from flask import Blueprint, render_template, request, redirect, url_for, flash, jsonify, send_file, Response, abort, session, current_app from datetime import datetime import mimetypes import os import zipfile import json import shutil from io import BytesIO from werkzeug.utils import secure_filename from database import db from models import Case, CaseDocument, CaseNote, CaseActivity, AnalysisJob, User from auth_routes import login_required, log_activity # Create Blueprint case_bp = Blueprint('cases', __name__, url_prefix='/cases') # Helper function to log case activity def log_case_activity(case_id, user_id, activity_type, description, entity_type=None, entity_id=None): activity = CaseActivity( case_id=case_id, user_id=user_id, activity_type=activity_type, description=description, entity_type=entity_type, entity_id=entity_id ) db.session.add(activity) db.session.commit() # Helper function to generate case timeline def generate_case_timeline(case, limit=10): """Generate timeline events for a case (Phase 1: System events only) Returns list of timeline events sorted by date (newest first) """ events = [] # 1. Case creation event events.append({ 'date': case.created_at, 'type': 'case_created', 'icon': 'fas fa-folder-plus', 'color': 'primary', 'title': 'Case Opened', 'description': f'Case "{case.case_name}" created', 'source': 'System', 'source_id': None }) # 2. Document upload events for doc in case.documents: events.append({ 'date': doc.uploaded_at, 'type': 'document_uploaded', 'icon': 'fas fa-file-upload', 'color': 'info', 'title': 'Document Uploaded', 'description': doc.original_filename, 'source': 'System', 'source_id': doc.id }) # 3. Note creation events for note in case.notes: # Truncate long notes for timeline note_preview = note.note_text[:60] + '...' if len(note.note_text) > 60 else note.note_text events.append({ 'date': note.created_at, 'type': 'note_added', 'icon': 'fas fa-sticky-note', 'color': 'warning', 'title': 'Note Added', 'description': note_preview, 'source': note.user.get_full_name() if note.user else 'Unknown', 'source_id': note.id }) # 4. Case status changes from activity log status_activities = CaseActivity.query.filter_by( case_id=case.id, activity_type='status_updated' ).all() for activity in status_activities: events.append({ 'date': activity.created_at, 'type': 'status_changed', 'icon': 'fas fa-exchange-alt', 'color': 'success', 'title': 'Status Changed', 'description': activity.description, 'source': activity.user.get_full_name() if activity.user else 'System', 'source_id': activity.id }) # 5. Analysis/Summarization completion events from models import AnalysisJob, SummarizationJob # Get completed analyses for this case completed_analyses = AnalysisJob.query.filter_by( case_id=case.id, status='completed' ).all() for job in completed_analyses: events.append({ 'date': job.completed_at if job.completed_at else job.created_at, 'type': 'analysis_completed', 'icon': 'fas fa-microscope', 'color': 'secondary', 'title': 'Analysis Completed', 'description': f'{job.original_filename or job.filename}', 'source': 'AI Analysis', 'source_id': job.id }) # Get completed summaries for this case completed_summaries = SummarizationJob.query.filter_by( case_id=case.id, status='completed' ).all() for job in completed_summaries: events.append({ 'date': job.completed_at if job.completed_at else job.created_at, 'type': 'summary_completed', 'icon': 'fas fa-file-alt', 'color': 'secondary', 'title': 'Summary Completed', 'description': f'{job.original_filename or job.filename}', 'source': 'AI Summary', 'source_id': job.id }) # Sort by date (newest first) events.sort(key=lambda x: x['date'], reverse=True) # Limit results if limit: events = events[:limit] return events @case_bp.route('/') @login_required def list_cases(): """List all cases the user can access""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) # Get cases based on user role if user.is_admin(): cases = Case.query.all() elif user.is_company_admin(): cases = Case.query.filter_by(company_id=user.company_id).all() else: # Regular users see cases they created, lead attorney, team member, or non-confidential company cases cases = Case.query.filter( db.or_( Case.created_by_id == user.id, Case.lead_attorney_id == user.id, db.and_(Case.company_id == user.company_id, Case.is_confidential == False), Case.team_members.any(User.id == user.id) # Check if user is a team member ) ).all() return render_template('cases/list.html', cases=cases) @case_bp.route('/new', methods=['GET', 'POST']) @login_required def new_case(): """Create a new case""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) if request.method == 'POST': # Check case limit for free and pro plan users subscription = user.get_subscription() if subscription and subscription.plan.name in ['free', 'pro']: # Count active cases for this user's company active_cases_count = Case.query.filter_by( company_id=user.company_id, status='active' ).count() max_cases = subscription.plan.features.get('max_cases') if max_cases and active_cases_count >= max_cases: if subscription.plan.name == 'free': message = f'Case limit reached. Free accounts can have up to {max_cases} active cases. Please upgrade to Pro for more cases.' else: # Pro plan message = f'Case limit reached. Pro accounts can have up to {max_cases} active cases. Please upgrade to Enterprise for unlimited cases or close/archive existing cases.' flash(message, 'warning') return redirect(url_for('subscription.view_plans')) # Create case case = Case( case_number=request.form.get('case_number'), case_name=request.form.get('case_name'), case_type=request.form.get('case_type'), practice_area=request.form.get('practice_area', 'general'), client_name=request.form.get('client_name'), opposing_party=request.form.get('opposing_party'), jurisdiction=request.form.get('jurisdiction'), description=request.form.get('description'), company_id=user.company_id, lead_attorney_id=user_id, created_by_id=user_id, date_opened=datetime.strptime(request.form.get('date_opened'), '%Y-%m-%d').date() if request.form.get('date_opened') else datetime.utcnow().date() ) db.session.add(case) db.session.commit() # Log activity log_case_activity( case.id, user_id, 'case_created', f'{user.username} created case {case.case_name}' ) flash('Case created successfully', 'success') return redirect(url_for('cases.view_case', case_id=case.id)) # Get company users for team assignment company_users = User.query.filter_by(company_id=user.company_id, active=True).all() return render_template('cases/new.html', company_users=company_users) @case_bp.route('/') @login_required def view_case(case_id): """View case dashboard""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Check access if not user.can_view_case(case): abort(403) # Get case documents documents = CaseDocument.query.filter_by(case_id=case_id).order_by(CaseDocument.uploaded_at.desc()).all() # Get analyses analyses = AnalysisJob.query.filter_by(case_id=case_id).order_by(AnalysisJob.created_at.desc()).all() # Get recent activity activities = CaseActivity.query.filter_by(case_id=case_id).order_by(CaseActivity.created_at.desc()).limit(20).all() # Get case notes notes = CaseNote.query.filter_by(case_id=case_id).order_by(CaseNote.created_at.desc()).limit(10).all() # Get company users for team member selection company_users = User.query.filter_by(company_id=user.company_id, active=True).order_by(User.email).all() # Get process services from models import ProcessService services = ProcessService.query.filter_by(case_id=case_id).order_by(ProcessService.service_date.desc()).all() # Generate timeline events (showing last 7 events) timeline_events = generate_case_timeline(case, limit=7) # FIXED: Added current_user=user parameter so template can access user.can_delete_case(case) return render_template('cases/dashboard.html', case=case, documents=documents, analyses=analyses, activities=activities, notes=notes, services=services, timeline_events=timeline_events, can_edit=user.can_edit_case(case), current_user=user, # This was missing and causing the template error! company_users=company_users # For team member selection ) @case_bp.route('//add_document', methods=['POST']) @login_required def add_document(case_id): """Add a document to a case with improved error handling""" from flask import session, current_app, request, jsonify import os from datetime import datetime from werkzeug.utils import secure_filename user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Check access if not user.can_view_case(case): return jsonify({'error': 'You do not have permission to access this case'}), 403 try: # Check if file is provided if 'file' not in request.files: return jsonify({'error': 'No file provided'}), 400 file = request.files['file'] if file.filename == '': return jsonify({'error': 'No file selected'}), 400 # Validate file type allowed_extensions = {'pdf', 'doc', 'docx', 'txt', 'jpg', 'jpeg', 'png', 'tiff', 'tif', 'bmp'} file_extension = file.filename.rsplit('.', 1)[1].lower() if '.' in file.filename else '' if file_extension not in allowed_extensions: return jsonify({'error': f'File type .{file_extension} not allowed. Supported types: {", ".join(allowed_extensions)}'}), 400 # Ensure upload directory exists upload_dir = current_app.config.get('UPLOAD_FOLDER', 'uploads') if not os.path.exists(upload_dir): os.makedirs(upload_dir) # Create secure filename filename = secure_filename(file.filename) timestamp = datetime.utcnow().timestamp() unique_filename = f"case_{case_id}_{user_id}_{timestamp}_{filename}" file_path = os.path.join(upload_dir, unique_filename) # Save file file.save(file_path) # Get form data document_type = request.form.get('document_type', 'other') description = request.form.get('description', '').strip() # Extract text content for search indexing content_text = None try: from law_library_routes import extract_text_from_file content_text = extract_text_from_file(file_path, file_extension) except Exception as e: current_app.logger.error(f"Error extracting text from {filename}: {e}") print(f"Text extraction error (non-critical): {e}") # Create document record document = CaseDocument( case_id=case_id, filename=unique_filename, original_filename=filename, file_path=file_path, document_type=document_type, description=description, content_text=content_text, uploaded_by_id=user_id, uploaded_at=datetime.utcnow() ) db.session.add(document) # Update the case's updated_at timestamp case.updated_at = datetime.utcnow() db.session.commit() # Log case activity log_case_activity( case_id, user_id, 'document_added', f'{user.username} added document "{filename}" ({document_type})', 'document', document.id ) # Log user activity log_activity( user_id, 'document_uploaded', f'Uploaded document "{filename}" to case "{case.case_name}"', 'case_document', document.id ) return jsonify({ 'success': True, 'message': 'Document uploaded successfully', 'document': { 'id': document.id, 'filename': document.original_filename, 'type': document.document_type, 'uploaded_at': document.uploaded_at.strftime('%Y-%m-%d %H:%M:%S') } }) except Exception as e: # Rollback any database changes db.session.rollback() # Log the error print(f"Error adding document to case {case_id}: {str(e)}") # Clean up file if it was saved if 'file_path' in locals() and os.path.exists(file_path): try: os.remove(file_path) except: pass return jsonify({'error': 'An error occurred while uploading the document. Please try again.'}), 500 @case_bp.route('//add_note', methods=['POST']) @login_required def add_note(case_id): """Add a note to a case""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Check access if not user.can_view_case(case): abort(403) note = CaseNote( case_id=case_id, user_id=user_id, note_text=request.form.get('note_text'), note_type=request.form.get('note_type', 'general') ) db.session.add(note) # Update the case's updated_at timestamp from datetime import datetime case.updated_at = datetime.utcnow() db.session.commit() # Log activity log_case_activity( case_id, user_id, 'note_added', f'{user.username} added a note', 'note', note.id ) flash('Note added successfully', 'success') return redirect(url_for('cases.view_case', case_id=case_id)) @case_bp.route('//add_service', methods=['POST']) @login_required def add_service(case_id): """Add a new process service record""" from flask import session from werkzeug.utils import secure_filename from models import ProcessService import os from datetime import datetime user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Check access if not user.can_view_case(case): abort(403) try: # Create new service record service = ProcessService( case_id=case_id, created_by_id=user_id, process_server_name=request.form.get('process_server_name'), person_served=request.form.get('person_served'), documents_served=request.form.get('documents_served'), service_notes=request.form.get('service_notes') ) # Parse service date service_date_str = request.form.get('service_date') if service_date_str: service.service_date = datetime.strptime(service_date_str, '%Y-%m-%dT%H:%M') else: service.service_date = datetime.utcnow() # Handle proof of service file upload if 'proof_of_service' in request.files: file = request.files['proof_of_service'] if file and file.filename: filename = secure_filename(file.filename) # Create uploads/process_service directory if it doesn't exist upload_dir = os.path.join(current_app.config['UPLOAD_FOLDER'], 'process_service') os.makedirs(upload_dir, exist_ok=True) # Add timestamp to filename to avoid conflicts timestamp = datetime.now().strftime('%Y%m%d_%H%M%S') filename = f"{timestamp}_{filename}" filepath = os.path.join(upload_dir, filename) file.save(filepath) service.proof_of_service_path = filepath db.session.add(service) # Update case timestamp case.updated_at = datetime.utcnow() db.session.commit() # Log activity log_case_activity( case_id, user_id, 'service_added', f'{user.username} recorded service to {service.person_served or "unnamed party"}', 'service', service.id ) flash('Process service recorded successfully', 'success') except Exception as e: db.session.rollback() flash(f'Error recording service: {str(e)}', 'error') return redirect(url_for('cases.view_case', case_id=case_id)) @case_bp.route('//service//delete', methods=['POST']) @login_required def delete_service(case_id, service_id): """Delete a process service record""" from flask import session from models import ProcessService import os user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) service = ProcessService.query.get_or_404(service_id) # Check access if not user.can_view_case(case) or service.case_id != case_id: abort(403) try: # Delete proof file if it exists if service.proof_of_service_path and os.path.exists(service.proof_of_service_path): os.remove(service.proof_of_service_path) db.session.delete(service) db.session.commit() flash('Process service record deleted', 'success') except Exception as e: db.session.rollback() flash(f'Error deleting service: {str(e)}', 'error') return redirect(url_for('cases.view_case', case_id=case_id)) @case_bp.route('//service//download') @login_required def download_service_proof(case_id, service_id): """Download proof of service file""" from flask import send_file, session from models import ProcessService user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) service = ProcessService.query.get_or_404(service_id) # Check access if not user.can_view_case(case) or service.case_id != case_id: abort(403) if not service.proof_of_service_path or not os.path.exists(service.proof_of_service_path): flash('Proof of service file not found', 'error') return redirect(url_for('cases.view_case', case_id=case_id)) return send_file(service.proof_of_service_path, as_attachment=True) @case_bp.route('//edit', methods=['GET', 'POST']) @login_required def edit_case(case_id): """Edit an existing case""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Check if user can edit this case if not user.can_edit_case(case): flash('You do not have permission to edit this case', 'danger') return redirect(url_for('cases.view_case', case_id=case_id)) if request.method == 'POST': # Update case fields case.case_name = request.form.get('case_name') case.case_number = request.form.get('case_number') case.case_type = request.form.get('case_type') case.client_name = request.form.get('client_name') case.opposing_party = request.form.get('opposing_party') case.jurisdiction = request.form.get('jurisdiction') case.description = request.form.get('description') case.status = request.form.get('status', 'active') case.is_confidential = 'is_confidential' in request.form # Update lead attorney if provided and user has permission new_lead_attorney = request.form.get('lead_attorney_id') if new_lead_attorney and (user.is_admin() or user.is_company_admin() or case.created_by_id == user_id): case.lead_attorney_id = int(new_lead_attorney) # Update dates if provided if request.form.get('date_opened'): try: case.date_opened = datetime.strptime(request.form.get('date_opened'), '%Y-%m-%d').date() except ValueError: pass if request.form.get('date_closed'): try: case.date_closed = datetime.strptime(request.form.get('date_closed'), '%Y-%m-%d').date() except ValueError: pass elif case.status == 'closed' and not case.date_closed: case.date_closed = datetime.utcnow().date() elif case.status != 'closed': case.date_closed = None case.updated_at = datetime.utcnow() try: db.session.commit() # Log the activity log_case_activity( case_id, user_id, 'case_updated', f'{user.username} updated case details', 'case', case_id ) flash('Case updated successfully', 'success') return redirect(url_for('cases.view_case', case_id=case_id)) except Exception as e: db.session.rollback() flash('Error updating case. Please try again.', 'danger') print(f"Error updating case: {e}") # Get company users for lead attorney assignment (GET request) company_users = User.query.filter_by(company_id=user.company_id, active=True).all() return render_template('cases/edit.html', case=case, company_users=company_users, can_assign_attorney=(user.is_admin() or user.is_company_admin() or case.created_by_id == user_id)) @case_bp.route('//documents') @login_required def view_documents(case_id): """View all documents for a case""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Check access if not user.can_view_case(case): abort(403) # Get all documents for this case documents = CaseDocument.query.filter_by(case_id=case_id).order_by(CaseDocument.uploaded_at.desc()).all() # Get document type counts for filtering document_types = {} for doc in documents: doc_type = doc.document_type or 'other' document_types[doc_type] = document_types.get(doc_type, 0) + 1 return render_template('cases/documents.html', case=case, documents=documents, document_types=document_types, can_edit=user.can_edit_case(case), current_user=user) @case_bp.route('//export') @login_required def export_case(case_id): """Export all case data and documents as a ZIP file""" from flask import session, current_app user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Check access if not user.can_view_case(case): abort(403) try: # Create a BytesIO object to store the ZIP file zip_buffer = BytesIO() with zipfile.ZipFile(zip_buffer, 'w', zipfile.ZIP_DEFLATED) as zip_file: # Create case folder name case_folder = f"Case_{case.case_number.replace('/', '_').replace(' ', '_')}" # 1. Export case metadata as JSON case_data = { 'case_number': case.case_number, 'case_name': case.case_name, 'case_type': case.case_type, 'practice_area': case.practice_area, 'status': case.status, 'client_name': case.client_name, 'opposing_party': case.opposing_party, 'jurisdiction': case.jurisdiction, 'description': case.description, 'date_opened': case.date_opened.isoformat() if case.date_opened else None, 'date_closed': case.date_closed.isoformat() if case.date_closed else None, 'created_at': case.created_at.isoformat(), 'updated_at': case.updated_at.isoformat() if case.updated_at else None } # Add case metadata to ZIP zip_file.writestr( f"{case_folder}/case_info.json", json.dumps(case_data, indent=2, default=str) ) # 2. Export case notes notes = CaseNote.query.filter_by(case_id=case_id).order_by(CaseNote.created_at).all() if notes: notes_data = [] for note in notes: note_user = User.query.get(note.user_id) notes_data.append({ 'content': note.content, 'created_by': note_user.username if note_user else 'Unknown', 'created_at': note.created_at.isoformat() }) zip_file.writestr( f"{case_folder}/notes.json", json.dumps(notes_data, indent=2, default=str) ) # 3. Export case activities log activities = CaseActivity.query.filter_by(case_id=case_id).order_by(CaseActivity.created_at).all() if activities: activities_data = [] for activity in activities: activity_user = User.query.get(activity.user_id) activities_data.append({ 'type': activity.activity_type, 'description': activity.description, 'user': activity_user.username if activity_user else 'Unknown', 'created_at': activity.created_at.isoformat() }) zip_file.writestr( f"{case_folder}/activity_log.json", json.dumps(activities_data, indent=2, default=str) ) # 4. Export analysis results analyses = AnalysisJob.query.filter_by(case_id=case_id).all() if analyses: for analysis in analyses: if analysis.status == 'completed' and analysis.results: analysis_filename = f"analysis_{analysis.perspective}_{analysis.created_at.strftime('%Y%m%d_%H%M%S')}.txt" analysis_content = f"Analysis of: {analysis.original_filename}\n" analysis_content += f"Perspective: {analysis.perspective}\n" analysis_content += f"Date: {analysis.created_at}\n" analysis_content += f"\n{'='*50}\n\n" if analysis.results.final_analysis: analysis_content += analysis.results.final_analysis zip_file.writestr( f"{case_folder}/analyses/{analysis_filename}", analysis_content ) # 5. Export case documents documents = CaseDocument.query.filter_by(case_id=case_id).all() if documents: for document in documents: if document.file_path and os.path.exists(document.file_path): # Add the actual document file with open(document.file_path, 'rb') as f: zip_file.writestr( f"{case_folder}/documents/{document.original_filename}", f.read() ) # Add document metadata doc_meta = { 'original_filename': document.original_filename, 'document_type': document.document_type, 'description': document.description, 'uploaded_at': document.uploaded_at.isoformat(), 'uploaded_by': User.query.get(document.uploaded_by_id).username if document.uploaded_by_id else 'Unknown' } zip_file.writestr( f"{case_folder}/documents/metadata/{document.original_filename}.json", json.dumps(doc_meta, indent=2, default=str) ) # Prepare the ZIP file for download zip_buffer.seek(0) # Generate filename filename = f"Case_{case.case_number.replace('/', '_').replace(' ', '_')}_{datetime.now().strftime('%Y%m%d_%H%M%S')}.zip" # Log the export log_case_activity( case_id, user_id, 'case_exported', f'{user.username} exported case data' ) return send_file( zip_buffer, mimetype='application/zip', as_attachment=True, download_name=filename ) except Exception as e: print(f"Error exporting case: {e}") flash('An error occurred while exporting the case. Please try again.', 'danger') return redirect(url_for('cases.view_case', case_id=case_id)) @case_bp.route('//delete', methods=['POST']) @login_required def delete_case(case_id): """Delete a case and all associated data""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Check permissions - only case creator, lead attorney, company admin, or system admin can delete can_delete = ( user.is_admin() or (user.is_company_admin() and case.company_id == user.company_id) or case.created_by_id == user_id or case.lead_attorney_id == user_id ) if not can_delete: flash('You do not have permission to delete this case', 'danger') return redirect(url_for('cases.view_case', case_id=case_id)) try: # Store case info for logging before deletion case_name = case.case_name case_number = case.case_number # Get all related documents to delete files from filesystem documents = CaseDocument.query.filter_by(case_id=case_id).all() # Delete physical files for document in documents: try: if document.file_path and os.path.exists(document.file_path): os.remove(document.file_path) print(f"Deleted file: {document.file_path}") except Exception as e: print(f"Error deleting file {document.file_path}: {e}") # Delete the case (cascading deletes will handle related records) db.session.delete(case) db.session.commit() # Log the deletion activity log_activity( user_id, 'case_deleted', f'Deleted case: {case_name} ({case_number})', 'case', case_id ) flash(f'Case "{case_name}" has been permanently deleted', 'success') return redirect(url_for('cases.list_cases')) except Exception as e: db.session.rollback() print(f"Error deleting case: {e}") flash('An error occurred while deleting the case. Please try again.', 'danger') return redirect(url_for('cases.view_case', case_id=case_id)) @case_bp.route('//can_delete', methods=['GET']) @login_required def check_delete_permission(case_id): """Check if current user can delete this case (for frontend validation)""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) can_delete = ( user.is_admin() or (user.is_company_admin() and case.company_id == user.company_id) or case.created_by_id == user_id or case.lead_attorney_id == user_id ) return jsonify({'can_delete': can_delete}) @case_bp.route('//analyze_document/') @login_required def analyze_document(case_id, document_id): """Start analysis of a case document""" from flask import session user_id = session.get('user_id') case = Case.query.get_or_404(case_id) document = CaseDocument.query.get_or_404(document_id) user = User.query.get(user_id) # Check access if not user.can_view_case(case): abort(403) # Verify document belongs to this case if document.case_id != case_id: abort(404) # Redirect to upload with pre-filled case return redirect(url_for('upload_form', case_id=case.id, document_id=document.id)) @case_bp.route('//documents//status') @login_required def document_status(case_id, document_id): """Get status of a case document""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) if not user.can_view_case(case): return jsonify({'error': 'Access denied'}), 403 document = CaseDocument.query.filter_by(id=document_id, case_id=case_id).first_or_404() return jsonify({ 'id': document.id, 'filename': document.original_filename, 'type': document.document_type, 'description': document.description, 'uploaded_at': document.uploaded_at.strftime('%Y-%m-%d %H:%M:%S'), 'uploaded_by': document.uploaded_by.username if document.uploaded_by else 'Unknown', 'has_analysis': bool(getattr(document, 'analysis_job_id', None)), 'has_summary': bool(getattr(document, 'summarization_job_id', None)) }) @case_bp.route('//documents//analyze') @login_required def analyze_case_document(case_id, document_id): """Redirect to analyze a specific case document""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) if not user.can_view_case(case): flash('You do not have permission to access this case', 'danger') return redirect(url_for('cases.list_cases')) document = CaseDocument.query.filter_by(id=document_id, case_id=case_id).first_or_404() # Redirect to document analysis with case and document context return redirect(url_for('upload_form', case_id=case_id, document_id=document_id)) @case_bp.route('//documents//summarize') @login_required def summarize_case_document(case_id, document_id): """Redirect to summarize a specific case document""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) if not user.can_view_case(case): flash('You do not have permission to access this case', 'danger') return redirect(url_for('cases.list_cases')) document = CaseDocument.query.filter_by(id=document_id, case_id=case_id).first_or_404() # Redirect to document summarization with case and document context return redirect(url_for('summarization.summarization_form', case_id=case_id, document_id=document_id)) @case_bp.route('//documents//view') @login_required def view_document(case_id, document_id): """View a document in the browser""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) document = CaseDocument.query.get_or_404(document_id) # Check access if not user.can_view_case(case): abort(403) # Verify document belongs to this case if document.case_id != case_id: abort(404) # Check if file exists if not document.file_path or not os.path.exists(document.file_path): flash('Document file not found', 'danger') return redirect(url_for('cases.view_documents', case_id=case_id)) # Get file extension to determine how to serve file_extension = document.original_filename.split('.')[-1].lower() if '.' in document.original_filename else '' # For PDFs, serve inline in browser if file_extension == 'pdf': return send_file( document.file_path, mimetype='application/pdf', as_attachment=False, download_name=document.original_filename ) # For images, serve inline elif file_extension in ['jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff', 'tif']: mimetype, _ = mimetypes.guess_type(document.file_path) return send_file( document.file_path, mimetype=mimetype or 'application/octet-stream', as_attachment=False, download_name=document.original_filename ) # For other file types, force download else: return send_file( document.file_path, as_attachment=True, download_name=document.original_filename ) @case_bp.route('//documents//download') @login_required def download_document(case_id, document_id): """Download a document""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) document = CaseDocument.query.get_or_404(document_id) # Check access if not user.can_view_case(case): abort(403) # Verify document belongs to this case if document.case_id != case_id: abort(404) # Check if file exists if not document.file_path or not os.path.exists(document.file_path): flash('Document file not found', 'danger') return redirect(url_for('cases.view_documents', case_id=case_id)) # Log the download activity log_case_activity( case_id, user_id, 'document_downloaded', f'{user.username} downloaded document "{document.original_filename}"', 'document', document.id ) # Force download for all file types return send_file( document.file_path, as_attachment=True, download_name=document.original_filename ) # NEW: Advanced case search with real-time filtering (like documents page) @case_bp.route('/find', methods=['GET']) @login_required def find_cases(): """Advanced case search with real-time filtering (like documents page)""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) # Get all cases the user can access if user.is_admin(): cases = Case.query.all() elif user.is_company_admin(): cases = Case.query.filter_by(company_id=user.company_id).all() else: # Regular users see cases they created, lead attorney, team member, or non-confidential company cases cases = Case.query.filter( db.or_( Case.created_by_id == user.id, Case.lead_attorney_id == user.id, db.and_(Case.company_id == user.company_id, Case.is_confidential == False), Case.team_members.any(User.id == user.id) # Check if user is a team member ) ).all() # Get available case types and statuses for filters case_types = {} statuses = {} for case in cases: # Count case types case_type = case.case_type or 'Other' case_types[case_type] = case_types.get(case_type, 0) + 1 # Count statuses status = case.status or 'active' statuses[status] = statuses.get(status, 0) + 1 # Log search page access log_activity( user_id, 'case_find_page', 'Accessed advanced case search page' ) return render_template('cases/case_search.html', cases=cases, case_types=case_types, statuses=statuses, user=user) # EXISTING: Original search function (kept for compatibility) @case_bp.route('/search', methods=['GET', 'POST']) @login_required def search_cases(): """Search for cases with advanced filters""" from flask import session user_id = session.get('user_id') user = User.query.get(user_id) cases = [] search_performed = False search_params = {} if request.method == 'POST' or request.args.get('search') == '1': search_performed = True # Get search parameters keyword_search = request.form.get('keywordSearch', '') or request.args.get('q', '') # Store search params for template search_params = {'keywordSearch': keyword_search} # Build the query based on user access level if user.is_admin(): query = Case.query elif user.is_company_admin(): query = Case.query.filter_by(company_id=user.company_id) else: # Regular users see cases they created, lead attorney, team member, or non-confidential company cases query = Case.query.filter( db.or_( Case.created_by_id == user.id, Case.lead_attorney_id == user.id, db.and_(Case.company_id == user.company_id, Case.is_confidential == False), Case.team_members.any(User.id == user.id) # Check if user is a team member ) ) # Apply search filters if keyword_search: keyword_filter = f"%{keyword_search}%" query = query.filter( db.or_( Case.case_name.ilike(keyword_filter), Case.case_number.ilike(keyword_filter), Case.client_name.ilike(keyword_filter), Case.opposing_party.ilike(keyword_filter), Case.description.ilike(keyword_filter) ) ) # Execute query try: cases = query.order_by(Case.date_opened.desc()).all() except Exception as e: flash(f'Search error: {str(e)}', 'danger') cases = [] # Log search activity log_activity( user_id, 'case_search', f'User searched for cases: {keyword_search}' if keyword_search else 'User performed case search' ) # Use list template for now return render_template('cases/list.html', cases=cases, search_performed=search_performed, search_params=search_params) @case_bp.route('//team/add', methods=['POST']) @login_required def add_team_member(case_id): """Add a team member to a case""" user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Only lead attorney, creator, or admins can add team members if not (user.is_admin() or user.is_company_admin() or case.lead_attorney_id == user.id or case.created_by_id == user.id): flash('You do not have permission to add team members to this case', 'danger') return redirect(url_for('cases.view_case', case_id=case_id)) # Get the user ID to add member_id = request.form.get('member_id') if not member_id: flash('Please select a team member', 'warning') return redirect(url_for('cases.view_case', case_id=case_id)) member = User.query.get(member_id) if not member: flash('User not found', 'danger') return redirect(url_for('cases.view_case', case_id=case_id)) # Check if user is in the same company if member.company_id != case.company_id: flash('Can only add team members from the same company', 'danger') return redirect(url_for('cases.view_case', case_id=case_id)) # Check if already a team member if member in case.team_members: flash(f'{member.get_full_name() or member.email} is already a team member', 'info') return redirect(url_for('cases.view_case', case_id=case_id)) # Add team member case.team_members.append(member) db.session.commit() # Log activity log_activity(user_id, 'case_team_add', f'Added {member.get_full_name() or member.email} to case {case.case_number}') flash(f'Successfully added {member.get_full_name() or member.email} to the case team', 'success') return redirect(url_for('cases.view_case', case_id=case_id)) @case_bp.route('//team/remove/', methods=['POST']) @login_required def remove_team_member(case_id, member_id): """Remove a team member from a case""" user_id = session.get('user_id') user = User.query.get(user_id) case = Case.query.get_or_404(case_id) # Only lead attorney, creator, or admins can remove team members if not (user.is_admin() or user.is_company_admin() or case.lead_attorney_id == user.id or case.created_by_id == user.id): flash('You do not have permission to remove team members from this case', 'danger') return redirect(url_for('cases.view_case', case_id=case_id)) member = User.query.get(member_id) if not member: flash('User not found', 'danger') return redirect(url_for('cases.view_case', case_id=case_id)) # Check if member is on the team if member not in case.team_members: flash(f'{member.get_full_name() or member.email} is not a team member', 'warning') return redirect(url_for('cases.view_case', case_id=case_id)) # Remove team member case.team_members.remove(member) db.session.commit() # Log activity log_activity(user_id, 'case_team_remove', f'Removed {member.get_full_name() or member.email} from case {case.case_number}') flash(f'Successfully removed {member.get_full_name() or member.email} from the case team', 'success') return redirect(url_for('cases.view_case', case_id=case_id))