- share a centralized timezone list across admin and user settings
- allow admins to pick from the same list when setting the system default
- let users clear their personal override to fall back to the global default
- add regression tests covering the new helper and reset path
Add complete internationalization (i18n) infrastructure supporting 9 languages
including full Right-to-Left (RTL) support for Arabic and Hebrew.
Languages supported:
- English, German, French, Spanish, Dutch, Italian, Finnish (LTR)
- Arabic, Hebrew (RTL with complete layout support)
Core features:
* Flask-Babel configuration with locale selector
* Translation files for all 9 languages (480+ strings each)
* Language selector UI component in header with globe icon
* User language preference storage in database
* RTL CSS support with automatic layout reversal
* Session and user-based language persistence
Model field translation system:
* Created comprehensive i18n helper utilities (app/utils/i18n_helpers.py)
* 17 new Jinja2 template filters for automatic translation
* Support for task statuses, priorities, project statuses, invoice statuses,
payment methods, expense categories, and all model enum fields
* Status badge CSS classes for consistent styling
Technical implementation:
* Language switching via API endpoint (POST /api/language)
* Direct language switching route (GET /set-language/<lang>)
* RTL detection and automatic dir="rtl" attribute
* Context processors for language information in all templates
* Template filters registered globally
Testing and quality:
* 50+ unit tests covering all i18n functionality
* Tests for locale selection, language switching, RTL detection
* Comprehensive test coverage for all translation features
Files added:
- translations/es/LC_MESSAGES/messages.po (Spanish)
- translations/ar/LC_MESSAGES/messages.po (Arabic)
- translations/he/LC_MESSAGES/messages.po (Hebrew)
- app/utils/i18n_helpers.py (translation helper functions)
- app/static/css/rtl-support.css (RTL layout support)
- tests/test_i18n.py (comprehensive test suite)
- scripts/audit_i18n.py (translation audit tool)
Files modified:
- app/config.py: Added 3 languages + RTL configuration
- app/routes/user.py: Language switching endpoints
- app/templates/base.html: Language selector + RTL support
- app/utils/context_processors.py: Language context injection
- app/__init__.py: Registered i18n template filters
- scripts/extract_translations.py: Updated language list
- translations/*/messages.po: Added 70+ model field translations
The infrastructure is production-ready. Model enum fields now automatically
translate in templates using the new filters. Flash messages and some template
strings remain in English until wrapped with translation markers (tracked
separately for incremental implementation).
The version displayed in the sidebar was showing "vv3.5.0" instead of
"v3.5.0" because the APP_VERSION environment variable (often from Git
tags like "v3.5.0") already contained a "v" prefix, and the template
was adding another one.
Modified app/utils/context_processors.py to strip any leading 'v'
prefix from the version value before passing it to templates. This
ensures the template's "v{{ app_version }}" always displays correctly.
Fixes the sidebar version display issue in base.html line 269.
BREAKING CHANGE: Permission system now actively enforced across all routes
## Summary
Complete implementation of advanced role-based access control (RBAC) system
with full route protection, UI conditionals, and enhanced management interface.
## Route Protection
- Updated all admin routes to use @admin_or_permission_required decorator
- Replaced inline admin checks with granular permission checks in:
* Admin routes: user management, settings, backups, telemetry, OIDC
* Project routes: create, edit, delete, archive, bulk operations
* Client routes: create, edit, delete, archive, bulk operations
- Maintained backward compatibility with existing @admin_required decorator
## UI Permission Integration
- Added template helpers (has_permission, has_any_permission) to all templates
- Navigation conditionally shows admin/OIDC links based on permissions
- Action buttons (Edit, Delete, Archive) conditional on user permissions
- Project and client pages respect permission requirements
- Create buttons visible only with appropriate permissions
## Enhanced Roles & Permissions UI
- Added statistics dashboard showing:
* Total roles, system roles, custom roles, assigned users
- Implemented expandable permission details in roles list
* Click to view all permissions grouped by category
* Visual checkmarks for assigned permissions
- Enhanced user list with role visibility:
* Shows all assigned roles as color-coded badges
* Blue badges for system roles, gray for custom roles
* Yellow badges for legacy roles with migration prompt
* Merged legacy role column into unified "Roles & Permissions"
- User count per role now clickable and accurate
## Security Improvements
- Added CSRF tokens to all new permission system forms:
* Role creation/edit form
* Role deletion form
* User role assignment form
- All POST requests now protected against CSRF attacks
## Technical Details
- Fixed SQLAlchemy relationship query issues (AppenderQuery)
- Proper use of .count() for relationship aggregation
- Jinja2 namespace for accumulating counts in templates
- Responsive grid layouts for statistics and permission cards
## Documentation
- Created comprehensive implementation guides
- Added permission enforcement documentation
- Documented UI enhancements and features
- Included CSRF protection review
## Impact
- Permissions are now actively enforced, not just defined
- Admins can easily see who has what access
- Clear visual indicators of permission assignments
- Secure forms with CSRF protection
- Production-ready permission system
- Integrate Flask-Babel and i18n utilities; initialize in app factory
- Add `preferred_language` to `User` with Alembic migration (011_add_user_preferred_language)
- Add `babel.cfg` and `scripts/extract_translations.py`
- Add `translations/` for en, de, fr, it, nl, fi
- Update templates to use `_()` and add language picker in navbar/profile
- Respect locale in routes and context processors; persist user preference
- Update requirements and Docker/Docker entrypoint for Babel/gettext support
- Minor copy and style adjustments across pages
Migration: run `alembic upgrade head`
Dries Peeters