Files
conference/templates/attendee/attendees.html
T
paul a3546b4c01 Security hardening: env-based config, CSRF protection, secure code generation, plus presenter management and email communications system
- Move all credentials from hardcoded to .env with python-dotenv (add .env.example template and .gitignore)
- Add CSRF token generation and validation on all state-changing requests
- Replace random.choices with secrets.choice for all secure code generation
- Add session cookie security headers (HttpOnly, Secure, SameSite)
- Add presenter management: assign/remove presenters to breakout sessions, presenter QR scanning
- Add email communications system: templates per event, custom email sending, sent email tracking
- Add staff/organizer profile pages with staff code display
- New DB tables: event_email_templates, sent_emails, user_communications
- New DB columns: staff.reminder_count/reminder_dates, breakout_session_organizers.presenter_code
- Expand English translation strings across all new features

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-26 20:34:48 +00:00

78 lines
3.8 KiB
HTML

{% extends "base.html" %}
{% block title %}{{ 'attendees'|t }} - NetEvents{% endblock %}
{% block content %}
<div class="attendees-page">
{% if event %}
<div class="event-info-header">
<h1>{{ event.name }}</h1>
<div class="event-meta">
{% if event.location %}
<span class="event-location">{{ event.location }}</span>
{% endif %}
{% if event.start_time %}
<span class="event-date">{{ event.start_time|localized_date }}</span>
{% endif %}
</div>
{% if event.description %}
<p class="event-description">{{ event.description }}</p>
{% endif %}
</div>
{% endif %}
<p class="page-subtitle">{{ 'connect_with_attendees'|t }}</p>
<div class="attendee-search">
<form method="GET" action="{{ url_for('list_attendees') }}">
<input type="text" name="q" value="{{ search_query }}" placeholder="{{ 'search_attendees'|t }}">
<button type="submit" class="btn btn-primary">{{ 'search'|t }}</button>
</form>
<p class="search-hint">{{ 'search_min_chars'|t|format(min_chars) }}</p>
</div>
{% if search_query and search_query|length >= min_chars %}
{% if too_broad %}
<p class="search-too-broad">{{ 'search_too_broad'|t }}</p>
{% elif attendees %}
<div class="attendees-grid">
{% for att in attendees %}
<div class="attendee-card">
<div class="attendee-photo">
{% if att.profile_picture %}
<img src="{{ url_for('static', filename='uploads/' + att.profile_picture) }}" alt="Photo">
{% else %}
<div class="no-photo"><span class="first-name">{{ att.first_name[0] }}</span><span class="last-name">{{ att.last_name[0] }}</span></div>
{% endif %}
</div>
<div class="attendee-info">
<h3><span class="first-name">{{ att.first_name }}</span> <span class="last-name">{{ att.last_name }}</span></h3>
<p class="attendee-org">{{ att.organisation if att.organisation else '' }}</p>
<p class="attendee-role">{{ att.role if att.role else '' }}</p>
{% if att.introduction %}
<p class="attendee-intro">{{ att.introduction[:100] }}{% if att.introduction|length > 100 %}...{% endif %}</p>
{% endif %}
</div>
<div class="attendee-actions">
{% if att.my_status == 'accepted' %}
<span class="badge badge-success">{{ 'connected'|t }}</span>
{% elif att.my_status == 'pending' %}
<span class="badge badge-pending">{{ 'request_pending'|t }}</span>
{% elif att.my_status == 'rejected' %}
<span class="badge badge-rejected">{{ 'rejected'|t }}</span>
{% else %}
<form method="POST" action="{{ url_for('create_connection') }}" class="connect-form">
<input type="hidden" name="connected_attendee_id" value="{{ att.id }}">
<button type="submit" class="btn btn-sm btn-primary">{{ 'connect'|t }}</button>
</form>
{% endif %}
</div>
</div>
{% endfor %}
</div>
{% else %}
<p class="no-attendees">{{ 'no_attendees_found'|t }}</p>
{% endif %}
{% endif %}
</div>
{% endblock %}