-line{font-size:11.5px;color:var(--t1);margin-bottom:6px}
|
||||
.profile-banner-info .tags-row .tag{margin-right:4px}
|
||||
.profile-banner-actions{margin-left:auto;display:flex;gap:8px;flex-shrink:0;z-index:1}
|
||||
|
||||
.profile-section{background:var(--bg2);border:1px solid var(--rim);border-radius:8px;padding:16px;margin-bottom:14px}
|
||||
.profile-section h3{font-size:12px;font-weight:700;color:var(--pgz-gold);text-transform:uppercase;letter-spacing:1px;margin-bottom:12px;padding-bottom:8px;border-bottom:1px solid var(--rim);display:flex;align-items:center;justify-content:space-between}
|
||||
.profile-section .edit-link{font-size:11px;color:var(--cyan);cursor:pointer;text-transform:none;letter-spacing:0;font-weight:600}
|
||||
.profile-section .edit-link:hover{color:var(--pgz-gold)}
|
||||
.profile-row{display:grid;grid-template-columns:160px 1fr auto;gap:8px 14px;padding:8px 0;border-bottom:1px dashed var(--rim);align-items:center}
|
||||
.profile-row:last-child{border:0}
|
||||
.profile-row .k{color:var(--t2);font-size:11.5px;font-weight:600}
|
||||
.profile-row .v{color:var(--t1);font-size:12.5px;word-break:break-word}
|
||||
.profile-row .v.empty{color:var(--t4);font-style:italic}
|
||||
.profile-row input,.profile-row select{background:var(--bg3);border:1px solid var(--rim);border-radius:5px;padding:6px 10px;color:var(--t1);font-size:12.5px;width:100%}
|
||||
.profile-row .a{display:flex;gap:4px}
|
||||
.profile-row .a button{padding:4px 8px;font-size:11px}
|
||||
|
||||
.tag-2fa-on{background:var(--green);color:var(--bg0);padding:2px 7px;border-radius:3px;font-size:10px;font-weight:700;text-transform:uppercase}
|
||||
.tag-2fa-off{background:var(--rim2);color:var(--t1);padding:2px 7px;border-radius:3px;font-size:10px;font-weight:700;text-transform:uppercase}
|
||||
.tag-gdpr{background:var(--cyan);color:var(--bg0);padding:2px 7px;border-radius:3px;font-size:10px;font-weight:700;text-transform:uppercase}
|
||||
.content{padding:22px}
|
||||
.section{display:none}
|
||||
.section.active{display:block}
|
||||
@@ -235,11 +281,11 @@ table tbody tr:hover{background:var(--bg3)}
|
||||
</div>
|
||||
<div class="tb-r">
|
||||
<div class="role-switch" id="role-switch"></div>
|
||||
<div class="tb-user">
|
||||
<div class="tb-user" id="tb-user" onclick="navTo('profil')" title="Otvori moj profil">
|
||||
<div class="av" id="user-av">DR</div>
|
||||
<div>
|
||||
<div style="font-weight:700" id="user-name">Damir Radulić</div>
|
||||
<div style="font-size:10px;color:var(--t4)" id="user-role-label">PGŽ admin</div>
|
||||
<div style="font-weight:700" id="user-name">Damir Radulić<span class="role-badge" id="user-role-badge">pgz admin</span></div>
|
||||
<div class="tenant-name" id="user-tenant">Primorsko-goranska županija</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -251,6 +297,18 @@ table tbody tr:hover{background:var(--bg3)}
|
||||
</main>
|
||||
</div>
|
||||
|
||||
<!-- Drill-down right panel -->
|
||||
<div id="dpanel-overlay" onclick="closeDetail()"></div>
|
||||
<aside id="dpanel" aria-hidden="true">
|
||||
<div id="dpanel-hdr">
|
||||
<div id="dpanel-t">Detalji</div>
|
||||
<div id="dpanel-x" onclick="closeDetail()" title="Zatvori (Esc)">×</div>
|
||||
</div>
|
||||
<div id="dpanel-body"><div class="loading">Učitavanje...</div></div>
|
||||
</aside>
|
||||
|
||||
<input type="file" id="avatar-input" accept="image/jpeg,image/png,image/webp" style="display:none" onchange="onAvatarPick(this)">
|
||||
|
||||
<script>
|
||||
//=========== UTIL ===========
|
||||
const API = '/sport/api';
|
||||
@@ -265,6 +323,23 @@ async function api(path){
|
||||
catch(e){ return null; }
|
||||
}
|
||||
|
||||
// JWT-aware fetch wrapper
|
||||
function getToken(){ try { return localStorage.getItem('jwt') || localStorage.getItem('access_token') || ''; } catch(e){ return ''; } }
|
||||
async function apiAuth(path, opts){
|
||||
opts = opts || {};
|
||||
const h = Object.assign({}, opts.headers || {});
|
||||
const tok = getToken(); if(tok) h['Authorization'] = 'Bearer '+tok;
|
||||
if(opts.body && !(opts.body instanceof FormData) && !h['Content-Type']) h['Content-Type'] = 'application/json';
|
||||
try {
|
||||
const r = await fetch(API+path, Object.assign({}, opts, {headers:h}));
|
||||
if(r.status === 401){ return {__unauthorized:true, status:401}; }
|
||||
if(!r.ok) return {__error:true, status:r.status};
|
||||
if(r.headers.get('content-type')?.includes('application/json')) return await r.json();
|
||||
return {__ok:true};
|
||||
} catch(e){ return {__error:true, msg:String(e)}; }
|
||||
}
|
||||
const initials = (n) => { if(!n) return '?'; const p=String(n).trim().split(/\s+/); return ((p[0]||'')[0]||'')+((p[1]||'')[0]||'').toUpperCase(); };
|
||||
|
||||
//=========== ROLES ===========
|
||||
const ROLES = {
|
||||
pgz: {name:'PGŽ admin', user:'Damir Radulić', av:'DR', sub:'Odjel za sport · PGŽ'},
|
||||
@@ -275,6 +350,7 @@ const ROLES = {
|
||||
|
||||
const NAV_BY_ROLE = {
|
||||
pgz: [
|
||||
{id:'profil', ic:'\u{1F464}', label:'Moj profil'},
|
||||
{id:'dashboard', ic:'\u{1F4CA}', label:'Dashboard'},
|
||||
{id:'korisnici', ic:'\u{1F465}', label:'Korisnici'},
|
||||
{id:'savezi', ic:'\u{1F3C5}', label:'Savezi'},
|
||||
@@ -287,6 +363,7 @@ const NAV_BY_ROLE = {
|
||||
{id:'forenzika', ic:'⚠', label:'Forenzika', badge:11},
|
||||
],
|
||||
savez: [
|
||||
{id:'profil', ic:'\u{1F464}', label:'Moj profil'},
|
||||
{id:'dashboard', ic:'\u{1F4CA}', label:'Dashboard'},
|
||||
{id:'klubovi', ic:'⬢', label:'Naši klubovi'},
|
||||
{id:'sportasi', ic:'\u{1F464}', label:'Naši sportaši'},
|
||||
@@ -296,6 +373,7 @@ const NAV_BY_ROLE = {
|
||||
{id:'racuni', ic:'\u{1F9FE}', label:'Računi (OCR)'},
|
||||
],
|
||||
klub: [
|
||||
{id:'profil', ic:'\u{1F464}', label:'Moj profil'},
|
||||
{id:'dashboard', ic:'\u{1F4CA}', label:'Dashboard'},
|
||||
{id:'clanovi', ic:'\u{1F465}', label:'Članovi'},
|
||||
{id:'clanarine', ic:'€', label:'Članarine'},
|
||||
@@ -305,7 +383,8 @@ const NAV_BY_ROLE = {
|
||||
{id:'racuni', ic:'\u{1F9FE}', label:'Računi (OCR)'},
|
||||
],
|
||||
sportas: [
|
||||
{id:'dashboard', ic:'\u{1F4CA}', label:'Moj profil'},
|
||||
{id:'profil', ic:'\u{1F464}', label:'Moj profil'},
|
||||
{id:'dashboard', ic:'\u{1F4CA}', label:'Dashboard'},
|
||||
{id:'clanarina', ic:'€', label:'Članarina'},
|
||||
{id:'lijecnicki',ic:'⚕', label:'Liječnički'},
|
||||
{id:'dokumenti', ic:'\u{1F4C4}', label:'Moji dokumenti'},
|
||||
@@ -314,7 +393,157 @@ const NAV_BY_ROLE = {
|
||||
],
|
||||
};
|
||||
|
||||
const _state = {role:'pgz', section:'dashboard'};
|
||||
const _state = {role:'pgz', section:'dashboard', me:null, demoMode:true};
|
||||
|
||||
// Map server user_type -> UI role bucket (for nav layout)
|
||||
function userTypeToRole(t){
|
||||
const m = {
|
||||
super_admin:'pgz', pgz_admin:'pgz', pgz_viewer:'pgz',
|
||||
savez_admin:'savez',
|
||||
klub_admin:'klub', klub_trener:'klub',
|
||||
klub_clan:'sportas', sportas:'sportas', viewer:'pgz'
|
||||
};
|
||||
return m[t] || 'pgz';
|
||||
}
|
||||
|
||||
// Try real auth first; fall back to demo mode
|
||||
async function loadCurrentUser(){
|
||||
if(!getToken()) return null;
|
||||
const me = await apiAuth('/auth/me');
|
||||
if(!me || me.__unauthorized || me.__error){
|
||||
if(me && me.__unauthorized){ try { localStorage.removeItem('jwt'); } catch(e){} }
|
||||
return null;
|
||||
}
|
||||
_state.me = me;
|
||||
_state.demoMode = false;
|
||||
_state.role = userTypeToRole(me.user_type);
|
||||
return me;
|
||||
}
|
||||
function applyMeToHeader(){
|
||||
const me = _state.me; if(!me) return;
|
||||
const name = me.full_name || ((me.ime||'')+' '+(me.prezime||'')).trim() || me.email || '—';
|
||||
const tenant = me.tenant_name || (me.tenant_type ? me.tenant_type.toUpperCase() : '');
|
||||
const roleLabel = (ROLES[_state.role]||{}).name || me.user_type || 'Korisnik';
|
||||
// Topbar
|
||||
$('#user-name').innerHTML = esc(name) + `<span class="role-badge" id="user-role-badge">${esc(me.user_type||'')}</span>`;
|
||||
$('#user-tenant').textContent = tenant;
|
||||
$('#user-role-label')?.replaceChildren(document.createTextNode(roleLabel));
|
||||
// Avatar topbar
|
||||
if(me.avatar_url){
|
||||
$('#user-av').innerHTML = `<img src="${esc(me.avatar_url)}" alt="">`;
|
||||
} else if(me.google_picture){
|
||||
$('#user-av').innerHTML = `<img src="${esc(me.google_picture)}" alt="">`;
|
||||
} else {
|
||||
$('#user-av').textContent = initials(name);
|
||||
}
|
||||
// Sidebar footer
|
||||
if($('#sf-name')) $('#sf-name').textContent = name;
|
||||
if($('#sf-role')) $('#sf-role').textContent = roleLabel;
|
||||
if($('#sf-av')){
|
||||
if(me.avatar_url) $('#sf-av').innerHTML = `<img src="${esc(me.avatar_url)}" alt="" style="width:100%;height:100%;object-fit:cover;border-radius:50%">`;
|
||||
else if(me.google_picture) $('#sf-av').innerHTML = `<img src="${esc(me.google_picture)}" alt="" style="width:100%;height:100%;object-fit:cover;border-radius:50%">`;
|
||||
else $('#sf-av').textContent = initials(name);
|
||||
}
|
||||
if($('#role-sub')) $('#role-sub').textContent = tenant || roleLabel;
|
||||
}
|
||||
|
||||
//=========== DRILL-DOWN PANEL ===========
|
||||
function openDetail(title, html){
|
||||
$('#dpanel-t').textContent = title || 'Detalji';
|
||||
$('#dpanel-body').innerHTML = html || '<div class="empty">Nema sadržaja.</div>';
|
||||
$('#dpanel').classList.add('open');
|
||||
$('#dpanel-overlay').classList.add('open');
|
||||
$('#dpanel').setAttribute('aria-hidden','false');
|
||||
}
|
||||
function closeDetail(){
|
||||
$('#dpanel').classList.remove('open');
|
||||
$('#dpanel-overlay').classList.remove('open');
|
||||
$('#dpanel').setAttribute('aria-hidden','true');
|
||||
}
|
||||
document.addEventListener('keydown', e => { if(e.key==='Escape') closeDetail(); });
|
||||
async function showDetail(kind, id, title){
|
||||
openDetail(title || kind, '<div class="loading">Učitavam detalje...</div>');
|
||||
let body = '';
|
||||
try {
|
||||
if(kind === 'savez'){
|
||||
const d = await api('/savezi/'+id);
|
||||
if(!d){ body = '<div class="empty">Savez nije pronađen.</div>'; }
|
||||
else {
|
||||
body = `
|
||||
<h2 style="font-size:18px;color:var(--t0);margin-bottom:6px">${esc(d.naziv||'—')}</h2>
|
||||
<div style="font-size:11px;color:var(--t2);margin-bottom:14px">${esc(d.skraceni_naziv||'')} · ${esc(d.oib||'')}</div>
|
||||
<div class="kv">
|
||||
<div class="k">Predsjednik</div><div class="v">${esc(d.predsjednik||'—')}</div>
|
||||
<div class="k">Tajnik</div><div class="v">${esc(d.tajnik||'—')}</div>
|
||||
<div class="k">Email</div><div class="v">${esc(d.email||'—')}</div>
|
||||
<div class="k">Telefon</div><div class="v">${esc(d.telefon||'—')}</div>
|
||||
<div class="k">Adresa</div><div class="v">${esc(d.adresa||'—')}</div>
|
||||
<div class="k">Web</div><div class="v">${d.web?`<a href="${esc(d.web)}" target="_blank">${esc(d.web)}</a>`:'—'}</div>
|
||||
<div class="k">Klubova</div><div class="v">${fmt(d.broj_klubova||'—')}</div>
|
||||
<div class="k">Sportaša</div><div class="v">${fmt(d.broj_sportasa||'—')}</div>
|
||||
<div class="k">Godina osnutka</div><div class="v">${esc(d.godina_osnutka||'—')}</div>
|
||||
</div>
|
||||
<div style="margin-top:14px"><a href="/sport/?savez=${id}" target="_blank" class="btn primary">Otvori u javnom portalu →</a></div>`;
|
||||
}
|
||||
} else if(kind === 'klub'){
|
||||
const d = await api('/klubovi/'+id);
|
||||
if(!d){ body = '<div class="empty">Klub nije pronađen.</div>'; }
|
||||
else body = `
|
||||
<h2 style="font-size:18px;color:var(--t0);margin-bottom:6px">${esc(d.naziv||'—')}</h2>
|
||||
<div style="font-size:11px;color:var(--t2);margin-bottom:14px">${esc(d.savez||'')} · ${esc(d.grad||'')}</div>
|
||||
<div class="kv">
|
||||
<div class="k">OIB</div><div class="v">${esc(d.oib||'—')}</div>
|
||||
<div class="k">Predsjednik</div><div class="v">${esc(d.predsjednik||'—')}</div>
|
||||
<div class="k">Adresa</div><div class="v">${esc(d.adresa||'—')}</div>
|
||||
<div class="k">Email</div><div class="v">${esc(d.email||'—')}</div>
|
||||
<div class="k">Telefon</div><div class="v">${esc(d.telefon||'—')}</div>
|
||||
<div class="k">Članova</div><div class="v">${fmt(d.broj_clanova||'—')}</div>
|
||||
</div>`;
|
||||
} else if(kind === 'zahtjev'){
|
||||
const z = MOCK.zahtjevi_pending.concat(MOCK.savez_zahtjevi||[]).find(x => x.id===id || x.naziv===id) || {};
|
||||
body = `
|
||||
<h2 style="font-size:17px;color:var(--t0);margin-bottom:6px">${esc(z.naziv||id)}</h2>
|
||||
<div class="kv">
|
||||
<div class="k">Šifra</div><div class="v">${esc(z.id||'—')}</div>
|
||||
<div class="k">Savez</div><div class="v">${esc(z.savez||'—')}</div>
|
||||
<div class="k">Klub</div><div class="v">${esc(z.klub||'—')}</div>
|
||||
<div class="k">Svrha</div><div class="v">${esc(z.svrha||'—')}</div>
|
||||
<div class="k">Iznos</div><div class="v"><b style="color:var(--pgz-gold);font-size:15px">${fmtEur(z.iznos)}</b></div>
|
||||
<div class="k">Datum predaje</div><div class="v">${esc(z.datum||'—')}</div>
|
||||
<div class="k">Status</div><div class="v"><span class="tag am">${esc(z.status||'—')}</span></div>
|
||||
</div>
|
||||
<div style="margin-top:16px;display:flex;gap:8px">
|
||||
<button class="btn primary">✓ Odobri</button>
|
||||
<button class="btn">↩ Vrati podnositelju</button>
|
||||
<button class="btn">✗ Odbij</button>
|
||||
</div>
|
||||
<div style="margin-top:18px;padding:14px;background:var(--bg3);border-radius:6px">
|
||||
<div style="font-weight:700;color:var(--pgz-gold);font-size:11px;text-transform:uppercase;margin-bottom:8px">🔗 Blockchain seal</div>
|
||||
<div style="font-size:11px;color:var(--t2)">Po odobrenju, hash zahtjeva + iznos zapisuje se u Polygon PoS (M11). Wallet: 0xD874...d368</div>
|
||||
</div>`;
|
||||
} else if(kind === 'audit'){
|
||||
const a = MOCK.audit.concat(MOCK.audit_more||[]).find(x => x.what===id) || {ts:'',who:'',what:id};
|
||||
body = `
|
||||
<div class="kv">
|
||||
<div class="k">Vrijeme</div><div class="v">${esc(a.ts)}</div>
|
||||
<div class="k">Korisnik</div><div class="v" style="color:var(--pgz-gold)">${esc(a.who)}</div>
|
||||
<div class="k">Akcija</div><div class="v">${a.what}</div>
|
||||
</div>`;
|
||||
} else if(kind === 'lijecnicki'){
|
||||
body = `<div class="kv">
|
||||
<div class="k">Sportaš</div><div class="v">${esc(id)}</div>
|
||||
<div class="k">ZZJZ PGŽ</div><div class="v"><a href="https://zzjzpgz.hr" target="_blank">zzjzpgz.hr</a></div>
|
||||
</div>
|
||||
<div style="margin-top:14px"><button class="btn primary">📅 Zakaži termin (ZZJZ)</button></div>`;
|
||||
} else if(kind === 'clan'){
|
||||
body = `<h3 style="color:var(--t0);margin-bottom:10px">${esc(id)}</h3>
|
||||
<div class="empty">Detalji člana — production: dohvati iz /api/clanovi/{id}</div>`;
|
||||
} else {
|
||||
body = '<div class="empty">Detalji.</div>';
|
||||
}
|
||||
} catch(e){ body = '<div class="empty">Greška pri dohvaćanju: '+esc(String(e))+'</div>'; }
|
||||
$('#dpanel-body').innerHTML = body;
|
||||
}
|
||||
|
||||
//=========== SIDEBAR ===========
|
||||
function toggleSidebar(){
|
||||
@@ -341,20 +570,25 @@ function buildRoleSwitch(){
|
||||
function setRole(r){
|
||||
if(!ROLES[r]) return;
|
||||
_state.role = r;
|
||||
_state.section = 'dashboard';
|
||||
_state.section = 'profil';
|
||||
try { localStorage.setItem('app-role', r); } catch(e){}
|
||||
$$('.role-switch button').forEach(b => b.classList.toggle('active', b.dataset.role===r));
|
||||
const role = ROLES[r];
|
||||
$('#user-name').textContent = role.user;
|
||||
$('#user-av').textContent = role.av;
|
||||
$('#user-role-label').textContent = role.name;
|
||||
$('#role-sub').textContent = role.sub;
|
||||
// In demo mode, populate header from ROLES table; in real-auth mode, applyMeToHeader() owns it
|
||||
if(_state.demoMode){
|
||||
$('#user-name').innerHTML = esc(role.user) + `<span class="role-badge">${esc(role.name)}</span>`;
|
||||
$('#user-av').innerHTML = '';
|
||||
$('#user-av').textContent = role.av;
|
||||
$('#user-tenant').textContent = role.sub;
|
||||
$('#sf-name').textContent = role.user;
|
||||
$('#sf-role').textContent = role.name;
|
||||
$('#sf-av').innerHTML = '';
|
||||
$('#sf-av').textContent = role.av;
|
||||
}
|
||||
$('#role-sub').textContent = (_state.me?.tenant_name) || role.sub;
|
||||
$('#role-section-label').textContent = role.name.toUpperCase();
|
||||
$('#sf-name').textContent = role.user;
|
||||
$('#sf-role').textContent = role.name;
|
||||
$('#sf-av').textContent = role.av;
|
||||
buildNav();
|
||||
navTo('dashboard');
|
||||
navTo('profil');
|
||||
}
|
||||
|
||||
//=========== NAV ===========
|
||||
@@ -639,7 +873,7 @@ SECTIONS['pgz:racuni'] = () => `
|
||||
<div style="font-size:11px;color:var(--t2)">ili klikni za odabir · cestarina, gorivo, hotel, dnevnice...</div>
|
||||
<button class="btn primary" style="margin-top:12px">📸 Snimi kamerom</button>
|
||||
</div>
|
||||
<div style="font-size:11px;color:var(--t4);margin-top:10px">Backend: Tesseract OCR + DeepSeek V3 ekstrakcija polja → invoices DB</div>
|
||||
<div style="font-size:11px;color:var(--t4);margin-top:10px">Backend: Tesseract OCR + Ri.NET AI Engine ekstrakcija polja → invoices DB</div>
|
||||
</div>
|
||||
<div class="card">
|
||||
<div class="card-h"><div class="card-t">📋 Nedavni računi</div></div>
|
||||
|
||||
+39
-2
@@ -150,13 +150,26 @@ table tr:hover td { background: rgba(26, 115, 232, 0.05); }
|
||||
</div>
|
||||
|
||||
<div class="tabs">
|
||||
<div class="tab active" data-tab="clanarine" onclick="setTab('clanarine')">€ Članarine <span class="count" id="cnt-clanarine">…</span></div>
|
||||
<div class="tab active" data-tab="clanovi" onclick="setTab('clanovi')">👤 Članovi <span class="count" id="cnt-clanovi">…</span></div>
|
||||
<div class="tab" data-tab="clanarine" onclick="setTab('clanarine')">€ Članarine <span class="count" id="cnt-clanarine">…</span></div>
|
||||
<div class="tab" data-tab="lijecnicki" onclick="setTab('lijecnicki')">⚕ Liječnički pregledi <span class="count" id="cnt-lijecnicki">…</span></div>
|
||||
<div class="tab" data-tab="obrasci" onclick="setTab('obrasci')">📝 Obrasci <span class="count" id="cnt-obrasci">…</span></div>
|
||||
<div style="margin-left:auto;display:flex;align-items:center;gap:8px;padding:0 14px">
|
||||
<span style="font-size:11px;color:var(--t3)">ROLA:</span>
|
||||
<select id="g-role" onchange="setRole(this.value)" style="background:var(--bg3);border:1px solid var(--rim);color:var(--t1);padding:4px 8px;border-radius:4px;font-size:12px">
|
||||
<option value="pgz_admin">pgz_admin (full)</option>
|
||||
<option value="klub_admin">klub_admin (sve osim OIB)</option>
|
||||
<option value="savez_admin">savez_admin (samo napomena)</option>
|
||||
<option value="klub_trener">klub_trener (sport polja)</option>
|
||||
<option value="sportas">sportas (kontakt + slika)</option>
|
||||
<option value="viewer">viewer (read-only)</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="container">
|
||||
<div id="page-clanarine" class="page"></div>
|
||||
<div id="page-clanovi" class="page"></div>
|
||||
<div id="page-clanarine" class="page" style="display:none"></div>
|
||||
<div id="page-lijecnicki" class="page" style="display:none"></div>
|
||||
<div id="page-obrasci" class="page" style="display:none"></div>
|
||||
</div>
|
||||
@@ -207,9 +220,33 @@ function closeModal() {
|
||||
$('#modal').innerHTML = '';
|
||||
}
|
||||
|
||||
// Globalna rola (postavlja se preko dropdowna u topbaru)
|
||||
let CURRENT_ROLE = localStorage.getItem('crm-role') || 'pgz_admin';
|
||||
|
||||
function setRole(r) {
|
||||
CURRENT_ROLE = r;
|
||||
localStorage.setItem('crm-role', r);
|
||||
toast('Rola postavljena: ' + r);
|
||||
// ako je otvoren panel, refreshaj edit dozvole
|
||||
if (window._OPEN_PANEL_CID) loadClanPanel(window._OPEN_PANEL_CID);
|
||||
}
|
||||
|
||||
// Wrapper za API koji dodaje X-Role
|
||||
async function apiR(path, opts={}) {
|
||||
const o = Object.assign({headers: {'Content-Type':'application/json', 'X-Role': CURRENT_ROLE}}, opts);
|
||||
if (o.body && typeof o.body !== 'string') o.body = JSON.stringify(o.body);
|
||||
const r = await fetch(API + path, o);
|
||||
if (!r.ok) {
|
||||
const msg = await r.text().catch(()=>r.statusText);
|
||||
throw new Error(`HTTP ${r.status}: ${msg.substring(0,200)}`);
|
||||
}
|
||||
return r.json();
|
||||
}
|
||||
|
||||
function setTab(name) {
|
||||
$$('.tab').forEach(t => t.classList.toggle('active', t.dataset.tab === name));
|
||||
$$('.page').forEach(p => p.style.display = (p.id === 'page-' + name) ? 'block' : 'none');
|
||||
if (name === 'clanovi') loadClanovi();
|
||||
if (name === 'clanarine') loadClanarine();
|
||||
if (name === 'lijecnicki') loadLijecnicki();
|
||||
if (name === 'obrasci') loadObrasci();
|
||||
|
||||
+3
-3
@@ -68,7 +68,7 @@ label.lbl { font-size:11px; color:var(--text-3); display:block; margin-bottom:4p
|
||||
<main class="main">
|
||||
<div class="header">
|
||||
<h2 id="pageTitle">Skeniraj račun (OCR)</h2>
|
||||
<span class="meta" id="metaInfo">Tesseract + DeepSeek V3 · /api/erp</span>
|
||||
<span class="meta" id="metaInfo">Tesseract + Ri.NET AI Engine · /api/erp</span>
|
||||
</div>
|
||||
|
||||
<!-- OCR -->
|
||||
@@ -78,7 +78,7 @@ label.lbl { font-size:11px; color:var(--text-3); display:block; margin-bottom:4p
|
||||
<div id="ocrDrop" style="border:2px dashed var(--border);border-radius:8px;padding:34px;text-align:center;cursor:pointer;background:var(--bg-3)">
|
||||
<div style="font-size:36px;color:var(--accent);margin-bottom:6px">⤓</div>
|
||||
<div style="font-size:14px;font-weight:600">Povuci datoteku ovdje ili klikni za odabir</div>
|
||||
<div style="font-size:11px;color:var(--text-3);margin-top:6px">Tesseract OCR (hrv+eng) + DeepSeek V3 LLM ekstrakcija polja</div>
|
||||
<div style="font-size:11px;color:var(--text-3);margin-top:6px">Tesseract OCR (hrv+eng) + Ri.NET AI Engine LLM ekstrakcija polja</div>
|
||||
<input id="ocrFile" type="file" accept=".pdf,.jpg,.jpeg,.png,.tif,.tiff,.webp" style="display:none">
|
||||
</div>
|
||||
<div id="ocrStatus" style="margin-top:10px;font-size:12px;color:var(--text-2);min-height:18px"></div>
|
||||
@@ -219,7 +219,7 @@ async function ocrHandle(file) {
|
||||
if (!r.ok) { ocrSet('❌ Upload pao: '+r.status,'var(--red)'); return; }
|
||||
const j = await r.json();
|
||||
ocrUploadId = j.upload_id;
|
||||
ocrSet(`✓ Uploaded #${ocrUploadId} (${j.size} B). Pokrećem OCR + DeepSeek V3 ekstrakciju…`,'var(--accent)');
|
||||
ocrSet(`✓ Uploaded #${ocrUploadId} (${j.size} B). Pokrećem OCR + Ri.NET AI Engine ekstrakciju…`,'var(--accent)');
|
||||
|
||||
const fd2 = new FormData();
|
||||
fd2.append('upload_id', ocrUploadId);
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 176 B |
Reference in New Issue
Block a user