- New Excel export service for weekly DAK summary sheets (c2s / c2s_g_s variants)
- New API endpoint GET /reports/wochenuebersicht (admin-only)
- ICD import auto-detects format (coding template vs. Wochenübersicht KVNR-based)
- New admin frontend page with download form
- Route + sidebar navigation entry
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds report_type support across the full stack:
- Backend: REPORT_TYPES mapping, fallgruppen filter in all 5 sheet
calculations, dynamic Excel columns, report_type DB column with
Alembic migration 007
- Frontend: report type dropdown in generation form, type column in
reports table, dynamic fallgruppen in ReportViewer
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Kontakt fields (strasse, plz, ort, email, etc.) should only be visible
to admins, not to DAK employees even with an active disclosure. Move
visibleTo: 'admin' from field-level to section-level so the entire
Kontakt section is hidden like Falldetails, Unterlagen, etc.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add strasse, plz, ort, email, telefonnummer, mobiltelefon, ansprechpartner
to SENSITIVE_FIELDS in backend (nullified without disclosure)
- Add visibleTo: 'admin' to all Kontakt fields in frontend fieldConfig
- Consolidate _utcnow_naive() usage across all disclosure service functions
for consistent naive datetime handling with MySQL
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DAK-Mitarbeiter now only see: Bearbeiten, Personendaten anfordern,
Fall-ID, CRM-Ticket, Datum, KW/Jahr, Persönliche Daten, Kontakt,
and ICD-Code entry. Hidden: Falldetails, Unterlagen, Gutachten,
Status, Abrechnung, status badges, and coding info.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
"Wieder aufleben" now also works for rejected disclosures, setting
status to approved with a new 24h window. Both buttons (reactivate
and delete) now appear for rejected and expired/revoked disclosures.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After revoking or expiry, admins now see "Wieder aufleben" (reactivate
with new 24h window) and "Verwerfen" (hard delete) buttons. Rejected
disclosures also show "Verwerfen".
Backend: PUT .../reactivate and DELETE endpoints for admin disclosures.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DAK employees now see "Erneute Anfrage" (opens dialog with pre-filled
reason) and "Verwerfen" (hard delete) buttons for expired, revoked,
or rejected disclosure requests on their My Disclosures page.
Backend: new DELETE /cases/disclosure-requests/{id} endpoint.
Frontend: new hooks useDeleteDisclosure, useRequestDisclosure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PyMySQL returns naive datetimes from MySQL DATETIME columns, but
revoke_disclosure() compared them with timezone-aware datetime.now(timezone.utc),
causing an unhandled TypeError (not caught by except ValueError) and a 500 error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously, generate_full_report() ignored the kw parameter for data
filtering — it was only stored as metadata. This caused all reports to
contain data up to the latest available KW, making historical reports
(e.g., for KW 8) identical to the current one.
Now all 5 sheet calculation functions accept an optional max_kw parameter.
When generating a report for a specific KW, only cases with kw <= max_kw
are included. Dashboard and vorjahr callers are unaffected (max_kw=None).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The download function used `/api/reports/download/{id}` as the URL for
the axios instance which already has `baseURL: '/api'`. This resulted in
requests to `/api/api/reports/download/{id}`, causing nginx to serve
the SPA index.html (status 200, text/html) instead of proxying to the
backend. The HTML was then saved as .xlsx, making Excel unable to open it.
Fix: Use `/reports/download/{id}` for axios (which prepends baseURL)
and keep the full `/api/reports/download/{id}` for the window.open fallback.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Dashboard KPI cards are now clickable with role-based links
- New GutachtenStatistikPage placeholder at /gutachten-statistik
- New "Meine Freigaben" page for DAK-Mitarbeiter to view/revoke own disclosures
- Backend: GET /cases/my-disclosure-requests, PUT /cases/disclosure-requests/{id}/revoke
- Admin Disclosures page: full history with status tabs and revoke capability
- Backend: PUT /admin/disclosure-requests/{id}/revoke, default shows all statuses
- Sidebar: "Meine Freigaben" entry for dak_mitarbeiter role
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Install vitest, @vitest/coverage-v8, jsdom, @testing-library/react,
@testing-library/jest-dom, @testing-library/user-event, and msw.
Create vitest.config.ts with jsdom environment, path aliases, and
coverage configuration. Add test scripts to package.json and
vitest/globals types to tsconfig.app.json.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Detailed task-by-task plan for Vitest + MSW + Playwright test infrastructure
covering hooks, services, page integration tests and E2E browser tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual useEffect data fetching with useCases/usePendingIcdCases
query hooks. Replace direct API calls in useInlineEdit with useCaseUpdate
and useKvnrUpdate mutations. Use useIcdUpdate for ICD saving. Remove
onCaseSaved callback prop drilling — mutations auto-invalidate the cache.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual useState/useEffect/setInterval polling with useQuery
(refetchInterval: 60s) and useMutation for markAsRead/markAllAsRead.
Public API remains identical so consumers need no changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual useState/useEffect data fetching with useDashboard hook
that uses TanStack Query for automatic caching, refetching, and loading
state management.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Install @tanstack/react-query v5 and wrap the app with
QueryClientProvider as foundation for server-state management.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove Nachname/Vorname columns from ICD coding template (DSGVO)
- Restrict /cases/coding-template endpoint to admin-only
- ICD import reads last column for backwards compatibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
