Squashed commit of the following:

commit 1eeea9f83ad9230a5c1f7a75662770eaab0df837 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 21:15:41 2025 +0200 Disable resuming of old time entries. commit 3e3ec2f01cb7943622b819a19179388078ae1315 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 20:59:19 2025 +0200 Refactor db migrations. commit 15a51a569da36c6b7c9e01ab17b6fdbdee6ad994 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 19:58:04 2025 +0200 Apply new style for Time Tracking view. commit 77e5278b303e060d2b03853b06277f8aa567ae68 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 18:06:04 2025 +0200 Allow direct registrations as a Company. commit 188a8772757cbef374243d3a5f29e4440ddecabe Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 18:04:45 2025 +0200 Add email invitation feature. commit d9ebaa02aa01b518960a20dccdd5a327d82f30c6 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 17:12:32 2025 +0200 Apply common style for Company, User, Team management pages. commit 81149caf4d8fc6317e2ab1b4f022b32fc5aa6d22 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 16:44:32 2025 +0200 Move export functions to own module. commit 1a26e19338e73f8849c671471dd15cc3c1b1fe82 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 15:51:15 2025 +0200 Split up models.py. commit 61f1ccd10f721b0ff4dc1eccf30c7a1ee13f204d Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 12:05:28 2025 +0200 Move utility function into own modules. commit 84b341ed35e2c5387819a8b9f9d41eca900ae79f Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 11:44:24 2025 +0200 Refactor auth functions use. commit 923e311e3da5b26d85845c2832b73b7b17c48adb Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 11:35:52 2025 +0200 Refactor route nameing and fix bugs along the way. commit f0a5c4419c340e62a2615c60b2a9de28204d2995 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 10:34:33 2025 +0200 Fix URL endpoints in announcement template. commit b74d74542a1c8dc350749e4788a9464d067a88b5 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 09:25:53 2025 +0200 Move announcements to own module. commit 9563a28021ac46c82c04fe4649b394dbf96f92c7 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 09:16:30 2025 +0200 Combine Company view and edit templates. commit 6687c373e681d54e4deab6b2582fed5cea9aadf6 Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 08:17:42 2025 +0200 Move Users, Company and System Administration to own modules. commit 8b7894a2e3eb84bb059f546648b6b9536fea724e Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 07:40:57 2025 +0200 Move Teams and Projects to own modules. commit d11bf059d99839ecf1f5d7020b8c8c8a2454c00b Author: Jens Luedicke <jens@luedicke.me> Date: Mon Jul 7 07:09:33 2025 +0200 Move Tasks and Sprints to own modules.
2025-07-07 21:16:36 +02:00
parent 4214e88d18
commit 9a79778ad6
116 changed files with 21063 additions and 5653 deletions
--- a/routes/invitations.py
+++ b/routes/invitations.py
@@ -0,0 +1,217 @@
+"""
+Company invitation routes
+"""
+
+from flask import Blueprint, render_template, request, redirect, url_for, flash, g, jsonify
+from models import db, CompanyInvitation, User, Role
+from routes.auth import login_required, admin_required
+from flask_mail import Message
+from datetime import datetime, timedelta
+import logging
+
+logger = logging.getLogger(__name__)
+
+invitations_bp = Blueprint('invitations', __name__, url_prefix='/invitations')
+
+
+@invitations_bp.route('/')
+@login_required
+@admin_required
+def list_invitations():
+    """List all invitations for the company"""
+    invitations = CompanyInvitation.query.filter_by(
+        company_id=g.user.company_id
+    ).order_by(CompanyInvitation.created_at.desc()).all()
+    
+    # Separate into pending and accepted
+    pending_invitations = [inv for inv in invitations if inv.is_valid()]
+    accepted_invitations = [inv for inv in invitations if inv.accepted]
+    expired_invitations = [inv for inv in invitations if not inv.accepted and inv.is_expired()]
+    
+    return render_template('invitations/list.html',
+                         pending_invitations=pending_invitations,
+                         accepted_invitations=accepted_invitations,
+                         expired_invitations=expired_invitations,
+                         title='Manage Invitations')
+
+
+@invitations_bp.route('/send', methods=['GET', 'POST'])
+@login_required
+@admin_required
+def send_invitation():
+    """Send a new invitation"""
+    if request.method == 'POST':
+        email = request.form.get('email', '').strip()
+        role = request.form.get('role', 'Team Member')
+        custom_message = request.form.get('custom_message', '').strip()
+        
+        if not email:
+            flash('Email address is required', 'error')
+            return redirect(url_for('invitations.send_invitation'))
+        
+        # Check if user already exists in the company
+        existing_user = User.query.filter_by(
+            email=email,
+            company_id=g.user.company_id
+        ).first()
+        
+        if existing_user:
+            flash(f'A user with email {email} already exists in your company', 'error')
+            return redirect(url_for('invitations.send_invitation'))
+        
+        # Check for pending invitations
+        pending_invitation = CompanyInvitation.query.filter_by(
+            email=email,
+            company_id=g.user.company_id,
+            accepted=False
+        ).filter(CompanyInvitation.expires_at > datetime.now()).first()
+        
+        if pending_invitation:
+            flash(f'An invitation has already been sent to {email} and is still pending', 'warning')
+            return redirect(url_for('invitations.list_invitations'))
+        
+        # Create new invitation
+        invitation = CompanyInvitation(
+            company_id=g.user.company_id,
+            email=email,
+            role=role,
+            invited_by_id=g.user.id
+        )
+        
+        db.session.add(invitation)
+        db.session.commit()
+        
+        # Send invitation email
+        try:
+            from app import mail
+            
+            # Build invitation URL
+            invitation_url = url_for('register_with_invitation', 
+                                   token=invitation.token, 
+                                   _external=True)
+            
+            msg = Message(
+                f'Invitation to join {g.user.company.name} on {g.branding.app_name}',
+                recipients=[email]
+            )
+            
+            msg.html = render_template('emails/invitation.html',
+                                     invitation=invitation,
+                                     invitation_url=invitation_url,
+                                     custom_message=custom_message,
+                                     sender=g.user)
+            
+            msg.body = f"""
+Hello,
+
+{g.user.username} has invited you to join {g.user.company.name} on {g.branding.app_name}.
+
+{custom_message if custom_message else ''}
+
+Click the link below to accept the invitation and create your account:
+{invitation_url}
+
+This invitation will expire in 7 days.
+
+Best regards,
+The {g.branding.app_name} Team
+"""
+            
+            mail.send(msg)
+            logger.info(f"Invitation sent to {email} by {g.user.username}")
+            flash(f'Invitation sent successfully to {email}', 'success')
+            
+        except Exception as e:
+            logger.error(f"Error sending invitation email: {str(e)}")
+            flash('Invitation created but failed to send email. The user can still use the invitation link.', 'warning')
+        
+        return redirect(url_for('invitations.list_invitations'))
+    
+    # GET request - show the form
+    roles = ['Team Member', 'Team Leader', 'Administrator']
+    return render_template('invitations/send.html', roles=roles, title='Send Invitation')
+
+
+@invitations_bp.route('/revoke/<int:invitation_id>', methods=['POST'])
+@login_required
+@admin_required
+def revoke_invitation(invitation_id):
+    """Revoke a pending invitation"""
+    invitation = CompanyInvitation.query.filter_by(
+        id=invitation_id,
+        company_id=g.user.company_id,
+        accepted=False
+    ).first()
+    
+    if not invitation:
+        flash('Invitation not found or already accepted', 'error')
+        return redirect(url_for('invitations.list_invitations'))
+    
+    # Instead of deleting, we'll expire it immediately
+    invitation.expires_at = datetime.now()
+    db.session.commit()
+    
+    flash(f'Invitation to {invitation.email} has been revoked', 'success')
+    return redirect(url_for('invitations.list_invitations'))
+
+
+@invitations_bp.route('/resend/<int:invitation_id>', methods=['POST'])
+@login_required
+@admin_required
+def resend_invitation(invitation_id):
+    """Resend an invitation email"""
+    invitation = CompanyInvitation.query.filter_by(
+        id=invitation_id,
+        company_id=g.user.company_id,
+        accepted=False
+    ).first()
+    
+    if not invitation:
+        flash('Invitation not found or already accepted', 'error')
+        return redirect(url_for('invitations.list_invitations'))
+    
+    # Extend expiration if needed
+    if invitation.is_expired():
+        invitation.expires_at = datetime.now() + timedelta(days=7)
+        db.session.commit()
+    
+    # Resend email
+    try:
+        from app import mail
+        
+        invitation_url = url_for('register_with_invitation', 
+                               token=invitation.token, 
+                               _external=True)
+        
+        msg = Message(
+            f'Reminder: Invitation to join {g.user.company.name}',
+            recipients=[invitation.email]
+        )
+        
+        msg.html = render_template('emails/invitation_reminder.html',
+                                 invitation=invitation,
+                                 invitation_url=invitation_url,
+                                 sender=g.user)
+        
+        msg.body = f"""
+Hello,
+
+This is a reminder that you have been invited to join {g.user.company.name} on {g.branding.app_name}.
+
+Click the link below to accept the invitation and create your account:
+{invitation_url}
+
+This invitation will expire on {invitation.expires_at.strftime('%B %d, %Y')}.
+
+Best regards,
+The {g.branding.app_name} Team
+"""
+        
+        mail.send(msg)
+        flash(f'Invitation resent to {invitation.email}', 'success')
+        
+    except Exception as e:
+        logger.error(f"Error resending invitation email: {str(e)}")
+        flash('Failed to resend invitation email', 'error')
+    
+    return redirect(url_for('invitations.list_invitations'))