Files
conference/templates/attendee/dashboard.html
T
paul a3546b4c01 Security hardening: env-based config, CSRF protection, secure code generation, plus presenter management and email communications system
- Move all credentials from hardcoded to .env with python-dotenv (add .env.example template and .gitignore)
- Add CSRF token generation and validation on all state-changing requests
- Replace random.choices with secrets.choice for all secure code generation
- Add session cookie security headers (HttpOnly, Secure, SameSite)
- Add presenter management: assign/remove presenters to breakout sessions, presenter QR scanning
- Add email communications system: templates per event, custom email sending, sent email tracking
- Add staff/organizer profile pages with staff code display
- New DB tables: event_email_templates, sent_emails, user_communications
- New DB columns: staff.reminder_count/reminder_dates, breakout_session_organizers.presenter_code
- Expand English translation strings across all new features

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-26 20:34:48 +00:00

102 lines
5.5 KiB
HTML

{% extends "base.html" %}
{% block title %}{{ 'attendee_dashboard'|t }} - NetEvents{% endblock %}
{% block content %}
<div class="attendee-dashboard">
<h1>{{ 'attendee_dashboard'|t }}</h1>
{% if event %}
<section class="event-info">
<h2>{{ 'current_event'|t }}</h2>
<div class="event-card">
<h3>{{ event.name }}</h3>
<p><strong>{{ 'start'|t }}:</strong> {{ event.start_time|localized_date if event.start_time else 'TBD' }}</p>
{% if event.end_time %}
<p><strong>{{ 'end'|t }}:</strong> {{ event.end_time|localized_date }}</p>
{% endif %}
<p><strong>{{ 'location'|t }}:</strong> {{ event.location }}</p>
<div class="event-card-actions">
<a href="{{ url_for('register_event', code=event.code) }}" class="btn btn-outline">{{ 'event_details'|t }}</a>
<a href="{{ url_for('attendee_breakout_sessions') }}" class="btn btn-outline">{{ 'breakout_sessions'|t }}</a>
<a href="{{ url_for('attendee_scan') }}" class="btn btn-primary"><i data-lucide="scan-line"></i> {{ 'scan_qr_to_connect'|t }}</a>
<a href="{{ url_for('download_badge') }}" class="btn btn-outline"><i data-lucide="file-down"></i> {{ 'download_badge'|t }}</a>
<form method="POST" action="{{ url_for('email_badge') }}" class="d-inline">
<button type="submit" class="btn btn-outline"><i data-lucide="mail"></i> {{ 'email_badge'|t }}</button>
</form>
</div>
</div>
</section>
{% endif %}
{% if pending_connections %}
<section class="pending-section">
<h2>{{ 'incoming_connection_requests'|t }}</h2>
<p><a href="{{ url_for('connection_requests') }}">{{ 'review_scan_requests'|t }}</a></p>
</section>
{% endif %}
<section class="connections-section">
<h2>{{ 'my_connections'|t }}</h2>
<div class="section-actions">
<a href="{{ url_for('list_attendees') }}" class="btn btn-primary">{{ 'find_attendees'|t }}</a>
</div>
{% if connections %}
<div class="connections-grid">
{% for conn in connections %}
<div class="connection-card">
<h4 class="mb-3"><span class="first-name">{{ conn.first_name }}</span> <span class="last-name">{{ conn.last_name }}</span></h4>
<p class="connection-org mb-3">{{ conn.organisation if conn.organisation else '' }}</p>
<p class="connection-role">{{ conn.role if conn.role else '' }}</p>
</div>
{% endfor %}
</div>
{% else %}
<p class="no-data">{{ 'no_connections_yet'|t }}</p>
{% endif %}
</section>
<section class="appointments-section">
<h2>{{ 'my_appointments'|t }}</h2>
<div class="section-actions">
<a href="{{ url_for('list_attendees') }}" class="btn btn-outline">{{ 'schedule_appointment'|t }}</a>
</div>
{% if appointments %}
<div class="appointments-list">
{% for apt in appointments %}
<div class="appointment-item {% if apt.status %}status-{{ apt.status }}{% endif %}">
<div class="apt-info">
<p><strong>
{% if apt.requester_id == session.user_id %}
{{ 'with'|t }} <span class="first-name">{{ apt.target_first_name }}</span> <span class="last-name">{{ apt.target_last_name }}</span>
{% else %}
{{ 'with'|t }} <span class="first-name">{{ apt.requester_first_name }}</span> <span class="last-name">{{ apt.requester_last_name }}</span>
{% endif %}
</strong></p>
<p><strong>{{ 'time'|t }}:</strong> {{ apt.appointment_time|localized_date if apt.appointment_time else 'TBD' }}</p>
<p><strong>{{ 'location'|t }}:</strong> {{ apt.location or 'TBD' }}</p>
<p class="apt-status status-{{ apt.status }}">{{ (apt.status)|spacify if apt.status else '' }}</p>
</div>
{% if apt.status == 'pending' and apt.target_id == session.user_id %}
<div class="apt-actions">
<form method="POST" action="{{ url_for('update_appointment', appointment_id=apt.id) }}" class="inline-form">
<input type="hidden" name="status" value="accepted">
<button type="submit" class="btn btn-sm btn-success">{{ 'accept'|t }}</button>
</form>
<form method="POST" action="{{ url_for('update_appointment', appointment_id=apt.id) }}" class="inline-form">
<input type="hidden" name="status" value="rejected">
<button type="submit" class="btn btn-sm btn-danger">{{ 'reject'|t }}</button>
</form>
</div>
{% endif %}
</div>
{% endfor %}
</div>
{% else %}
<p class="no-data">{{ 'no_appointments'|t }}</p>
{% endif %}
</section>
</div>
{% endblock %}