BREAKING CHANGE: Permission system now actively enforced across all routes
## Summary
Complete implementation of advanced role-based access control (RBAC) system
with full route protection, UI conditionals, and enhanced management interface.
## Route Protection
- Updated all admin routes to use @admin_or_permission_required decorator
- Replaced inline admin checks with granular permission checks in:
* Admin routes: user management, settings, backups, telemetry, OIDC
* Project routes: create, edit, delete, archive, bulk operations
* Client routes: create, edit, delete, archive, bulk operations
- Maintained backward compatibility with existing @admin_required decorator
## UI Permission Integration
- Added template helpers (has_permission, has_any_permission) to all templates
- Navigation conditionally shows admin/OIDC links based on permissions
- Action buttons (Edit, Delete, Archive) conditional on user permissions
- Project and client pages respect permission requirements
- Create buttons visible only with appropriate permissions
## Enhanced Roles & Permissions UI
- Added statistics dashboard showing:
* Total roles, system roles, custom roles, assigned users
- Implemented expandable permission details in roles list
* Click to view all permissions grouped by category
* Visual checkmarks for assigned permissions
- Enhanced user list with role visibility:
* Shows all assigned roles as color-coded badges
* Blue badges for system roles, gray for custom roles
* Yellow badges for legacy roles with migration prompt
* Merged legacy role column into unified "Roles & Permissions"
- User count per role now clickable and accurate
## Security Improvements
- Added CSRF tokens to all new permission system forms:
* Role creation/edit form
* Role deletion form
* User role assignment form
- All POST requests now protected against CSRF attacks
## Technical Details
- Fixed SQLAlchemy relationship query issues (AppenderQuery)
- Proper use of .count() for relationship aggregation
- Jinja2 namespace for accumulating counts in templates
- Responsive grid layouts for statistics and permission cards
## Documentation
- Created comprehensive implementation guides
- Added permission enforcement documentation
- Documented UI enhancements and features
- Included CSRF protection review
## Impact
- Permissions are now actively enforced, not just defined
- Admins can easily see who has what access
- Clear visual indicators of permission assignments
- Secure forms with CSRF protection
- Production-ready permission system
Implement a complete expense tracking feature that allows users to record,
manage, approve, and track business expenses with full integration into
existing project management and invoicing systems.
Features:
- Create and manage expenses with detailed information (amount, category,
vendor, receipts, tax tracking)
- Multi-currency support (EUR, USD, GBP, CHF)
- Approval workflow with admin oversight (pending → approved → rejected)
- Reimbursement tracking and status management
- Billable expense flagging for client invoicing
- Receipt file upload and attachment
- Project and client association with auto-client selection
- Tag-based organization and advanced filtering
- CSV export functionality
- Analytics dashboard with category breakdowns
- API endpoints for programmatic access
Database Changes:
- Add expenses table with comprehensive schema
- Create Alembic migration (029_add_expenses_table.py)
- Add composite indexes for query performance
- Implement proper foreign key constraints and cascading
Routes & Templates:
- Add expenses blueprint with 14 endpoints (CRUD, approval, export, API)
- Create 4 responsive templates (list, form, view, dashboard)
- Implement advanced filtering (status, category, project, client, date range)
- Add permission-based access control (user vs admin)
- Integrate receipt file upload handling
User Experience:
- Add "Expenses" to Insights navigation menu
- Auto-populate client when project is selected
- Provide visual feedback for auto-selections
- Display summary statistics and analytics
- Implement pagination and search functionality
Testing & Documentation:
- Add 40+ comprehensive tests covering models, methods, and workflows
- Create complete user documentation (docs/EXPENSE_TRACKING.md)
- Add API documentation and examples
- Include troubleshooting guide and best practices
Integration:
- Link expenses to projects for cost tracking
- Associate with clients for billing purposes
- Connect billable expenses to invoicing system
- Add PostHog event tracking for analytics
- Implement structured logging for audit trail
Security:
- Role-based access control (users see only their expenses)
- Admin-only approval and reimbursement actions
- CSRF protection and file upload validation
- Proper permission checks on all operations
This implementation follows existing codebase patterns and includes full
test coverage, documentation, and database migrations per project standards.
Implemented a comprehensive Weekly Time Goals system that allows users to set
and track weekly hour targets with real-time progress monitoring.
Features:
- WeeklyTimeGoal model with status tracking (active, completed, failed, cancelled)
- Full CRUD interface for managing weekly goals
- Real-time progress calculation based on logged time entries
- Dashboard widget showing current week's goal progress
- Daily breakdown view with detailed statistics
- Automatic status updates based on goal completion and week end
- API endpoints for goal data and progress tracking
Technical changes:
- Added app/models/weekly_time_goal.py with local timezone support
- Created migration 027_add_weekly_time_goals.py for database schema
- Added app/routes/weekly_goals.py blueprint with all CRUD routes
- Created templates: index.html, create.html, edit.html, view.html
- Integrated weekly goal widget into main dashboard
- Added "Weekly Goals" navigation item to sidebar
- Implemented comprehensive test suite in tests/test_weekly_goals.py
- Added feature documentation in docs/WEEKLY_TIME_GOALS.md
Bug fixes:
- Fixed timezone handling to use TZ environment variable instead of Config.TIMEZONE
- Corrected log_event() calls to use proper signature (event name as first positional argument)
- Manually created database table via SQL when Alembic migration didn't execute
Database schema:
- weekly_time_goals table with user_id, target_hours, week_start_date, week_end_date, status, notes
- Indexes on user_id, week_start_date, status, and composite (user_id, week_start_date)
- Foreign key constraint to users table with CASCADE delete
The feature supports flexible week start days per user, calculates remaining hours,
provides daily average targets, and automatically updates goal status based on progress.
Implement comprehensive time rounding preferences that allow each user to
configure how their time entries are rounded when stopping timers.
Features:
- Per-user rounding settings (independent from global config)
- Multiple rounding intervals: 1, 5, 10, 15, 30, 60 minutes
- Three rounding methods: nearest, up (ceiling), down (floor)
- Enable/disable toggle for flexible time tracking
- Real-time preview showing rounding examples
- Backward compatible with existing global rounding settings
Database Changes:
- Add migration 027 with three new user columns:
* time_rounding_enabled (Boolean, default: true)
* time_rounding_minutes (Integer, default: 1)
* time_rounding_method (String, default: 'nearest')
Implementation:
- Update User model with rounding preference fields
- Modify TimeEntry.calculate_duration() to use per-user rounding
- Create app/utils/time_rounding.py with core rounding logic
- Update user settings route and template with rounding UI
- Add comprehensive unit, model, and smoke tests (50+ test cases)
UI/UX:
- Add "Time Rounding Preferences" section to user settings page
- Interactive controls with live example visualization
- Descriptive help text and method explanations
- Fix navigation: Settings link now correctly points to user.settings
- Fix CSRF token in settings form
Documentation:
- Add comprehensive user guide (docs/TIME_ROUNDING_PREFERENCES.md)
- Include API documentation and usage examples
- Provide troubleshooting guide and best practices
- Add deployment instructions for migration
Testing:
- Unit tests for rounding logic (tests/test_time_rounding.py)
- Model integration tests (tests/test_time_rounding_models.py)
- End-to-end smoke tests (tests/test_time_rounding_smoke.py)
Fixes:
- Correct settings navigation link in user dropdown menu
- Fix CSRF token format in user settings template
This feature enables flexible billing practices, supports different client
requirements, and maintains exact time tracking when needed.
Add enhanced project archiving functionality for better organization of
completed projects with metadata tracking and validation.
Key Features:
- Archive metadata tracking (timestamp, user, reason)
- Archive form with quick-select reason templates
- Bulk archiving with optional shared reason
- Archive information display on project details
- Prevent time tracking on archived projects
- Activity logging for archive/unarchive actions
Database Changes:
- Add migration 026_add_project_archiving_metadata.py
- New fields: archived_at, archived_by (FK), archived_reason
- Index on archived_at for faster filtering
- Cascade on user deletion (SET NULL)
Model Enhancements (app/models/project.py):
- Enhanced archive() method with user_id and reason parameters
- Enhanced unarchive() method to clear all metadata
- New properties: is_archived, archived_by_user
- Updated to_dict() to include archive metadata
Route Updates (app/routes/projects.py):
- Convert archive route to GET/POST (form-based)
- Add archive reason handling
- Enhanced bulk operations with reason support
- Activity logging for all archive operations
UI Improvements:
- New archive form template (app/templates/projects/archive.html)
- Quick-select buttons for common archive reasons
- Archive metadata display on project view page
- Bulk archive modal with reason input
- Updated project list filtering
Validation (app/routes/timer.py):
- Prevent timer start on archived projects
- Block manual entry creation on archived projects
- Block bulk entry creation on archived projects
- Clear error messages for users
Testing:
- 90+ comprehensive test cases
- Unit tests (tests/test_project_archiving.py)
- Model tests (tests/test_project_archiving_models.py)
- Smoke tests for complete workflows
- Edge case coverage
Documentation:
- User guide (docs/PROJECT_ARCHIVING_GUIDE.md)
- Implementation summary (PROJECT_ARCHIVING_IMPLEMENTATION_SUMMARY.md)
- API reference and examples
- Best practices and troubleshooting
Migration Notes:
- Backward compatible with existing archived projects
- Existing archives will have NULL metadata (can be added later)
- No data migration required
- Run: migrations/manage_migrations.py upgrade head
Breaking Changes: None
- All changes are additive and backward compatible
Related: Feat-Project-Archiving branch
Implement comprehensive client notes system allowing users to add
internal notes about clients that are never visible to clients
themselves. Notes support importance flagging, full CRUD operations,
and proper access controls.
Key Changes:
- Add ClientNote model with user/client relationships
- Create Alembic migration (025) for client_notes table
- Implement full REST API with 9 endpoints
- Add client_notes blueprint with CRUD routes
- Create UI templates (edit page + notes section on client view)
- Add importance toggle with AJAX functionality
- Implement permission system (users edit own, admins edit all)
Features:
- Internal-only notes with rich text support
- Mark notes as important for quick identification
- Author tracking with timestamps
- Cascade delete when client is removed
- Mobile-responsive design
- i18n support for all user-facing text
Testing:
- 24 comprehensive model tests
- 23 route/integration tests
- Full coverage of CRUD operations and permissions
Documentation:
- Complete feature guide in docs/CLIENT_NOTES_FEATURE.md
- API documentation with examples
- Troubleshooting section
- Updated main docs index
Database:
- Migration revision 025 (depends on 024)
- Fixed PostgreSQL boolean default value issue
- 4 indexes for query performance
- CASCADE delete constraint on client_id
This feature addresses the need for teams to track important
information about clients internally without exposing sensitive
notes to client-facing interfaces or documents.
Features:
Add favorite projects feature allowing users to star/bookmark frequently used projects
New UserFavoriteProject association model with user-project relationships
Star icons in project list for one-click favorite toggling via AJAX
Filter to display only favorite projects
Per-user favorites with proper isolation and cascade delete behavior
Activity logging for favorite/unfavorite actions
Database:
Add user_favorite_projects table with migration (023_add_user_favorite_projects.py)
Foreign keys to users and projects with CASCADE delete
Unique constraint preventing duplicate favorites
Indexes on user_id and project_id for query optimization
Models:
User model: Add favorite_projects relationship with helper methods
add_favorite_project() - add project to favorites
remove_favorite_project() - remove from favorites
is_project_favorite() - check favorite status
get_favorite_projects() - retrieve favorites with status filter
Project model: Add is_favorited_by() method and include favorite status in to_dict()
Export UserFavoriteProject model in app/models/__init__.py
Routes:
Add /projects/<id>/favorite POST endpoint to favorite a project
Add /projects/<id>/unfavorite POST endpoint to unfavorite a project
Update /projects GET route to support favorites=true query parameter
Fix status filtering to work correctly with favorites JOIN query
Add /reports/export/form GET endpoint for enhanced CSV export form
Templates:
Update projects/list.html:
Add favorites filter dropdown to filter form (5-column grid)
Add star icon column with Font Awesome icons (filled/unfilled)
Add JavaScript toggleFavorite() function for AJAX favorite toggling
Improve hover states and transitions for better UX
Pass favorite_project_ids and favorites_only to template
Update reports/index.html:
Update CSV export link to point to new export form
Add icon and improve hover styling
Reports:
Enhance CSV export functionality with dedicated form page
Add filter options for users, projects, clients, and date ranges
Set default date range to last 30 days
Import Client model and or_ operator for advanced filtering
Testing:
Comprehensive test suite in tests/test_favorite_projects.py (550+ lines)
Model tests for UserFavoriteProject creation and validation
User/Project method tests for favorite operations
Route tests for favorite/unfavorite endpoints
Filtering tests for favorites-only view
Relationship tests for cascade delete behavior
Smoke tests for complete workflows
Coverage for edge cases and error handling
Documentation:
Add comprehensive feature documentation in docs/FAVORITE_PROJECTS_FEATURE.md
User guide with step-by-step instructions
Technical implementation details
API documentation for new endpoints
Migration guide and troubleshooting
Performance and security considerations
Template Cleanup:
Remove duplicate templates from root templates/ directory
Admin templates (dashboard, users, settings, OIDC debug, etc.)
Client CRUD templates
Error page templates
Invoice templates
Project templates
Report templates
Timer templates
All templates now properly located in app/templates/
Breaking Changes:
None - fully backward compatible
Migration Required:
Run alembic upgrade head to create user_favorite_projects table
Major improvements:
- Add bulk operations functionality across clients, projects, and tasks
- Implement deletion and status management enhancements
- Add project code field with database migration (022)
- Improve inactive status handling for projects
Backend changes:
- Update project model with new code field and status logic
- Enhance routes for clients, projects, and tasks with bulk actions
- Add migration for project_code field (022_add_project_code_field.py)
Frontend updates:
- Refactor bulk actions widget component
- Update clients list and detail views with bulk operations
- Enhance project list, view, and kanban templates
- Improve task list, edit, view, and kanban displays
- Update base template with UI improvements
- Refine saved filters and time entry templates lists
Testing:
- Add test_project_inactive_status.py for status handling
- Update test_tasks_templates.py with new functionality
Documentation:
- Add BULK_OPERATIONS_IMPROVEMENTS.md
- Add DELETION_AND_STATUS_IMPROVEMENTS.md
- Add docs/QUICK_WINS_IMPLEMENTATION.md
- Update ALL_BUGFIXES_SUMMARY.md and IMPLEMENTATION_COMPLETE.md
This commit introduces several high-impact features to improve user experience
and productivity:
New Features:
- Activity Logging: Comprehensive audit trail tracking user actions across the
system with Activity model, including IP address and user agent tracking
- Time Entry Templates: Reusable templates for frequently logged activities with
usage tracking and quick-start functionality
- Saved Filters: Save and reuse common search/filter combinations across
different views (projects, tasks, reports)
- User Preferences: Enhanced user settings including email notifications,
timezone, date/time formats, week start day, and theme preferences
- Excel Export: Generate formatted Excel exports for time entries and reports
with styling and proper formatting
- Email Notifications: Complete email system for task assignments, overdue
invoices, comments, and weekly summaries with HTML templates
- Scheduled Tasks: Background task scheduler for periodic operations
Models Added:
- Activity: Tracks all user actions with detailed context and metadata
- TimeEntryTemplate: Stores reusable time entry configurations
- SavedFilter: Manages user-saved filter configurations
Routes Added:
- user.py: User profile and settings management
- saved_filters.py: CRUD operations for saved filters
- time_entry_templates.py: Template management endpoints
UI Enhancements:
- Bulk actions widget component
- Keyboard shortcuts help modal with advanced shortcuts
- Save filter widget component
- Email notification templates
- User profile and settings pages
- Saved filters management interface
- Time entry templates interface
Database Changes:
- Migration 022: Creates activities and time_entry_templates tables
- Adds user preference columns (notifications, timezone, date/time formats)
- Proper indexes for query optimization
Backend Updates:
- Enhanced keyboard shortcuts system (commands.js, keyboard-shortcuts-advanced.js)
- Updated projects, reports, and tasks routes with activity logging
- Safe database commit utilities integration
- Event tracking for analytics
Dependencies:
- Added openpyxl for Excel generation
- Added Flask-Mail dependencies
- Updated requirements.txt
All new features include proper error handling, activity logging integration,
and maintain existing functionality while adding new capabilities.
Store user avatars in persistent /data volume instead of application
directory to ensure profile pictures survive container rebuilds and
version updates.
Changes:
- Update avatar upload folder from app/static/uploads/avatars to
/data/uploads/avatars using existing app_data volume mount
- Modify get_avatar_upload_folder() in auth routes to use persistent
location with UPLOAD_FOLDER config
- Update User.get_avatar_path() to reference new storage location
- Add migration script to safely move existing avatars to new location
- Preserve backward compatibility - no database changes required
Benefits:
- Profile pictures now persist between Docker image updates
- Consistent with company logo storage pattern (/data/uploads)
- Better user experience - avatars not lost during upgrades
- Production-ready data/code separation
- All persistent uploads consolidated in app_data volume
Migration:
For existing installations with user avatars, run:
docker-compose run --rm app python /app/docker/migrate-avatar-storage.py
New installations work automatically with no action required.
Documentation:
- docs/AVATAR_STORAGE_MIGRATION.md - Full migration guide
- docs/AVATAR_PERSISTENCE_SUMMARY.md - Quick reference
- docs/TEST_AVATAR_PERSISTENCE.md - Testing guide
- AVATAR_PERSISTENCE_CHANGELOG.md - Detailed changelog
Files modified:
- app/routes/auth.py
- app/models/user.py
Files added:
- docker/migrate-avatar-storage.py
- docs/AVATAR_STORAGE_MIGRATION.md
- docs/AVATAR_PERSISTENCE_SUMMARY.md
- docs/TEST_AVATAR_PERSISTENCE.md
- AVATAR_PERSISTENCE_CHANGELOG.md
Tested: ✓ No linter errors, backward compatible, volume mount verified
This commit introduces a comprehensive Kanban board customization system and
improves CSRF token configuration for Docker deployments.
## Major Features
### 1. Customizable Kanban Board Columns
Add complete kanban column customization system allowing users to define
custom workflow states beyond the default columns.
**New Components:**
- Add KanbanColumn model with full CRUD operations (app/models/kanban_column.py)
- Add kanban routes blueprint with admin endpoints (app/routes/kanban.py)
- Add kanban column management templates (app/templates/kanban/)
- Add migration 019 for kanban_columns table (migrations/)
**Features:**
- Create unlimited custom columns with unique keys, labels, icons, and colors
- Drag-and-drop column reordering with position persistence
- Toggle column visibility without deletion
- Protected system columns (todo, in_progress, done) prevent accidental deletion
- Complete state marking for columns that should mark tasks as done
- Real-time updates via SocketIO broadcasts when columns change
- Font Awesome icon support (5000+ icons)
- Bootstrap color scheme integration
- Comprehensive validation and error handling
**Integration:**
- Update Task model to work with dynamic column statuses (app/models/task.py)
- Update task routes to use kanban column API (app/routes/tasks.py)
- Update project routes to fetch active columns (app/routes/projects.py)
- Add kanban column management links to base template (app/templates/base.html)
- Update kanban board templates to render dynamic columns (app/templates/tasks/)
- Add cache prevention headers to force fresh column data
**API Endpoints:**
- GET /api/kanban/columns - Fetch all active columns
- POST /api/kanban/columns/reorder - Reorder columns
- GET /kanban/columns - Column management interface (admin only)
- POST /kanban/columns/create - Create new column (admin only)
- POST /kanban/columns/<id>/edit - Edit column (admin only)
- POST /kanban/columns/<id>/delete - Delete column (admin only)
- POST /kanban/columns/<id>/toggle - Toggle column visibility (admin only)
### 2. Enhanced CSRF Configuration
Improve CSRF token configuration and documentation for Docker deployments.
**Configuration Updates:**
- Add WTF_CSRF_ENABLED environment variable to all docker-compose files
- Add WTF_CSRF_TIME_LIMIT environment variable with 1-hour default
- Update app/config.py to read CSRF settings from environment
- Add SECRET_KEY validation in app/__init__.py to prevent production deployment
with default keys
**Docker Compose Updates:**
- docker-compose.yml: CSRF enabled by default for security testing
- docker-compose.remote.yml: CSRF always enabled in production
- docker-compose.remote-dev.yml: CSRF enabled with production-like settings
- docker-compose.local-test.yml: CSRF can be disabled for local testing
- Add helpful comments explaining each CSRF-related environment variable
- Update env.example with CSRF configuration examples
**Verification Scripts:**
- Add scripts/verify_csrf_config.sh for Unix systems
- Add scripts/verify_csrf_config.bat for Windows systems
- Scripts check SECRET_KEY, CSRF_ENABLED, and CSRF_TIME_LIMIT settings
### 3. Database Initialization Improvements
- Update app/__init__.py to run pending migrations on startup
- Add automatic kanban column initialization after migrations
- Improve error handling and logging during database setup
### 4. Configuration Management
- Update app/config.py with new CSRF and kanban-related settings
- Add environment variable parsing with sensible defaults
- Improve configuration validation and error messages
## Documentation
### New Documentation Files
- CUSTOM_KANBAN_README.md: Quick start guide for kanban customization
- KANBAN_CUSTOMIZATION.md: Detailed technical documentation
- IMPLEMENTATION_SUMMARY.md: Implementation details and architecture
- KANBAN_AUTO_REFRESH_COMPLETE.md: Real-time update system documentation
- KANBAN_REFRESH_FINAL_FIX.md: Cache and refresh troubleshooting
- KANBAN_REFRESH_SOLUTION.md: Technical solution for data freshness
- docs/CSRF_CONFIGURATION.md: Comprehensive CSRF setup guide
- CSRF_DOCKER_CONFIGURATION_SUMMARY.md: Docker-specific CSRF setup
- CSRF_TROUBLESHOOTING.md: Common CSRF issues and solutions
- APPLY_KANBAN_MIGRATION.md: Migration application guide
- APPLY_FIXES_NOW.md: Quick fix reference
- DEBUG_KANBAN_COLUMNS.md: Debugging guide
- DIAGNOSIS_STEPS.md: System diagnosis procedures
- BROWSER_CACHE_FIX.md: Browser cache troubleshooting
- FORCE_NO_CACHE_FIX.md: Cache prevention solutions
- SESSION_CLOSE_ERROR_FIX.md: Session handling fixes
- QUICK_FIX.md: Quick reference for common fixes
### Updated Documentation
- README.md: Add kanban customization feature description
- Update project documentation with new features
## Testing
### New Test Files
- test_kanban_refresh.py: Test kanban column refresh functionality
## Technical Details
**Database Changes:**
- New table: kanban_columns with 11 columns
- Indexes on: key, position
- Default data: 4 system columns (todo, in_progress, review, done)
- Support for both SQLite (development) and PostgreSQL (production)
**Real-Time Updates:**
- SocketIO events: 'kanban_columns_updated' with action type
- Automatic page refresh when columns are created/updated/deleted/reordered
- Prevents stale data by expiring SQLAlchemy caches after changes
**Security:**
- Admin-only access to column management
- CSRF protection on all column mutation endpoints
- API endpoints exempt from CSRF (use JSON and other auth mechanisms)
- System column protection prevents data integrity issues
- Validation prevents deletion of columns with active tasks
**Performance:**
- Efficient querying with position-based ordering
- Cached column data with cache invalidation on changes
- No-cache headers on API responses to prevent stale data
- Optimized database indexes for fast lookups
## Breaking Changes
None. This is a fully backward-compatible addition.
Existing workflows continue to work with the default columns.
Custom columns are opt-in via the admin interface.
## Migration Notes
1. Run migration 019 to create kanban_columns table
2. Default columns are initialized automatically on first run
3. No data migration needed for existing tasks
4. Existing task statuses map to new column keys
## Environment Variables
New environment variables (all optional with defaults):
- WTF_CSRF_ENABLED: Enable/disable CSRF protection (default: true)
- WTF_CSRF_TIME_LIMIT: CSRF token expiration in seconds (default: 3600)
- SECRET_KEY: Required in production, must be cryptographically secure
See env.example for complete configuration reference.
## Deployment Notes
BREAKING CHANGE: Removed legacy license server in favor of Stripe billing
Major changes:
- Remove license server system (563 lines removed from license_server.py)
- Add multi-tenant support with organizations and memberships
- Integrate Stripe billing and subscription management
- Enhance authentication with 2FA, password reset, and JWT tokens
- Add provisioning and onboarding flows for new customers
- Implement row-level security (RLS) for data isolation
- Add GDPR compliance features and data retention policies
- Enhance admin dashboard with billing reconciliation and customer management
- Add security scanning tools (Bandit, Gitleaks, GitHub Actions workflow)
- Implement rate limiting and enhanced password policies
- Update all routes to support organization context
- Enhance user model with billing and security fields
- Add promo code system for marketing campaigns
- Update Docker initialization for better database setup
Modified files:
- Core: app.py, app/__init__.py, app/config.py
- Models: Enhanced user model (+175 lines), updated all models for multi-tenancy
- Routes: Enhanced admin routes (+479 lines), updated all routes for org context
- Templates: Updated login, admin dashboard, and settings
- Docker: Enhanced database initialization scripts
- Dependencies: Added stripe, pyotp, pyjwt, and security packages
Deleted files:
- app/utils/license_server.py
- docs/LICENSE_SERVER_*.md (3 files)
- templates/admin/license_status.html
- test_license_server.py
New features:
- Organizations and membership management
- Stripe billing integration with webhook handling
- Enhanced authentication (2FA, password reset, refresh tokens)
- GDPR compliance and data export/deletion
- Onboarding checklist for new customers
- Promo code system
- Security enhancements (rate limiting, password policies)
- Admin tools for customer and billing management
Net change: 46 files changed, 1490 insertions(+), 1968 deletions(-)
Add Pomodoro focus mode with session summaries
Model: FocusSession; API: /api/focus-sessions/; UI: Focus modal on timer page
Add estimates vs actuals with burndown and budget alerts
Project fields: estimated_hours, budget_amount, budget_threshold_percent
API: /api/projects/<id>/burndown; Charts in project view and project report
Implement recurring time blocks/templates
Model: RecurringBlock; API CRUD: /api/recurring-blocks; CLI: flask generate_recurring
Add tagging and saved filters across views
Model: SavedFilter; /api/entries supports tag and saved_filter_id
Support billable rate overrides per project/member
Model: RateOverride; invoicing uses effective rate resolution
Also:
Migration: 016_add_focus_recurring_rates_filters_and_project_budget.py
Integrations and UI updates in projects view, timer page, and reports
Docs updated (startup, invoice, task mgmt) and README feature list
Added basic tests for new features
Add Task.total_billable_hours aggregating billable TimeEntry.duration_seconds (rounded to 2 decimals)
Expose total_billable_hours via Task.to_dict
Update tasks/view.html to display “Billable Hours” when > 0
No schema change; uses existing billable flag and durations
Features:
- Add comprehensive payment tracking to invoices
- Support multiple payment statuses: unpaid, partially_paid, fully_paid, overpaid
- Track payment details: date, method, reference, notes, amount
- Visual payment progress indicators and status badges
- Record payment functionality with user-friendly interface
Database:
- Add payment tracking fields to invoices table
- Smart migration handling for existing data
- Auto-populate payment status based on current invoice status
- Create performance indexes for payment queries
UI/UX:
- Enhanced invoice list with payment status column
- Payment progress bars for partial payments
- Detailed payment information display on invoice view
- New payment recording form with validation
- Color-coded payment status indicators
Backend:
- New payment recording route and form handling
- Enhanced invoice model with payment properties and methods
- Improved summary statistics using actual payment data
- Automatic payment status calculations
Testing:
- Comprehensive test suite for payment functionality
- Tests for partial, full, and overpayments
- Multiple payment scenarios and edge cases
- Payment status calculation validation
Closes payment tracking requirements for basic invoice management
- Add Comment model with threaded replies and user attribution
- Create Alembic migration (013_add_comments_table.py) for database schema
- Implement complete CRUD operations via comments routes
- Add responsive UI with inline editing and real-time interactions
- Include permission system (users edit own, admins manage all)
- Support soft delete for comments with replies to preserve structure
- Add comprehensive CSS styling with dark theme support
- Integrate comments sections into project and task detail views
- Fix modal z-index and context issues for delete confirmations
- Update README with detailed feature documentation
Technical details:
- Threaded comment structure with parent-child relationships
- API endpoints for comment operations and retrieval
- Mobile-responsive design with touch-friendly interactions
- Internationalization support via Flask-Babel
- Bootstrap 5 modal integration with proper event handling
Add admin PDF Layout Editor with local GrapesJS (no CDN)
Routes:
GET/POST /admin/pdf-layout (save, server-side default seeding)
POST /admin/pdf-layout/reset (clear custom template)
GET /admin/pdf-layout/default (serve default body HTML/CSS)
POST /admin/pdf-layout/preview (render preview with sample context)
Invoice PDF generator: support custom HTML/CSS and i18n; add default template and CSS
Preview: sanitize Jinja, add helpers (format_date, format_money), sample item
Base layout: include head_extra and scripts_extra
Editor UI: removed quick blocks, preview, and insert variables; keep load/save/reset
Vendor GrapesJS under app/static/vendor/grapesjs and load locally
README: document the new feature and usage
- Integrate Flask-Babel and i18n utilities; initialize in app factory
- Add `preferred_language` to `User` with Alembic migration (011_add_user_preferred_language)
- Add `babel.cfg` and `scripts/extract_translations.py`
- Add `translations/` for en, de, fr, it, nl, fi
- Update templates to use `_()` and add language picker in navbar/profile
- Respect locale in routes and context processors; persist user preference
- Update requirements and Docker/Docker entrypoint for Babel/gettext support
- Minor copy and style adjustments across pages
Migration: run `alembic upgrade head`
Make user dropdown fully dark; fix hover/divider; remove white overlay
Mobile dropdown respects dark vars; improve navbar-collapse bg/z-index
Improve action button grouping/contrast across pages
Add dark-mode variants for badges, lists, pagination, utilities
Refresh Log Time page: card header, mini-cards for Start/End, unified labels
Group Save/Clear actions; Back remains secondary
Per-user theme preference: model column + migration (003) + POST /auth/profile/theme
Base loads user theme (fallback to local/system); remove admin theme selector
models/user: add nullable full_name and display_name property (fallback to username)
migrations: add 002_add_user_full_name to introduce users.full_name
auth/profile: show and allow editing full_name; persist on POST
templates:
use display_name across navbar, dashboard greeting, tasks (list/view/edit/my/overdue), projects view, reports (user/project), invoices (creator and generate-from-time), and admin (dashboard/users)
keep username where appropriate (e.g., read-only admin form field)
reports:
aggregate/group by display_name in summaries
CSV export writes display_name instead of username
projects: get_user_totals returns display names when available
main/dashboard: replace inline Jinja in script with data attribute flag to satisfy linter
tasks/view: remove Jinja desc() usage; iterate over pre-ordered time_entries from route and slice to 5
fixes jinja2 UndefinedError: 'desc' is undefined
- Improve web interface layout for better user-friendliness and mobile responsiveness
* Update CSS variables for consistent spacing and component sizing
* Enhance card layouts with improved padding, borders, and shadows
* Optimize button and form element dimensions for better touch targets
* Add hover effects and animations for improved user interaction
* Implement responsive grid system with mobile-first approach
- Refactor mobile JavaScript to prevent duplicate initialization
* Consolidate mobile enhancements into dedicated utility classes
* Add initialization guards to prevent double loading
* Implement MobileUtils and MobileNavigation classes
* Remove duplicate event listeners and mobile enhancements
- Fix circular import issue in logo handling
* Replace problematic 'from app import app' with Flask's current_app
* Add error handling for cases where current_app is unavailable
* Improve logo path resolution with fallback mechanisms
* Fix settings model to use proper Flask context
- Clean up template code and remove duplication
* Remove duplicate mobile enhancements from base template
* Clean up dashboard template JavaScript
* Centralize all mobile functionality in mobile.js
* Add proper error handling and debugging
- Update CSS variables and spacing system
* Introduce --section-spacing and --card-spacing variables
* Add mobile-specific spacing variables
* Improve border-radius and shadow consistency
* Enhance typography and visual hierarchy
This commit resolves the double loading issue and logo import errors while
significantly improving the overall user experience and mobile responsiveness
of the web interface.
- Add Task model with full CRUD operations, status tracking, and priority management
- Integrate tasks with existing projects and time entries via foreign key relationships
- Create new Flask routes (/tasks) with admin and user role-based access control
- Implement task status transitions (pending → in_progress → completed → cancelled)
- Add task filtering by status, priority, assignee, and project
- Create responsive Jinja2 templates for task listing, creation, editing, and viewing
- Integrate task selection in timer and manual time entry forms
- Add task management to project dashboards and navigation menus
- Implement automatic database migration system for seamless deployment
- Create migration scripts to add missing tables and columns
- Update startup script to detect and run migrations automatically
- Add comprehensive error handling and validation
- Include full documentation (TASK_MANAGEMENT_README.md)
- Update project structure and main README with new feature details
Database Changes:
- New 'tasks' table with indexes for performance
- Add 'task_id' column to 'time_entries' table
- Automatic migration detection and execution
Technical Implementation:
- SQLAlchemy relationships with proper backrefs and cascading
- Flask-Login integration for role-based access
- Bootstrap 5 responsive UI components
- Font Awesome icons for visual enhancement
- Comprehensive test coverage and error handling
This feature enables users to break down projects into manageable tasks,
track progress, assign work, and maintain better project organization.
Dries Peeters