- Wochenübersicht exports now persisted in DB (WeeklyReport) + disk
- POST /reports/wochenuebersicht/generate replaces GET (admin-only)
- POST /reports/wochenuebersicht/upload-icd for ICD upload (all roles)
- GET /reports/list supports report_type_prefix filter
- WochenuebersichtPage: report table + ICD drag-drop upload for all roles
- Route + sidebar open to all authenticated users
- ReportsPage filters out wochenuebersicht report types
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New Excel export service for weekly DAK summary sheets (c2s / c2s_g_s variants)
- New API endpoint GET /reports/wochenuebersicht (admin-only)
- ICD import auto-detects format (coding template vs. Wochenübersicht KVNR-based)
- New admin frontend page with download form
- Route + sidebar navigation entry
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds report_type support across the full stack:
- Backend: REPORT_TYPES mapping, fallgruppen filter in all 5 sheet
calculations, dynamic Excel columns, report_type DB column with
Alembic migration 007
- Frontend: report type dropdown in generation form, type column in
reports table, dynamic fallgruppen in ReportViewer
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Kontakt fields (strasse, plz, ort, email, etc.) should only be visible
to admins, not to DAK employees even with an active disclosure. Move
visibleTo: 'admin' from field-level to section-level so the entire
Kontakt section is hidden like Falldetails, Unterlagen, etc.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add strasse, plz, ort, email, telefonnummer, mobiltelefon, ansprechpartner
to SENSITIVE_FIELDS in backend (nullified without disclosure)
- Add visibleTo: 'admin' to all Kontakt fields in frontend fieldConfig
- Consolidate _utcnow_naive() usage across all disclosure service functions
for consistent naive datetime handling with MySQL
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DAK-Mitarbeiter now only see: Bearbeiten, Personendaten anfordern,
Fall-ID, CRM-Ticket, Datum, KW/Jahr, Persönliche Daten, Kontakt,
and ICD-Code entry. Hidden: Falldetails, Unterlagen, Gutachten,
Status, Abrechnung, status badges, and coding info.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
"Wieder aufleben" now also works for rejected disclosures, setting
status to approved with a new 24h window. Both buttons (reactivate
and delete) now appear for rejected and expired/revoked disclosures.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After revoking or expiry, admins now see "Wieder aufleben" (reactivate
with new 24h window) and "Verwerfen" (hard delete) buttons. Rejected
disclosures also show "Verwerfen".
Backend: PUT .../reactivate and DELETE endpoints for admin disclosures.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DAK employees now see "Erneute Anfrage" (opens dialog with pre-filled
reason) and "Verwerfen" (hard delete) buttons for expired, revoked,
or rejected disclosure requests on their My Disclosures page.
Backend: new DELETE /cases/disclosure-requests/{id} endpoint.
Frontend: new hooks useDeleteDisclosure, useRequestDisclosure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The download function used `/api/reports/download/{id}` as the URL for
the axios instance which already has `baseURL: '/api'`. This resulted in
requests to `/api/api/reports/download/{id}`, causing nginx to serve
the SPA index.html (status 200, text/html) instead of proxying to the
backend. The HTML was then saved as .xlsx, making Excel unable to open it.
Fix: Use `/reports/download/{id}` for axios (which prepends baseURL)
and keep the full `/api/reports/download/{id}` for the window.open fallback.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Dashboard KPI cards are now clickable with role-based links
- New GutachtenStatistikPage placeholder at /gutachten-statistik
- New "Meine Freigaben" page for DAK-Mitarbeiter to view/revoke own disclosures
- Backend: GET /cases/my-disclosure-requests, PUT /cases/disclosure-requests/{id}/revoke
- Admin Disclosures page: full history with status tabs and revoke capability
- Backend: PUT /admin/disclosure-requests/{id}/revoke, default shows all statuses
- Sidebar: "Meine Freigaben" entry for dak_mitarbeiter role
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Install vitest, @vitest/coverage-v8, jsdom, @testing-library/react,
@testing-library/jest-dom, @testing-library/user-event, and msw.
Create vitest.config.ts with jsdom environment, path aliases, and
coverage configuration. Add test scripts to package.json and
vitest/globals types to tsconfig.app.json.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual useEffect data fetching with useCases/usePendingIcdCases
query hooks. Replace direct API calls in useInlineEdit with useCaseUpdate
and useKvnrUpdate mutations. Use useIcdUpdate for ICD saving. Remove
onCaseSaved callback prop drilling — mutations auto-invalidate the cache.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual useState/useEffect/setInterval polling with useQuery
(refetchInterval: 60s) and useMutation for markAsRead/markAllAsRead.
Public API remains identical so consumers need no changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual useState/useEffect data fetching with useDashboard hook
that uses TanStack Query for automatic caching, refetching, and loading
state management.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Install @tanstack/react-query v5 and wrap the app with
QueryClientProvider as foundation for server-state management.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
CaseResponse.nachname was required (str) but the masking function sets
it to None for dak_mitarbeiter. This caused Pydantic validation errors
(500) making the case list empty for non-admin users.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
