- Add strasse, plz, ort, email, telefonnummer, mobiltelefon, ansprechpartner
to SENSITIVE_FIELDS in backend (nullified without disclosure)
- Add visibleTo: 'admin' to all Kontakt fields in frontend fieldConfig
- Consolidate _utcnow_naive() usage across all disclosure service functions
for consistent naive datetime handling with MySQL
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DAK-Mitarbeiter now only see: Bearbeiten, Personendaten anfordern,
Fall-ID, CRM-Ticket, Datum, KW/Jahr, Persönliche Daten, Kontakt,
and ICD-Code entry. Hidden: Falldetails, Unterlagen, Gutachten,
Status, Abrechnung, status badges, and coding info.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
"Wieder aufleben" now also works for rejected disclosures, setting
status to approved with a new 24h window. Both buttons (reactivate
and delete) now appear for rejected and expired/revoked disclosures.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After revoking or expiry, admins now see "Wieder aufleben" (reactivate
with new 24h window) and "Verwerfen" (hard delete) buttons. Rejected
disclosures also show "Verwerfen".
Backend: PUT .../reactivate and DELETE endpoints for admin disclosures.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DAK employees now see "Erneute Anfrage" (opens dialog with pre-filled
reason) and "Verwerfen" (hard delete) buttons for expired, revoked,
or rejected disclosure requests on their My Disclosures page.
Backend: new DELETE /cases/disclosure-requests/{id} endpoint.
Frontend: new hooks useDeleteDisclosure, useRequestDisclosure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The download function used `/api/reports/download/{id}` as the URL for
the axios instance which already has `baseURL: '/api'`. This resulted in
requests to `/api/api/reports/download/{id}`, causing nginx to serve
the SPA index.html (status 200, text/html) instead of proxying to the
backend. The HTML was then saved as .xlsx, making Excel unable to open it.
Fix: Use `/reports/download/{id}` for axios (which prepends baseURL)
and keep the full `/api/reports/download/{id}` for the window.open fallback.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Dashboard KPI cards are now clickable with role-based links
- New GutachtenStatistikPage placeholder at /gutachten-statistik
- New "Meine Freigaben" page for DAK-Mitarbeiter to view/revoke own disclosures
- Backend: GET /cases/my-disclosure-requests, PUT /cases/disclosure-requests/{id}/revoke
- Admin Disclosures page: full history with status tabs and revoke capability
- Backend: PUT /admin/disclosure-requests/{id}/revoke, default shows all statuses
- Sidebar: "Meine Freigaben" entry for dak_mitarbeiter role
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Install vitest, @vitest/coverage-v8, jsdom, @testing-library/react,
@testing-library/jest-dom, @testing-library/user-event, and msw.
Create vitest.config.ts with jsdom environment, path aliases, and
coverage configuration. Add test scripts to package.json and
vitest/globals types to tsconfig.app.json.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual useEffect data fetching with useCases/usePendingIcdCases
query hooks. Replace direct API calls in useInlineEdit with useCaseUpdate
and useKvnrUpdate mutations. Use useIcdUpdate for ICD saving. Remove
onCaseSaved callback prop drilling — mutations auto-invalidate the cache.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual useState/useEffect/setInterval polling with useQuery
(refetchInterval: 60s) and useMutation for markAsRead/markAllAsRead.
Public API remains identical so consumers need no changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual useState/useEffect data fetching with useDashboard hook
that uses TanStack Query for automatic caching, refetching, and loading
state management.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Install @tanstack/react-query v5 and wrap the app with
QueryClientProvider as foundation for server-state management.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
CaseResponse.nachname was required (str) but the masking function sets
it to None for dak_mitarbeiter. This caused Pydantic validation errors
(500) making the case list empty for non-admin users.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Change stacked bar chart from erstberatungen+unterlagen+gutachten
(overlapping, incorrect) to ablehnungen+keine_rm+gutachten (disjoint
categories that sum to total cases per KW, matching Excel Sheet 1).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extend User and UserResponse interfaces with first_name, last_name,
display_name, avatar_url fields. Add ProfileUpdatePayload,
ChangePasswordPayload, MFASetupResponse, MFAVerifyPayload types.
Add authService functions for profile update, avatar upload/delete,
password change, and MFA setup/verify/disable. Add refreshUser to
AuthContext so components can re-fetch user data after changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Radix UI Select.Item does not allow empty string values. The Anrede
dropdown used value="" for the empty option, causing the entire React
app to crash when entering edit mode. Use '__none__' sentinel value
instead and convert to null on selection.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
