pgz-sport

Author	SHA1	Message	Date
Damir Radulić	cb3faee731	CC3 R3 M4+: avatar upload, PUT /api/auth/me, /uploads mount Backend (auth/auth_v2.py + pgz_sport_api.py): - POST /api/auth/me/avatar (multipart, jpeg/png/webp ≤5 MB) -> /uploads/avatars/{userid}_{ts}.ext - DELETE /api/auth/me/avatar (uklanja datoteku + briše users.avatar_url) - PUT /api/auth/me (UpdateMeReq: ime/prezime/full_name/telefon/phone/preferred_language/oib) - GET /api/auth/me proširen s avatar_url, two_factor_enabled, gdpr_consent_at, google_picture - StaticFiles mount /uploads -> /opt/pgz-sport/uploads - DB: ALTER TABLE pgz_sport.users ADD COLUMN avatar_url TEXT - Audit: profile.update, profile.avatar_upload, profile.avatar_delete Backups: _backups/auth_v2.py.cc3_pre_avatar., pgz_sport_api.py.cc3_pre_avatar. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-05 00:44:14 +02:00
CC6 Worker	c8be132e0f	M11.2: /api/audit/seal endpoints + Audit log UI page - routers/audit_seal_router.py exposes: POST /api/audit/seal (record + seal an audit event) GET /api/audit/seal/list (recent seals for UI) GET /api/audit/seal/{id} (single seal + onchain receipt cross-check) - pgz_sport_api.py mounts the router under /api. - sport2.html: new 'Audit log' nav item (🔒) and full page that surfaces wallet, chain, live/pending mode, count, and a table of every sealed event with polygonscan.com tx links. - Verified end-to-end: sealing 'sufinanciranje.approved' for klub 3 lands in pgz_sport.polygon_seals (pending mode — no POLYGON_PRIVKEY in env). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-05 00:21:32 +02:00
Damir Radulić	8fe2478b84	CC2 R3 frontend: login.html + admin_users.html (M1+M2+M10 UI) - static/login.html: dark Palantir-style login with PGŽ branding, Prijava se / Zaboravljena lozinka, demo account quick-fills, GDPR cookie banner, autostore tokens (local/session) - static/admin_users.html: full user-management admin panel: - Collapsible left sidebar (Pregled, Korisnici, Tenanti, Audit log, Sigurnost, GDPR, links to ERP/CRM) - Users table with filters (q, tenant, role, status, limit) - + Dodaj korisnika modal (CRUD via /api/admin/users/*) - Suspend / unsuspend / reset-password / delete actions - Audit log viewer + Security KPIs + GDPR queue - Self-service: change pwd, export data (Art. 20), erasure request (Art. 17) - pgz_sport_api.py: /login and /admin/users URL routes - auth/seed_demo.py: added tajnik@atletski.pgz.hr/Atl2026!, admin@ak-kvarner.hr/Kvarner2026! demo users 5/5 live tests pass: login JWT, /me, /admin/users, /gdpr/consent, /gdpr/export Note: existing admin.html (CC4 ERP/OCR work) preserved intact; admin_users.html is dedicated user-mgmt page linked from sidebar.	2026-05-05 00:20:03 +02:00
Damir Radulić	492c8fdd87	M1+M2+M10 (CC2 R3): JWT auth + admin users + GDPR backend - auth/auth_v2.py: JWT login/refresh/logout/me + bcrypt + tenant_id/role/tier claims - auth/admin_users.py: /api/admin/users CRUD + invite/role/suspend + bulk CSV - auth/gdpr.py: cookie consent + Art.20 export + Art.17 erasure + admin queue - auth/seed_demo.py: 3 demo tenants + 4 users (damir@pgz.hr / PGZ2026!) - Removed legacy /api/auth/login + /api/auth/me from pgz_sport_api.py - Wired auth/admin/gdpr routers into FastAPI 5/5 live curl tests pass: damir@pgz.hr login → JWT with tenant_id=1, role=pgz_admin, tier=0	2026-05-05 00:09:09 +02:00
Damir Radulić	1bd34ed678	M7 CRM Članarine: CRUD + dug + uplata + HUB-3 PDF + EPC QR - /api/crm/clanarine[CRUD] s filterima (godina/klub/clan/status), summary - /api/crm/clanarine/dug — dužnici (z opcionim days_overdue) - /api/crm/clanarine/{id}/uplata — registracija parcijalne/cijele uplate - /api/crm/clanarine/notify-bulk — mock e-mail kampanja (lista primatelja) - /api/crm/clanarine/{id}/uplatnica.pdf — HUB-3 A4 PDF s ugrađenim EPC QR - /api/crm/clanarine/{id}/qr.png — samo EPC BCD/002 SCT QR PNG - /api/crm/clanarine/{id}/payment-info — JSON za UI gumbe + bank deep linkovi crm/payments.py — HUB-3 PDF generator (ReportLab) + EPC QR (qrcode lib), poziv-na-broj model HR00 = OIB-godina-id, format_eur HR notation.	2026-05-04 23:54:26 +02:00
CC4-PGZ-Sport	834b7bf89f	M5.1 OCR upload + parse + invoices CRUD (ERP) - erp/ocr.py: FastAPI router under /api/erp/* - POST /ocr/upload: file → pgz_sport.invoice_uploads (sha256, mime, klub_id, tenant_id) - POST /ocr/parse: Tesseract+pdftotext OCR + DeepSeek V3 LLM extraction - GET/POST/PUT /invoices, /invoices/{id}/pay, uploads list - Wired into pgz_sport_api.py - HR invoice regex (OIB, IBAN, datum DD.MM.YYYY i ISO, ukupno/PDV) - DeepSeek V3 returns JSON object {izdavatelj_, kupac_, iznos_neto/pdv/brutto, stavke[], vrsta_troska...} Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 23:53:22 +02:00
claude-cc1	b7cb050843	CC1 R2 — full Round 2 done (8/8 stavki) - geocode_objekti_v2.py + DB updates (Kastav, Rujevica, Platak, Petehovac, Crikvenica, Krk hand-curated) - Maps URL → /maps/search/?api=1 format for proper pin - Dashboard: year selector for nositelji, click → klub/PDF panel; top savezi clickable - Universal sort (asc/desc) on Savezi/Klubovi/Sportaši/Objekti/Manifestacije/Financije - Card↔Table toggle on Financije - Manifestacije: source_url direct open, Google fallback - Forenzika: severity/tip filter, search, run-scan, Liverić PEP custom findings + DB alerts - Enrich endpoint /api/v2/enrich/{kind}/{id} + button on savez/klub/sportaš panels - New 'Mreža' section: D3 force graph from /api/v1/presenter/graph-real Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 23:50:30 +02:00
Damir Radulić	a7ec0a86be	PGŽ Sport Platform — Round 1+2 baseline (sport2.html + API)	2026-05-04 23:39:08 +02:00

8 Commits