snapshot: preserve company config foundation and staff dashboard access

backend/workflows/views.py

@@ -27,7 +27,7 @@ from django.urls import reverse
 from .app_registry import build_portal_app_sections, get_portal_app_registry_rows
 from .backup_ops import create_backup_bundle, delete_backup_bundle, list_backup_bundles, verify_backup_bundle
 from .branding import get_branding_email_copy, get_company_email_domain, get_default_notification_templates
-from .forms import OffboardingRequestForm, OnboardingRequestForm, PortalBrandingForm, UserManagementCreateForm
+from .forms import OffboardingRequestForm, OnboardingRequestForm, PortalBrandingForm, PortalCompanyConfigForm, UserManagementCreateForm
 from .form_builder import (
     DEFAULT_FIELD_ORDER,
     LOCKED_FIELD_RULES,
@@ -36,7 +36,7 @@ from .form_builder import (
     ONBOARDING_PAGE_ORDER,
     ensure_form_field_configs,
 )
-from .models import AdminAuditLog, EmployeeProfile, FormFieldConfig, FormOption, IntroChecklistItem, NotificationRule, NotificationTemplate, OffboardingRequest, OnboardingIntroductionSession, OnboardingRequest, PortalAppConfig, PortalBranding, ScheduledWelcomeEmail, SystemEmailConfig, WorkflowConfig
+from .models import AdminAuditLog, EmployeeProfile, FormFieldConfig, FormOption, IntroChecklistItem, NotificationRule, NotificationTemplate, OffboardingRequest, OnboardingIntroductionSession, OnboardingRequest, PortalAppConfig, PortalBranding, PortalCompanyConfig, ScheduledWelcomeEmail, SystemEmailConfig, WorkflowConfig
 from .emailing import send_system_email
 from .roles import ROLE_GROUP_NAMES, ROLE_LABELS, ROLE_PLATFORM_OWNER, ROLE_SUPER_ADMIN, assign_user_role, get_user_role_key, get_user_role_label, user_has_capability
 from .services import get_email_test_redirect, is_email_test_mode, is_nextcloud_enabled, upload_to_nextcloud
@@ -587,6 +587,64 @@ def save_portal_branding(request):
     )
 
 
+@_require_capability('manage_company_config')
+def portal_company_config_page(request):
+    company_config, created = PortalCompanyConfig.objects.get_or_create(name='Default')
+    form = PortalCompanyConfigForm(instance=company_config)
+    return render(
+        request,
+        'workflows/company_config.html',
+        {
+            'form': form,
+            'company_config': company_config,
+        },
+    )
+
+
+@_require_capability('manage_company_config')
+@require_POST
+def save_portal_company_config(request):
+    company_config, created = PortalCompanyConfig.objects.get_or_create(name='Default')
+    form = PortalCompanyConfigForm(request.POST, instance=company_config)
+    if not form.is_valid():
+        messages.error(request, _('Firmenkonfiguration konnte nicht gespeichert werden. Bitte prüfen Sie die Eingaben.'))
+        return render(
+            request,
+            'workflows/company_config.html',
+            {
+                'form': form,
+                'company_config': company_config,
+            },
+            status=400,
+        )
+
+    company_config = form.save()
+    _audit(
+        request,
+        'portal_company_config_saved',
+        target_type='portal_company_config',
+        target_id=company_config.id,
+        target_label=company_config.legal_company_name or 'Default',
+        details={
+            'website_url': company_config.website_url,
+            'imprint_url': company_config.imprint_url,
+            'privacy_url': company_config.privacy_url,
+            'hr_contact_email': company_config.hr_contact_email,
+            'it_contact_email': company_config.it_contact_email,
+            'operations_contact_email': company_config.operations_contact_email,
+        },
+    )
+    messages.success(request, _('Firmenkonfiguration wurde gespeichert.'))
+    return render(
+        request,
+        'workflows/company_config.html',
+        {
+            'form': PortalCompanyConfigForm(instance=company_config),
+            'company_config': company_config,
+        },
+    )
+
+
 @_require_capability('manage_users')
 @require_POST
 def create_user_from_admin(request):
@@ -838,7 +896,7 @@ def delete_backup_from_admin(request, backup_name: str):
     return redirect('backup_recovery_page')
 
 
-@_require_capability('access_requests_dashboard')
+@_require_capability('view_request_timeline')
 def request_timeline_page(request, kind: str, request_id: int):
     if kind == 'onboarding':
         obj = get_object_or_404(OnboardingRequest, id=request_id)