mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-05-02 10:19:58 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
7c169fb4018063a2ae266145c8449f7fa7e5abe3
TimeTracker/docs/CLIENT_PORTAL.md
T
Dries Peeters 39cf649f8e feat: Add client portal with password setup email functionality 
Implement a complete client portal feature that allows clients to access
their projects, invoices, and time entries through a dedicated portal with
separate authentication. Includes password setup via email with secure
token-based authentication.

Client Portal Features:
- Client-based authentication (separate from user accounts)
- Portal access can be enabled/disabled per client
- Clients can view their projects, invoices, and time entries
- Clean, minimal UI without main app navigation elements
- Login page styled to match main app design

Password Setup Email:
- Admin can send password setup emails to clients
- Secure token-based password setup (24-hour expiration)
- Email template with professional styling
- Password setup page matching app login design
- Token validation and automatic cleanup after use

Email Configuration:
- Email settings from admin menu are now used for sending
- Database email settings persist between restarts and updates
- Automatic reload of email configuration when sending emails
- Database settings take precedence over environment variables
- Improved error messages for email configuration issues

Database Changes:
- Add portal_enabled, portal_username, portal_password_hash to clients
- Add password_setup_token and password_setup_token_expires to clients
- Migration 047: Add client portal fields to users (legacy)
- Migration 048: Add client portal credentials to clients
- Migration 049: Add password setup token fields

New Files:
- app/routes/client_portal.py - Client portal routes and authentication
- app/templates/client_portal/ - Portal templates (base, login, dashboard, etc.)
- app/templates/email/client_portal_password_setup.html - Email template
- migrations/versions/047-049 - Database migrations
- tests/test_client_portal.py - Portal tests
- docs/CLIENT_PORTAL.md - Portal documentation

Modified Files:
- app/models/client.py - Add portal fields and password token methods
- app/routes/clients.py - Add send password email route
- app/routes/client_portal.py - Portal routes with redirect handling
- app/utils/email.py - Use database settings, add password setup email
- app/templates/clients/edit.html - Add send email button
- app/templates/components/ui.html - Support client portal breadcrumbs

Security:
- Secure token generation using secrets.token_urlsafe()
- Password hashing with werkzeug.security
- Token expiration (24 hours default)
- Token cleared after successful password setup
- CSRF protection on all forms
2025-11-14 15:15:38 +01:00

195 lines
5.4 KiB
Markdown
Raw Blame History

# Client Portal Feature
## Overview
The Client Portal provides a simplified, read-only interface for client users to view their projects, invoices, and time entries. This feature allows you to grant clients access to view their own data without exposing internal system functionality or other clients' information.
## Features
- **Dashboard**: Overview of projects, invoices, and time entries
- **Projects View**: List of all active projects with statistics
- **Invoices View**: List of invoices with filtering options (all, paid, unpaid, overdue)
- **Invoice Details**: Detailed view of individual invoices
- **Time Entries**: View time entries for projects with filtering capabilities
## Enabling Client Portal Access
### For Administrators
1. Navigate to **Admin****Users**
2. Click **Edit** on the user you want to grant portal access to
3. Scroll to the **Client Portal Access** section
4. Check **Enable Client Portal**
5. Select the **Client** from the dropdown
6. Click **Save**
The user will now have access to the client portal at `/client-portal`.
### User Requirements
For a user to access the client portal:
- `client_portal_enabled` must be `True`
- `client_id` must be set to a valid client ID
- The user must be active (`is_active = True`)
## Access Control
- Client portal users can only see data for their assigned client
- They cannot access:
- Other clients' data
- Internal admin functions
- User management
- System settings
- All portal routes require authentication and portal access verification
## Portal Routes
### Dashboard
- **URL**: `/client-portal` or `/client-portal/dashboard`
- **Description**: Overview page showing statistics and recent activity
### Projects
- **URL**: `/client-portal/projects`
- **Description**: List of all active projects for the client
### Invoices
- **URL**: `/client-portal/invoices`
- **Query Parameters**:
- `status`: Filter by status (`all`, `paid`, `unpaid`, `overdue`)
- **Description**: List of invoices with filtering options
### Invoice Detail
- **URL**: `/client-portal/invoices/<invoice_id>`
- **Description**: Detailed view of a specific invoice
### Time Entries
- **URL**: `/client-portal/time-entries`
- **Query Parameters**:
- `project_id`: Filter by project
- `date_from`: Filter entries from this date (YYYY-MM-DD)
- `date_to`: Filter entries to this date (YYYY-MM-DD)
- **Description**: List of time entries with filtering capabilities
## Database Schema
### User Model Changes
Two new fields were added to the `users` table:
```sql
client_portal_enabled BOOLEAN NOT NULL DEFAULT 0
client_id INTEGER REFERENCES clients(id) ON DELETE SET NULL
```
### Migration
The migration `047_add_client_portal_fields.py` adds these fields. Run:
```bash
alembic upgrade head
```
## User Model Methods
### `is_client_portal_user` (property)
Returns `True` if the user has client portal access enabled and a client assigned.
```python
if user.is_client_portal_user:
# User has portal access
```
### `get_client_portal_data()`
Returns a dictionary containing all portal data for the user's assigned client:
```python
data = user.get_client_portal_data()
# Returns:
# {
# 'client': Client object,
# 'projects': [list of active projects],
# 'invoices': [list of invoices],
# 'time_entries': [list of time entries]
# }
```
Returns `None` if portal access is not enabled or no client is assigned.
## Admin Interface
### User List
The user list now displays a "Portal" badge for users with client portal access enabled, showing which client they're assigned to.
### User Edit Form
The user edit form includes a new **Client Portal Access** section with:
- Checkbox to enable/disable portal access
- Dropdown to select the assigned client
- Validation to ensure a client is selected when enabling portal access
## Security Considerations
1. **Access Control**: All portal routes verify that:
- User is authenticated
- User has `client_portal_enabled = True`
- User has a valid `client_id`
2. **Data Isolation**: Portal users can only see:
- Projects belonging to their assigned client
- Invoices for their assigned client
- Time entries for projects belonging to their assigned client
3. **Read-Only Access**: The portal is read-only - users cannot modify any data
4. **Invoice Access**: Users can only view invoices that belong to their assigned client
## Testing
Comprehensive tests are available in `tests/test_client_portal.py`:
- Model tests for user portal properties
- Route tests for access control
- Admin interface tests for enabling/disabling portal access
- Smoke tests for basic functionality
Run tests with:
```bash
pytest tests/test_client_portal.py -v
```
## Troubleshooting
### User Cannot Access Portal
1. Verify `client_portal_enabled` is `True` in the database
2. Verify `client_id` is set to a valid client ID
3. Verify the user is active (`is_active = True`)
4. Check that the client exists and is active
### Portal Shows No Data
1. Verify the client has active projects
2. Check that invoices exist for the client
3. Verify time entries exist for the client's projects
### Admin Cannot Enable Portal
1. Ensure a client is selected when enabling portal access
2. Verify the client exists and is active
3. Check for database errors in server logs
## Future Enhancements
Potential future improvements:
- Email notifications for new invoices
- PDF invoice downloads
- Export time entries to CSV
- Project status updates
- Comments/notes on projects
- Custom branding per client
Reference in New Issue View Git Blame Copy Permalink