Adds "Passwort vergessen?" to login page with email-based password
reset flow. Backend generates secure token (SHA-256 hashed, 1h expiry),
sends reset link via SMTP, and validates on submission. Includes rate
limiting (3 requests/hour/email), audit logging, and account unlock
on successful reset. New ResetPasswordPage with password confirmation.
New DB table: password_reset_tokens (migration 008).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New GET /cases/export endpoint generates .xlsx with openpyxl using the
same filters as the case list (year, fallgruppe, ICD status, search).
Role-aware columns: admins see patient names, DAK staff does not.
Frontend adds a Download button next to the filter bar with loading
state. Refactors shared query logic into _build_case_query helper.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New guide page accessible via sidebar with accordion-based instructions
covering Dashboard, Cases, ICD input, Disclosures, Reports, Weekly
Overview, and Account management. Includes a glossary of key terms.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Wochenübersicht exports now persisted in DB (WeeklyReport) + disk
- POST /reports/wochenuebersicht/generate replaces GET (admin-only)
- POST /reports/wochenuebersicht/upload-icd for ICD upload (all roles)
- GET /reports/list supports report_type_prefix filter
- WochenuebersichtPage: report table + ICD drag-drop upload for all roles
- Route + sidebar open to all authenticated users
- ReportsPage filters out wochenuebersicht report types
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Detailed task-by-task plan for Vitest + MSW + Playwright test infrastructure
covering hooks, services, page integration tests and E2E browser tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace patient last name in fall_id with KVNR (or random fallback).
Retroactive migration of all existing ~2900 fall_ids.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backend-enforced field masking for dak_mitarbeiter, disclosure request
workflow with 24h expiry, admin approval page, and frontend adaptations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Design for hiding personal data (name, birthdate) from dak_mitarbeiter
users with backend-enforced filtering and a time-limited disclosure
request mechanism for KVNR error resolution.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Initialize project structure with backend/app/ package layout
- Add FastAPI app with CORS middleware and health check endpoint
- Add Pydantic Settings config with DB, JWT, SMTP, and app settings
- Add SQLAlchemy database engine and session management
- Add requirements.txt with all dependencies (FastAPI, SQLAlchemy, Alembic, etc.)
- Add .env.example template and .gitignore
- Add empty frontend/ and backend test scaffolding
- Include project specification and design/implementation plans
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
