Fix settings file safety, export filtering, container permissions, and i18n in install flow

Dockerfile

@@ -45,7 +45,7 @@ COPY . .
 
 # Create necessary directories for data persistence and adjust ownership
 RUN mkdir -p static data data/photos config repositories && \
-    chmod 777 data config repositories && \
+    chmod 775 data config repositories && \
     chown -R app:app /app
 
 # Make entrypoint executable

deploy/entrypoint.sh

@@ -1,10 +1,18 @@
 #!/bin/bash
 set -e
 
-# Fix ownership of bind-mounted directories so the 'app' user can write to them
+APP_UID=$(id -u app)
+APP_GID=$(id -g app)
+
+# Fix ownership of bind-mounted directories so the 'app' user can write to them.
+# Only chown when the top-level directory owner doesn't already match to avoid
+# slow recursive traversal of large bind mounts on every container start.
 for dir in /app/data /app/config /app/repositories; do
     if [ -d "$dir" ]; then
-        chown -R app:app "$dir" 2>/dev/null || true
+        current_owner=$(stat -c '%u:%g' "$dir" 2>/dev/null || echo "")
+        if [ -z "$current_owner" ] || [ "$current_owner" != "$APP_UID:$APP_GID" ]; then
+            chown -R app:app "$dir" 2>/dev/null || true
+        fi
     fi
 done
 

simple_org_chart/app_main.py

@@ -1149,9 +1149,10 @@ def export_settings():
     """Download all configuration as a single flat JSON file."""
     settings = load_settings()
     email_config = load_email_config()
-    # Merge everything flat; strip transient runtime fields
+    # Merge everything flat; strip transient runtime fields and non-default keys
+    settings_public = {k: v for k, v in settings.items() if k in DEFAULT_SETTINGS}
     merged = {}
-    merged.update(settings)
+    merged.update(settings_public)
     merged.update({k: v for k, v in email_config.items() if k != 'lastSent'})
     payload = json.dumps(merged, indent=2)
     return app.response_class(
@@ -1171,6 +1172,13 @@ def import_settings():
     if not uploaded:
         return jsonify({'error': 'No file uploaded'}), 400
 
+    # Enforce file size limit consistent with other upload endpoints
+    uploaded.seek(0, 2)
+    file_size = uploaded.tell()
+    uploaded.seek(0)
+    if file_size > MAX_FILE_SIZE:
+        return jsonify({'error': f'File too large. Maximum size: {MAX_FILE_SIZE // (1024 * 1024)}MB'}), 413
+
     try:
         raw = uploaded.read()
         incoming = json.loads(raw)

simple_org_chart/email_config.py

@@ -2,14 +2,17 @@
 
 from __future__ import annotations
 
+import contextlib
 import json
 import logging
 import os
+import tempfile
 from datetime import datetime, timedelta, timezone
 from pathlib import Path
 from typing import Any, Dict, List
 
 from .config import SETTINGS_FILE
+from .settings import _settings_file_lock
 
 logger = logging.getLogger(__name__)
 
@@ -73,49 +76,68 @@ def save_email_config(config: Dict[str, Any]) -> bool:
     """Save email configuration into app_settings.json."""
     SETTINGS_FILE.parent.mkdir(parents=True, exist_ok=True)
 
-    # Read the current file so we keep all other keys intact
-    existing: Dict[str, Any] = {}
-    if SETTINGS_FILE.exists():
-        try:
-            with SETTINGS_FILE.open("r", encoding="utf-8") as handle:
-                existing = json.load(handle)
-        except Exception:
-            pass
-
     # Merge with defaults
     persisted = DEFAULT_EMAIL_CONFIG.copy()
     persisted.update(config)
-    
+
     if 'lastSent' not in config:
-        persisted['lastSent'] = existing.get('lastSent')
-
+        # lastSent will be preserved from the existing file inside the lock below
+        persisted.pop('lastSent', None)
+
     # Validate file types
     valid_file_types = {"svg", "png", "pdf", "xlsx"}
     persisted["fileTypes"] = [
-        ft for ft in persisted.get("fileTypes", []) 
+        ft for ft in persisted.get("fileTypes", [])
         if ft in valid_file_types
     ]
-    
+
     # Validate frequency
     if persisted.get("frequency") not in ("daily", "weekly", "monthly"):
         persisted["frequency"] = "weekly"
-    
+
     # Validate day of week
     valid_days = {"monday", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday"}
     if persisted.get("dayOfWeek", "").lower() not in valid_days:
         persisted["dayOfWeek"] = "monday"
-    
+
     # Validate day of month
     if persisted.get("dayOfMonth") not in ("first", "last"):
         persisted["dayOfMonth"] = "first"
-
-    # Write email keys back into the shared config file
-    existing.update(persisted)
-
+
     logger.info("Saving email configuration to: %s", SETTINGS_FILE)
     try:
-        with SETTINGS_FILE.open("w", encoding="utf-8") as handle:
-            json.dump(existing, handle, indent=2)
+        with _settings_file_lock:
+            # Read the current file so we keep all other keys intact
+            existing: Dict[str, Any] = {}
+            if SETTINGS_FILE.exists():
+                try:
+                    with SETTINGS_FILE.open("r", encoding="utf-8") as handle:
+                        loaded = json.load(handle)
+                        if isinstance(loaded, dict):
+                            existing = loaded
+                except Exception:
+                    pass
+
+            # Preserve existing lastSent when caller didn't explicitly supply one
+            if 'lastSent' not in config:
+                persisted['lastSent'] = existing.get('lastSent')
+
+            # Write email keys back into the shared config file
+            existing.update(persisted)
+
+            # Atomic write: write to a temp file then replace
+            tmp_fd, tmp_path = tempfile.mkstemp(
+                dir=SETTINGS_FILE.parent, suffix=".tmp"
+            )
+            try:
+                with os.fdopen(tmp_fd, "w", encoding="utf-8") as tmp_handle:
+                    json.dump(existing, tmp_handle, indent=2)
+                os.replace(tmp_path, SETTINGS_FILE)
+            except Exception:
+                with contextlib.suppress(OSError):
+                    os.unlink(tmp_path)
+                raise
+
         logger.info("Email configuration saved successfully")
         return True
     except Exception as error:

simple_org_chart/settings.py

@@ -2,14 +2,22 @@
 
 from __future__ import annotations
 
+import contextlib
 import json
 import logging
 import os
 import re
+import tempfile
+import threading
 from typing import Any, Dict, Iterable, Set
 
 from .config import SETTINGS_FILE
 
+# Shared in-process lock protecting all reads/writes to SETTINGS_FILE.
+# Both settings.py and email_config.py import this lock so that concurrent
+# writes from different code paths (scheduler, HTTP handlers) are serialised.
+_settings_file_lock = threading.Lock()
+
 logger = logging.getLogger(__name__)
 
 DEFAULT_SETTINGS: Dict[str, Any] = {
@@ -151,15 +159,6 @@ def save_settings(settings: Dict[str, Any]) -> bool:
     """Persist settings to disk, returning True on success."""
     SETTINGS_FILE.parent.mkdir(parents=True, exist_ok=True)
 
-    # Read the current file so we keep all other keys intact
-    existing: Dict[str, Any] = {}
-    if SETTINGS_FILE.exists():
-        try:
-            with SETTINGS_FILE.open("r", encoding="utf-8") as handle:
-                existing = json.load(handle)
-        except Exception:
-            pass
-
     # Update stored defaults with provided overrides
     persisted = DEFAULT_SETTINGS.copy()
     persisted.update(settings)
@@ -180,12 +179,34 @@ def save_settings(settings: Dict[str, Any]) -> bool:
         for level, color in default_node_colors.items()
     }
 
-    existing.update(persisted)
-
     logger.info("Attempting to save settings to: %s", SETTINGS_FILE)
     try:
-        with SETTINGS_FILE.open("w", encoding="utf-8") as handle:
-            json.dump(existing, handle, indent=2)
+        with _settings_file_lock:
+            # Read the current file so we keep all other keys intact
+            existing: Dict[str, Any] = {}
+            if SETTINGS_FILE.exists():
+                try:
+                    with SETTINGS_FILE.open("r", encoding="utf-8") as handle:
+                        loaded = json.load(handle)
+                        if isinstance(loaded, dict):
+                            existing = loaded
+                except Exception:
+                    pass
+
+            existing.update(persisted)
+
+            # Atomic write: write to a temp file then replace
+            tmp_fd, tmp_path = tempfile.mkstemp(
+                dir=SETTINGS_FILE.parent, suffix=".tmp"
+            )
+            try:
+                with os.fdopen(tmp_fd, "w", encoding="utf-8") as tmp_handle:
+                    json.dump(existing, tmp_handle, indent=2)
+                os.replace(tmp_path, SETTINGS_FILE)
+            except Exception:
+                with contextlib.suppress(OSError):
+                    os.unlink(tmp_path)
+                raise
     except Exception as error:  # noqa: BLE001 - mirror legacy behaviour
         logger.error("Error saving settings to %s: %s", SETTINGS_FILE, error)
         return False
@@ -288,6 +309,7 @@ def employee_is_ignored(name: str | None, email: str | None, user_principal_name
 
 __all__ = [
     "DEFAULT_SETTINGS",
+    "_settings_file_lock",
     "department_is_ignored",
     "employee_is_ignored",
     "load_settings",

simple_org_chart/user_scanner_service.py

@@ -118,7 +118,7 @@ def _ensure_on_path() -> None:
         sys.path.insert(0, repo_str)
 
 
-def get_latest_pypi_version() -> Optional[str]:
+def get_latest_release_version() -> Optional[str]:
     """Query GitHub releases for the latest version of user-scanner.
 
     Falls back to PyPI if the GitHub API call fails.
@@ -153,10 +153,10 @@ def get_latest_pypi_version() -> Optional[str]:
 
 
 def check_for_update() -> Dict[str, Any]:
-    """Compare installed version against PyPI and return status dict."""
+    """Compare installed version against the latest release and return status dict."""
     installed = is_installed()
     current = get_version() if installed else None
-    latest = get_latest_pypi_version()
+    latest = get_latest_release_version()
     update_available = False
     if current and latest:
         update_available = _version_tuple(latest) > _version_tuple(current)

static/configure.js

@@ -2337,15 +2337,15 @@ async function _initUserScannerConfigUI(isEnabled) {
         const data = await resp.json();
 
         if (!data.installed) {
-            statusEl.textContent = 'Not installed — download to enable the scanner.';
+            statusEl.textContent = resolveTranslation('configure.userScanner.install.notInstalled', 'Not installed — download to enable the scanner.');
             if (installRow) installRow.style.display = 'flex';
             if (updateRow) updateRow.style.display = 'none';
 
             // Wire up install button
             if (installBtn) {
                 installBtn.onclick = async () => {
                     installBtn.disabled = true;
-                    if (installStatusEl) installStatusEl.textContent = 'Downloading…';
+                    if (installStatusEl) installStatusEl.textContent = resolveTranslation('configure.userScanner.install.downloading', 'Downloading…');
                     try {
                         const installResp = await fetch(`${window.location.origin}/api/user-scanner/install`, {
                             method: 'POST',
@@ -2354,14 +2354,41 @@ async function _initUserScannerConfigUI(isEnabled) {
                         const result = await installResp.json();
                         if (result.success) {
                             if (installStatusEl) installStatusEl.textContent = '';
-                            // Re-init to show installed state
-                            _initUserScannerConfigUI(true);
+                            // Refresh status UI without re-running full init to avoid duplicate listeners
+                            try {
+                                const statusResp = await fetch(`${window.location.origin}/api/user-scanner/status`, {
+                                    credentials: 'include',
+                                });
+                                if (statusResp.ok) {
+                                    const latest = await statusResp.json();
+                                    if (latest.installed) {
+                                        if (installRow) installRow.style.display = 'none';
+                                        const ver = latest.version || 'unknown';
+                                        statusEl.innerHTML = '';
+                                        const versionText = document.createElement('span');
+                                        versionText.textContent = `Installed — v${ver}`;
+                                        statusEl.appendChild(versionText);
+                                        const sep = document.createTextNode('  ·  ');
+                                        statusEl.appendChild(sep);
+                                        const repoLink = document.createElement('a');
+                                        repoLink.href = 'https://github.com/kaifcodec/user-scanner';
+                                        repoLink.target = '_blank';
+                                        repoLink.rel = 'noopener noreferrer';
+                                        repoLink.textContent = 'GitHub repo ↗';
+                                        repoLink.style.fontSize = 'inherit';
+                                        statusEl.appendChild(repoLink);
+                                        if (updateRow) updateRow.style.display = 'flex';
+                                    }
+                                }
+                            } catch {
+                                // Ignore refresh errors; installation itself succeeded
+                            }
                         } else {
-                            if (installStatusEl) installStatusEl.textContent = result.error || 'Installation failed.';
+                            if (installStatusEl) installStatusEl.textContent = result.error || resolveTranslation('configure.userScanner.install.failed', 'Installation failed.');
                             installBtn.disabled = false;
                         }
                     } catch (err) {
-                        if (installStatusEl) installStatusEl.textContent = 'Download failed: ' + err.message;
+                        if (installStatusEl) installStatusEl.textContent = resolveTranslation('configure.userScanner.install.downloadFailed', 'Download failed: ') + err.message;
                         installBtn.disabled = false;
                     }
                 };