Add team invite system: collaboratori accedono al sistema senza login

- GET /join/<token> → log accesso + sessione guest → redirect guest_dashboard
- GET /guest-dashboard → lista piani in read-only (no login)
- GET /view-public/<plan_id> → accetta anche team token da sessione
- POST /api/admin/team-invite → genera link invito (solo super_admin)
- Template guest_dashboard.html con lista piani navigabile
- Fix plan_viewer.js: rimuovi codice rotto revokeShare, pulisci submit handler
- Aggiunto campo "Nome collaboratore" nel modale condivisione piano

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

app.py

@@ -1424,6 +1424,74 @@ def api_delete_guest_token(plan_id: str, token: str):
     return jsonify({"ok": True})
 
 
+# ─── TEAM INVITE (accesso sistema intero senza login) ────────────────────────
+
+@app.route("/api/admin/team-invite", methods=["POST"])
+@login_required
+def api_create_team_invite():
+    """Crea un token di invito team — solo super_admin."""
+    if current_user.role != "super_admin":
+        return jsonify({"error": "Forbidden"}), 403
+    import uuid
+    from datetime import timedelta
+    data = request.get_json(silent=True) or {}
+    label = data.get("label", "Team Rooting Future")
+    days = int(data.get("expires_days", 90))
+    token = "team_" + str(uuid.uuid4()).replace("-", "")
+    expires_at = (datetime.now() + timedelta(days=days)).isoformat() if days > 0 else ""
+    # Riusa la tabella guest_tokens con plan_id="__team__"
+    knowledge_manager.store.create_guest_token(
+        token=token, plan_id="__team__",
+        owner_id=int(current_user.id),
+        label=label, expires_at=expires_at,
+    )
+    link = url_for("team_access", token=token, _external=True)
+    return jsonify({"token": token, "link": link, "label": label, "expires_at": expires_at})
+
+
+@app.route("/join/<token>")
+def team_access(token: str):
+    """Accesso al sistema per collaboratori tramite invite link (no login)."""
+    rec = knowledge_manager.store.get_guest_token(token)
+    if not rec or rec["plan_id"] != "__team__":
+        return render_template("error.html", message="Link di invito non valido."), 404
+    if rec.get("expires_at") and rec["expires_at"] < datetime.now().isoformat():
+        return render_template("error.html", message="Link di invito scaduto."), 403
+    # Log accesso
+    knowledge_manager.store.log_guest_access(
+        token=token, plan_id="__team__",
+        ip=request.headers.get("X-Forwarded-For", request.remote_addr or ""),
+        user_agent=request.user_agent.string or "",
+    )
+    # Salva token in sessione per navigazione successiva
+    session["guest_team_token"] = token
+    session["guest_label"] = rec.get("label", "")
+    return redirect(url_for("guest_dashboard"))
+
+
+@app.route("/guest-dashboard")
+def guest_dashboard():
+    """Dashboard read-only per collaboratori senza account."""
+    token = session.get("guest_team_token")
+    if not token:
+        return redirect(url_for("login"))
+    rec = knowledge_manager.store.get_guest_token(token)
+    if not rec or rec["plan_id"] != "__team__":
+        session.pop("guest_team_token", None)
+        return redirect(url_for("login"))
+    if rec.get("expires_at") and rec["expires_at"] < datetime.now().isoformat():
+        return render_template("error.html", message="Sessione scaduta."), 403
+    # Carica tutti i piani del super_admin (owner_id del token)
+    owner_id = rec["owner_id"]
+    plans, _ = knowledge_manager.store.list_plans(owner_id=owner_id, limit=100)
+    return render_template(
+        "guest_dashboard.html",
+        plans=plans,
+        guest_label=rec.get("label", ""),
+        token=token,
+    )
+
+
 @app.route("/preview/<token>")
 def guest_preview(token: str):
     """Visualizza piano senza login tramite guest token."""
@@ -1446,9 +1514,10 @@ def guest_preview(token: str):
 @app.route("/view-public/<plan_id>")
 def view_plan_public(plan_id: str):
     """Viewer pubblico per guest token — nessun login."""
-    token = request.args.get("token", "")
+    token = request.args.get("token", "") or session.get("guest_team_token", "")
     rec = knowledge_manager.store.get_guest_token(token) if token else None
-    if not rec or rec["plan_id"] != plan_id:
+    # Accetta sia token specifico per piano sia team token (__team__)
+    if not rec or (rec["plan_id"] != plan_id and rec["plan_id"] != "__team__"):
         return render_template("error.html", message="Accesso non autorizzato."), 403
     if rec.get("expires_at") and rec["expires_at"] < datetime.now().isoformat():
         return render_template("error.html", message="Link scaduto."), 403

static/js/plan_viewer.js

@@ -338,41 +338,29 @@ document.addEventListener('DOMContentLoaded', function() {
             const formData = new FormData(shareForm);
 
             const data = {
+                label: formData.get('label') || 'Collaboratore',
                 expires_days: parseInt(formData.get('expires_days')),
-                password: formData.get('password') || null,
-                allow_download: formData.get('allow_download') === 'on'
             };
 
-            console.log('[SHARE] Creating share link...', data);
-
-            fetch(`/share/${planId}`, {
+            fetch(`/api/plans/${planId}/guest-tokens`, {
                 method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json'
-                },
+                headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify(data)
             })
-            .then(response => response.json())
+            .then(r => r.json())
             .then(result => {
-                if (result.success) {
-                    console.log('[SHARE] Share link created:', result.share_url);
-
-                    // Show result
-                    document.getElementById('shareUrl').value = result.share_url;
+                if (result.link) {
+                    document.getElementById('shareUrl').value = result.link;
                     document.getElementById('shareResult').style.display = 'block';
-
-                    // Reload active shares
                     loadActiveShares();
-
-                    // Scroll to result
                     document.getElementById('shareResult').scrollIntoView({ behavior: 'smooth' });
                 } else {
-                    alert('Errore durante la creazione del link: ' + (result.error || 'Errore sconosciuto'));
+                    alert('Errore: ' + (result.error || 'Sconosciuto'));
                 }
             })
-            .catch(error => {
-                console.error('[SHARE] Error creating share:', error);
-                alert('Errore durante la creazione del link di condivisione.');
+            .catch(err => {
+                console.error('[SHARE] Error:', err);
+                alert('Errore durante la creazione del link.');
             });
         });
     }
@@ -410,71 +398,40 @@ function loadActiveShares() {
 
     sharesList.innerHTML = '<p style="color: #6c757d; font-size: 14px;">Caricamento...</p>';
 
-    fetch(`/api/shares/${planId}`)
-        .then(response => response.json())
-        .then(data => {
-            const shares = data.shares || [];
-
-            if (shares.length === 0) {
-                sharesList.innerHTML = '<p style="color: #6c757d; font-size: 14px;">Nessun link attivo. Crea il primo!</p>';
+    fetch(`/api/plans/${planId}/guest-tokens`)
+        .then(r => r.json())
+        .then(tokens => {
+            if (!tokens.length) {
+                sharesList.innerHTML = '<p style="color:#6c757d;font-size:14px;">Nessun link attivo. Crea il primo!</p>';
                 return;
             }
-
             let html = '';
-            shares.forEach(share => {
-                const expiresAt = new Date(share.expires_at);
-                const createdAt = new Date(share.created_at);
-
-                html += `
-                    <div class="share-item">
-                        <div class="share-item-info">
-                            <strong>${share.share_url.substring(0, 60)}...</strong>
-                            <small>
-                                Creato: ${createdAt.toLocaleDateString('it-IT')} |
-                                Scade: ${expiresAt.toLocaleDateString('it-IT')} |
-                                Visualizzazioni: ${share.view_count}
-                                ${share.password_hash ? ' | 🔐 Protetto' : ''}
-                                ${share.allow_download ? ' | 📥 Download' : ''}
-                            </small>
-                        </div>
-                        <button class="btn-revoke" onclick="revokeShare('${share.share_token}')">
-                            🗑️ Revoca
-                        </button>
+            tokens.forEach(t => {
+                const created = new Date(t.created_at).toLocaleDateString('it-IT');
+                const expires = t.expires_at ? new Date(t.expires_at).toLocaleDateString('it-IT') : '∞';
+                html += `<div class="share-item">
+                    <div class="share-item-info">
+                        <strong>${t.label || 'Collaboratore'}</strong>
+                        <small>Creato: ${created} | Scade: ${expires} | Accessi: ${t.access_count || 0}
+                        ${t.last_access ? ' | Ultimo: ' + new Date(t.last_access).toLocaleString('it-IT') : ''}</small>
                     </div>
-                `;
+                    <button class="btn-revoke" onclick="revokeShare('${t.token}','${planId}')">🗑️ Revoca</button>
+                </div>`;
             });
-
             sharesList.innerHTML = html;
-            console.log('[SHARE] Loaded', shares.length, 'active shares');
         })
-        .catch(error => {
-            console.error('[SHARE] Error loading shares:', error);
-            sharesList.innerHTML = '<p style="color: #dc2626; font-size: 14px;">Errore nel caricamento dei link.</p>';
+        .catch(() => {
+            sharesList.innerHTML = '<p style="color:#dc2626;font-size:14px;">Errore caricamento link.</p>';
         });
 }
 
-function revokeShare(shareToken) {
-    if (!confirm('Sei sicuro di voler revocare questo link? Non sarà più accessibile.')) {
-        return;
-    }
-
-    console.log('[SHARE] Revoking share:', shareToken);
-
-    fetch(`/api/shares/${shareToken}/revoke`, {
-        method: 'POST'
-    })
-    .then(response => response.json())
+function revokeShare(shareToken, planId) {
+    if (!confirm('Revocare questo link? Non sarà più accessibile.')) return;
+    fetch(`/api/plans/${planId}/guest-tokens/${shareToken}`, { method: 'DELETE' })
+    .then(r => r.json())
     .then(result => {
-        if (result.success) {
-            console.log('[SHARE] Share revoked successfully');
-            loadActiveShares();
-        } else {
-            alert('Errore durante la revoca: ' + (result.error || 'Errore sconosciuto'));
-        }
-    })
-    .catch(error => {
-        console.error('[SHARE] Error revoking share:', error);
-        alert('Errore durante la revoca del link.');
+        if (result.ok) loadActiveShares();
+        else alert('Errore revoca link');
     });
 }
 

templates/guest_dashboard.html

@@ -0,0 +1,63 @@
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Rooting Future • Area Collaboratori</title>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+    <style>
+        :root { --primary: #10b981; --bg: #0f172a; --card: #1e293b; --border: #334155; --text: #f1f5f9; --muted: #94a3b8; }
+        * { box-sizing: border-box; margin: 0; padding: 0; }
+        body { font-family: 'Inter', sans-serif; background: var(--bg); color: var(--text); min-height: 100vh; }
+
+        .header { background: var(--card); border-bottom: 1px solid var(--border); padding: 1rem 2rem; display: flex; align-items: center; justify-content: space-between; }
+        .logo { font-size: 1.2rem; font-weight: 800; color: var(--primary); }
+        .guest-badge { background: rgba(16,185,129,.15); color: var(--primary); padding: 4px 12px; border-radius: 20px; font-size: 0.75rem; font-weight: 700; }
+
+        .container { max-width: 1100px; margin: 0 auto; padding: 2rem 1rem; }
+        h1 { font-size: 1.6rem; font-weight: 800; margin-bottom: 0.4rem; }
+        .subtitle { color: var(--muted); margin-bottom: 2rem; font-size: 0.9rem; }
+
+        .plans-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(300px, 1fr)); gap: 1.2rem; }
+        .plan-card { background: var(--card); border: 1px solid var(--border); border-radius: 16px; padding: 1.5rem; text-decoration: none; color: inherit; display: block; transition: all .2s; }
+        .plan-card:hover { border-color: var(--primary); transform: translateY(-3px); }
+        .plan-club { font-size: 1.1rem; font-weight: 800; margin-bottom: 0.3rem; }
+        .plan-cat { font-size: 0.75rem; color: var(--muted); text-transform: uppercase; letter-spacing: 1px; margin-bottom: 1rem; }
+        .plan-date { font-size: 0.75rem; color: var(--muted); }
+        .plan-btn { display: inline-block; margin-top: 1rem; background: var(--primary); color: #000; padding: 0.5rem 1.2rem; border-radius: 8px; font-size: 0.8rem; font-weight: 700; }
+
+        .empty { text-align: center; color: var(--muted); padding: 4rem 0; }
+
+        @media(max-width:600px) { .plans-grid { grid-template-columns: 1fr; } }
+    </style>
+</head>
+<body>
+    <div class="header">
+        <div class="logo">🌱 Rooting Future</div>
+        <div class="guest-badge">👤 {{ guest_label or 'Collaboratore' }}</div>
+    </div>
+
+    <div class="container">
+        <h1>Piani Strategici</h1>
+        <p class="subtitle">Accesso in sola lettura. Per modifiche contatta l'amministratore.</p>
+
+        {% if plans %}
+        <div class="plans-grid">
+            {% for plan in plans %}
+            <a href="/view-public/{{ plan.id }}?token={{ token }}" class="plan-card">
+                <div class="plan-club">{{ plan.club_name or plan.id }}</div>
+                <div class="plan-cat">{{ plan.category or '—' }}</div>
+                <div class="plan-date">{{ plan.created_at[:10] if plan.created_at else '' }}</div>
+                <div class="plan-btn">Visualizza Piano →</div>
+            </a>
+            {% endfor %}
+        </div>
+        {% else %}
+        <div class="empty">
+            <div style="font-size:3rem;margin-bottom:1rem">📋</div>
+            <p>Nessun piano disponibile al momento.</p>
+        </div>
+        {% endif %}
+    </div>
+</body>
+</html>

templates/strategic_plan_viewer.html

@@ -310,6 +310,11 @@
             </p>
 
             <form id="shareForm">
+                <div class="form-group">
+                    <label>Nome collaboratore</label>
+                    <input type="text" name="label" class="form-control" placeholder="es. Mario Rossi, Staff Tecnico…" required>
+                </div>
+
                 <div class="form-group">
                     <label>Scadenza Link</label>
                     <select name="expires_days" class="form-control">
@@ -320,19 +325,6 @@
                     </select>
                 </div>
 
-                <div class="form-group">
-                    <label>Password (opzionale)</label>
-                    <input type="password" name="password" class="form-control" placeholder="Lascia vuoto per nessuna password">
-                    <small>Aggiungi una password per maggiore sicurezza</small>
-                </div>
-
-                <div class="form-group checkbox-group">
-                    <label>
-                        <input type="checkbox" name="allow_download">
-                        Permetti download PDF/DOCX
-                    </label>
-                </div>
-
                 <button type="submit" class="btn btn-primary btn-block">
                     ✨ Genera Link di Condivisione
                 </button>