mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-01-11 06:00:32 -06:00
944b69a7fc
BREAKING CHANGE: Permission system now actively enforced across all routes ## Summary Complete implementation of advanced role-based access control (RBAC) system with full route protection, UI conditionals, and enhanced management interface. ## Route Protection - Updated all admin routes to use @admin_or_permission_required decorator - Replaced inline admin checks with granular permission checks in: * Admin routes: user management, settings, backups, telemetry, OIDC * Project routes: create, edit, delete, archive, bulk operations * Client routes: create, edit, delete, archive, bulk operations - Maintained backward compatibility with existing @admin_required decorator ## UI Permission Integration - Added template helpers (has_permission, has_any_permission) to all templates - Navigation conditionally shows admin/OIDC links based on permissions - Action buttons (Edit, Delete, Archive) conditional on user permissions - Project and client pages respect permission requirements - Create buttons visible only with appropriate permissions ## Enhanced Roles & Permissions UI - Added statistics dashboard showing: * Total roles, system roles, custom roles, assigned users - Implemented expandable permission details in roles list * Click to view all permissions grouped by category * Visual checkmarks for assigned permissions - Enhanced user list with role visibility: * Shows all assigned roles as color-coded badges * Blue badges for system roles, gray for custom roles * Yellow badges for legacy roles with migration prompt * Merged legacy role column into unified "Roles & Permissions" - User count per role now clickable and accurate ## Security Improvements - Added CSRF tokens to all new permission system forms: * Role creation/edit form * Role deletion form * User role assignment form - All POST requests now protected against CSRF attacks ## Technical Details - Fixed SQLAlchemy relationship query issues (AppenderQuery) - Proper use of .count() for relationship aggregation - Jinja2 namespace for accumulating counts in templates - Responsive grid layouts for statistics and permission cards ## Documentation - Created comprehensive implementation guides - Added permission enforcement documentation - Documented UI enhancements and features - Included CSRF protection review ## Impact - Permissions are now actively enforced, not just defined - Admins can easily see who has what access - Clear visual indicators of permission assignments - Secure forms with CSRF protection - Production-ready permission system
TimeTracker Documentation
Welcome to the comprehensive TimeTracker documentation. Everything you need to install, configure, use, and contribute to TimeTracker.
📖 Quick Links
- 🚀 Getting Started Guide — Complete beginner tutorial (⭐ Start here!)
- Main README — Product overview and quick start
- Installation Guide — Get TimeTracker running
- Feature Guides — Learn what TimeTracker can do
- Troubleshooting — Solve common issues
🚀 Installation & Deployment
Getting Started
- 🚀 Getting Started Guide — Complete beginner tutorial (⭐ Start here!)
- Requirements — System requirements and dependencies
- Docker Public Setup — Production deployment with Docker
- Local Testing with SQLite — Quick test without database setup
Database & Migrations
- Database Migrations — Database schema management with Flask-Migrate
- Migration Guide — Migrate existing databases
- Enhanced Database Startup — Automatic database initialization
- Database Startup Fix — Database connection troubleshooting
Docker & Containers
- Docker Startup Troubleshooting — Fix Docker issues
- Docker Startup Configuration — Container startup behavior
- Docker Connection Troubleshooting — Database connection in Docker
✨ Feature Documentation
Core Features
- Task Management — Complete task tracking system
- Task Management Overview — Task management concepts
- Client Management — Manage clients and relationships
- Client Notes — Add internal notes about clients
- Invoice System — Generate and track invoices
- Enhanced Invoice System — Advanced invoicing features
- Calendar Features — Calendar view and bulk entry
Advanced Features
- Command Palette — Keyboard shortcuts and quick actions
- Bulk Time Entry — Create multiple time entries at once
- Logo Upload System — Brand your invoices
- Toast Notification System — User feedback and notifications
- Translation System — Multi-language support
Additional Documentation
- Mobile Improvements — Mobile-optimized interface
- Invoice Interface Improvements — Invoice UI enhancements
- PDF Generation Troubleshooting — Fix PDF generation issues
🔧 Technical Documentation
Project Structure
- Project Structure — Codebase organization and architecture
- Solution Guide — Technical solutions and patterns
Development
- Contributing Guidelines — How to contribute to TimeTracker
- Code of Conduct — Community standards and expectations
- Version Management — Release process and versioning
CI/CD
- CI/CD Documentation — Continuous integration and deployment
- Documentation — CI/CD overview
- Quick Start — Get started with CI/CD
- Implementation Summary — What was implemented
- GitHub Actions Setup — Configure GitHub Actions
- GitHub Actions Verification — Verify CI/CD setup
Release & Images
- Release Process — How to create releases
- GitHub Workflow Images — Docker images on GitHub Container Registry
🛠️ Troubleshooting
Common Issues
- Docker Startup Troubleshooting — Docker won't start
- Database Connection Issues — Can't connect to database
- PDF Generation Issues — PDFs not generating
- Solution Guide — General problem solving
Quick Fixes
- Port conflicts: Change
PORT=8081in docker-compose command - Database issues: Run
docker-compose down -v && docker-compose up -d - Permission errors: Check file ownership with
chown -R $USER:$USER . - Migration failures: See Database Migrations
📚 Additional Resources
Features & Improvements
Detailed documentation about features and improvements is available in:
- Implementation Notes — Development summaries and changelogs
- Feature Guides — Specific feature documentation
Implementation Notes
Recent improvements and changes:
- Analytics Improvements
- Calendar Improvements
- Command Palette Improvements
- Dashboard & Navbar
- Kanban Improvements
- Notification System
- OIDC Improvements
- Reports Improvements
- Styling Consistency
- Toast Notifications
- Translation Improvements
- Translation Fixes
- UI Improvements
Feature Specific
Feature documentation and quick starts:
- Alembic Migrations
- Project Costs
- Project Costs Quick Start
- Calendar Quick Start
- Badges
- Code Formatting
🔍 Documentation by Topic
For New Users
- Start with Main README for product overview
- Review Requirements to check if your system is compatible
- Follow Docker Public Setup for installation
- Explore Feature Documentation to learn what TimeTracker can do
For Developers
- Read Contributing Guidelines before making changes
- Review Project Structure to understand the codebase
- Check Solution Guide for technical patterns
- Use Local Testing with SQLite for development
For Administrators
- Follow Docker Public Setup for deployment
- Review Version Management for updates
- Set up Database Migrations for schema management
- Configure CI/CD for automated deployments
For Troubleshooting
- Check Docker Startup Troubleshooting
- Review Database Connection Issues
- Consult Solution Guide for common problems
- Check specific feature documentation if issue is feature-related
📝 Documentation Structure
docs/
├── README.md # This file - documentation index
├── REQUIREMENTS.md # System requirements
├── PROJECT_STRUCTURE.md # Codebase architecture
├── CONTRIBUTING.md # Contribution guidelines
├── CODE_OF_CONDUCT.md # Community standards
│
├── cicd/ # CI/CD documentation
│ ├── CI_CD_DOCUMENTATION.md
│ ├── CI_CD_QUICK_START.md
│ └── ...
│
├── features/ # Feature-specific guides
│ ├── ALEMBIC_MIGRATION_README.md
│ ├── PROJECT_COSTS_FEATURE.md
│ └── ...
│
└── implementation-notes/ # Development notes
├── ANALYTICS_IMPROVEMENTS_SUMMARY.md
├── UI_IMPROVEMENTS_SUMMARY.md
└── ...
🤝 Contributing to Documentation
Found an error? Want to improve the docs?
- Check the Contributing Guidelines
- Make your changes to the relevant documentation file
- Test that all links work correctly
- Submit a pull request with a clear description
Good documentation helps everyone! 📚
💡 Tips for Using This Documentation
- Use the search function in your browser (Ctrl/Cmd + F) to find specific topics
- Follow links to related documentation for deeper understanding
- Start with Quick Links at the top if you're in a hurry
- Browse by topic using the categorized sections
- Check Implementation Notes for recent changes and improvements
Need help? Open an issue or check the troubleshooting section
Want to contribute? See our Contributing Guidelines