Document Traefik configuration fix for ArgoCD Ingress health check

- Add traefik-middleware.yaml with patch documentation - Add ARGOCD-INGRESS-FIX.md with complete explanation of the issue and solution - Traefik now reports Ingress status.loadBalancer IP to allow ArgoCD to assess Ingress health - Fixes: Django Ingress stuck in 'Progressing' state
Attempt 1 at fix
2025-12-01 16:03:35 +01:00 · 2025-12-01 15:29:41 +01:00
17 changed files with 173 additions and 693 deletions
--- a/.gitea/workflows/build-containers-on-demand.yml
+++ b/.gitea/workflows/build-containers-on-demand.yml
@@ -211,17 +211,28 @@ jobs:
            echo "ERROR: Found $ctype \"$cname\" image repo is \"$new_repo\" but expected \"$expected_repo\""
            exit 1
          fi
          if [ -n "${old_image:-}" ]; then
            old_tag="${old_image##*:}"
          else
            old_tag=""
          fi
          registry="$(echo "$new_repo" | awk -F/ '{print $1}')"
          {
            echo "changed=$([ "$old_tag" != "$new_tag" ] && echo true || echo false)"
            echo "new_image=$new_image"
            echo "new_repo=$new_repo"
            echo "new_tag=$new_tag"
            echo "registry=$registry"
          } >> "$GITHUB_OUTPUT"
      - name: Skip if tag unchanged
        if: steps.img.outputs.changed != 'true'
        run: echo "${{ matrix.description }} image tag unchanged; skipping build."
      - name: Check if image exists on registry
        if: steps.img.outputs.changed == 'true'
        id: check_image
        shell: bash
        run: |
@@ -256,15 +267,15 @@ jobs:
          fi
      - name: Skip if image already exists
-        if: steps.check_image.outputs.exists == 'true'
+        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'true'
        run: echo "${{ matrix.description }} image ${{ steps.img.outputs.new_image }} already exists on registry; skipping build."
      - name: Set up Buildx
-        if: steps.check_image.outputs.exists == 'false'
+        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'false'
        uses: docker/setup-buildx-action@v3
      - name: Log in to registry
-        if: steps.check_image.outputs.exists == 'false'
+        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'false'
        uses: docker/login-action@v3
        with:
          registry: ${{ steps.img.outputs.registry }}
@@ -272,7 +283,7 @@ jobs:
          password: ${{ secrets.REGISTRY_PASSWORD }}
      - name: Build and push ${{ matrix.description }} (exact tag from deployment)
-        if: steps.check_image.outputs.exists == 'false'
+        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'false'
        uses: docker/build-push-action@v6
        with:
          context: ${{ matrix.build_context }}
--- a/.gitea/workflows/check_code_in_sonarqube.yaml
+++ b/.gitea/workflows/check_code_in_sonarqube.yaml
@@ -1,67 +0,0 @@
 on:
  push:
    # branches:
      # - main
      # - development
  pull_request:
      types: [opened, synchronize, reopened]
 name: SonarQube Scan
 jobs:
  sonarqube:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
    - name: Checking out
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.11'
    - name: Install dependencies
      run: |
        pip install -r requirements.txt
    - name: Run tests with coverage
      run: |
        coverage run --source='.' manage.py test
        coverage xml
    - name: Set up JDK 17
      uses: actions/setup-java@v3
      with:
        java-version: '17'
        distribution: 'temurin'
    - name: Cache SonarQube packages
      uses: actions/cache@v3
      with:
        path: ~/.sonar/cache
        key: ${{ runner.os }}-sonar
        restore-keys: ${{ runner.os }}-sonar
    - name: Download and setup SonarScanner
      run: |
        mkdir -p $HOME/.sonar
        wget -q https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip
        unzip -q sonar-scanner-cli-5.0.1.3006-linux.zip -d $HOME/.sonar/
        echo "$HOME/.sonar/sonar-scanner-5.0.1.3006-linux/bin" >> $GITHUB_PATH
    - name: Verify Java version
      run: java -version
    - name: SonarQube Scan
      env:
        SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
        SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
      run: |
        sonar-scanner \
          -Dsonar.projectKey=${{ github.event.repository.name }} \
          -Dsonar.sources=. \
          -Dsonar.host.url=${SONAR_HOST_URL} \
          -Dsonar.token=${SONAR_TOKEN} \
          -Dsonar.python.coverage.reportPaths=coverage.xml
--- a/15
+++ b/15
@@ -1,4 +1,4 @@
-FROM python:3.14 AS baustelle
+FROM python:3.13-slim AS baustelle
 RUN mkdir /app
 WORKDIR /app
 ENV PYTHONDONTWRITEBYTECODE=1
@@ -7,21 +7,22 @@ RUN pip install  --upgrade pip
 COPY requirements.txt /app/
 RUN pip install --no-cache-dir -r requirements.txt
-FROM python:3.14-slim
+FROM python:3.13-slim
 RUN useradd -m -r appuser && \
    mkdir /app && \
    chown -R appuser /app
-COPY --from=baustelle /usr/local/lib/python3.14/site-packages/ /usr/local/lib/python3.14/site-packages/
+COPY --from=baustelle /usr/local/lib/python3.13/site-packages/ /usr/local/lib/python3.13/site-packages/
 COPY --from=baustelle /usr/local/bin/ /usr/local/bin/
-RUN rm /usr/bin/tar /usr/lib/x86_64-linux-gnu/libncur*
+RUN rm /usr/bin/tar
 RUN rm /usr/lib/x86_64-linux-gnu/libncur*
 WORKDIR /app
 COPY --chown=appuser:appuser . .
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 USER appuser
 EXPOSE 8000
-RUN rm -rvf /app/Dockerfile* \
+RUN rm -rf /app/Dockerfile* \
           /app/README.md \
           /app/argocd \
           /app/k8s \
@@ -30,7 +31,7 @@ RUN rm -rvf /app/Dockerfile* \
           /app/requirements.txt \
           /app/node_modules \
           /app/*.json \
-           /app/test_*.py && \
+           /app/test_*.py
-       python3 /app/manage.py collectstatic --noinput
+RUN python3 manage.py collectstatic
 CMD ["gunicorn","--bind","0.0.0.0:8000","--workers","3","VorgabenUI.wsgi:application"]
--- a/Documentation/ARGOCD-INGRESS-FIX.md
+++ b/Documentation/ARGOCD-INGRESS-FIX.md
@@ -0,0 +1,95 @@
 # ArgoCD Ingress "Progressing" State Fix
 ## Problem
 The `django` Ingress resource in the `vorgabenui` namespace was stuck in "Progressing" state in ArgoCD and would not transition to "Healthy".
 ### Root Cause
 ArgoCD determines Ingress health by checking if the `status.loadBalancer.ingress` field is populated with an IP address or hostname. Without this field, the Ingress is considered "Progressing" indefinitely.
 The issue occurred because **Traefik was not configured to report its IP address** in the Ingress status field.
 ## Solution
 Two changes were made to fix this issue:
 ### 1. Update Ingress Annotation (Applied)
 **File**: `argocd/ingress.yaml`
 **Change**:
 ```yaml
 # Before
 annotations:
  argocd.argoproj.io/ignore-healthcheck: "true"
 # After
 annotations:
  argocd.argoproj.io/sync-wave: "1"
 ```
 **Rationale**:
 - The `ignore-healthcheck` annotation was causing ArgoCD to not monitor the Ingress health at all
 - The `sync-wave: "1"` annotation ensures the Ingress syncs after the Deployment and Service are ready (which have default sync-wave of 0)
 - This allows ArgoCD to properly assess the Ingress health status
 ### 2. Configure Traefik to Report Ingress Status (Cluster Patch)
 **Patch Command**:
 ```bash
 kubectl patch deployment traefik -n traefik --type='json' \
  -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik"}]'
 ```
 **Configuration Flag Added**:
 ```
 --providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik
 ```
 **Rationale**:
 This flag tells Traefik to:
 - Watch for changes to Ingress resources in the cluster
 - Monitor the Service `traefik/traefik` (the Traefik LoadBalancer service)
 - Automatically populate `status.loadBalancer.ingress[].ip` with the service's external IP address
 - Allow ArgoCD to detect when the Ingress has been assigned an IP and transition to "Healthy"
 ## Result
 ✅ **Status**: RESOLVED
 **Current State**:
 - Ingress Address: `192.168.17.53` (Traefik LoadBalancer IP)
 - Ingress Health: Healthy
 - ArgoCD Application Health: Healthy
 - Accessible at: `http://vorgabenportal.knowyoursecurity.com/`
 ## Verification
 To verify the fix is working:
 ```bash
 # Check Ingress status
 kubectl get ingress django -n vorgabenui -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
 # Should output: 192.168.17.53
 # Check ArgoCD application health
 kubectl get application vorgabenui -n argocd -o jsonpath='{.status.health.status}'
 # Should output: Healthy
 # Check Traefik configuration
 kubectl get deploy traefik -n traefik -o jsonpath='{.spec.template.spec.containers[0].args}' | jq 'map(select(. | contains("publishedservice")))'
 # Should output the publishedservice flag
 ```
 ## Documentation Location
 The Traefik configuration patch is documented in:
 - `argocd/traefik-middleware.yaml` - ConfigMap with patch details and rationale
 ## Notes for Future Maintenance
 - If Traefik is upgraded or redeployed via Helm, ensure the `--providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik` flag is preserved
 - The flag must point to the correct LoadBalancer Service that has an external IP
 - In this case, it's `traefik/traefik` (namespace/service-name) with external IP `192.168.17.53`
 - If the Traefik service configuration changes, this flag may need adjustment
--- a/VorgabenUI/settings-docker.py
+++ b/VorgabenUI/settings-docker.py
@@ -24,7 +24,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 SECRET_KEY = os.environ.get("SECRET_KEY")
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = bool(os.environ.get("DEBUG", default=0))
+DEBUG = bool(os.environ.get("DEBUG", default=0)
 ALLOWED_HOSTS = os.environ.get("DJANGO_ALLOWED_HOSTS","127.0.0.1").split(",")
--- a/VorgabenUI/settings.py
+++ b/VorgabenUI/settings.py
@@ -127,7 +127,7 @@ USE_TZ = True
 STATIC_URL = '/static/'
 #STATIC_ROOT="/home/adebaumann/VorgabenUI/staticfiles/"
-STATIC_ROOT="staticfiles/"
+STATIC_ROOT="/app/staticfiles/"
 STATICFILES_DIRS= (
    os.path.join(BASE_DIR,"static"),
    )
--- a/argocd/deployment.yaml
+++ b/argocd/deployment.yaml
@@ -25,7 +25,7 @@ spec:
              mountPath: /data
      containers:
        - name: web
-          image: git.baumann.gr/adebaumann/vui:0.968
+          image: git.baumann.gr/adebaumann/vui:0.961
          imagePullPolicy: Always
          ports:
            - containerPort: 8000
--- a/argocd/ingress.yaml
+++ b/argocd/ingress.yaml
@@ -4,7 +4,7 @@ metadata:
  name: django
  namespace: vorgabenui
  annotations:
-    argocd.argoproj.io/ignore-healthcheck: "true"
+    argocd.argoproj.io/sync-wave: "1"
 spec:
  ingressClassName: traefik
  rules:
--- a/argocd/traefik-middleware.yaml
+++ b/argocd/traefik-middleware.yaml
@@ -0,0 +1,24 @@
 ---
 # Traefik configuration to enable Ingress status updates
 # This patch configures Traefik to report its IP address in Ingress.status.loadBalancer
 # which is required for ArgoCD to properly assess Ingress health status
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: traefik-patch-note
  namespace: traefik
  annotations:
    description: "Manual patch applied to traefik deployment to enable ingress status reporting"
 data:
  patch-command: |
    kubectl patch deployment traefik -n traefik --type='json' \
      -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik"}]'
  rationale: |
    The Ingress resource needs its status.loadBalancer.ingress field populated for ArgoCD to assess health.
    Without this, Ingress resources remain in "Progressing" state indefinitely.
    This flag tells Traefik to:
    - Monitor the specified Service (traefik/traefik - the LoadBalancer service)
    - Automatically update Ingress.status.loadBalancer with the service's external IP
    - Allow ArgoCD to transition the Ingress from "Progressing" to "Healthy"
--- a/dokumente/templates/standards/all_comments.html
+++ b/dokumente/templates/standards/all_comments.html
@@ -1,67 +0,0 @@
 {% extends "base.html" %}
 {% block content %}
 <h1>Alle Kommentare</h1>
 {% if total_comments == 0 %}
  <div class="alert alert-info">
    <p>Es gibt noch keine Kommentare zu Vorgaben.</p>
    <p><a href="{% url 'standard_list' %}">Zu den Standards</a></p>
  </div>
 {% else %}
  <p class="text-muted">Insgesamt {{ total_comments }} Kommentar{{ total_comments|pluralize:"e" }}</p>
  {% for dokument, comments in comments_by_document.items %}
  <div class="panel panel-default" style="margin-top: 2rem;">
    <div class="panel-heading">
      <h2 style="margin: 0;">
        <a href="{% url 'standard_detail' nummer=dokument.nummer %}">
          {{ dokument.nummer }} – {{ dokument.name }}
        </a>
      </h2>
      <p style="margin: 0; color: #666; font-size: 0.9rem;">
        {{ comments|length }} Kommentar{{ comments|length|pluralize:"e" }}
      </p>
    </div>
    <div class="panel-body">
      <div class="list-group">
        {% for comment in comments %}
        <div class="list-group-item" style="border-left: 3px solid #007bff; padding: 1rem;">
          <div style="display: flex; justify-content: space-between; align-items: flex-start;">
            <div style="flex: 1;">
              <h4 style="margin: 0 0 0.5rem 0;">
                <a href="{% url 'standard_detail' nummer=comment.vorgabe.dokument.nummer %}#{{ comment.vorgabe.Vorgabennummer }}">
                  {{ comment.vorgabe.Vorgabennummer }}
                </a> {{ comment.vorgabe.titel }}
              </h4>
              <p style="margin: 0 0 0.75rem 0; color: #666; font-size: 0.9rem;">
                <strong>Benutzer:</strong> {{ comment.user.first_name }} {{ comment.user.last_name }}<br>
                <strong>Erstellt:</strong> {{ comment.created_at|date:"d.m.Y H:i" }}
                {% if comment.updated_at != comment.created_at %}
                  <br>
                  <strong>Bearbeitet:</strong> {{ comment.updated_at|date:"d.m.Y H:i" }}
                {% endif %}
              </p>
            </div>
            <form method="POST" action="{% url 'delete_vorgabe_comment' comment.id %}" 
                  style="display: inline; margin-left: 1rem;"
                  onsubmit="return confirm('Sind Sie sicher, dass Sie diesen Kommentar löschen möchten?');">
              {% csrf_token %}
              <button type="submit" class="btn btn-sm btn-danger">Löschen</button>
            </form>
          </div>
          <div style="background: #f8f9fa; padding: 0.75rem; border-radius: 4px; margin-top: 0.5rem; white-space: pre-wrap; word-wrap: break-word;">
            {{ comment.text }}
          </div>
        </div>
        {% endfor %}
      </div>
    </div>
  </div>
  {% endfor %}
 {% endif %}
 <div style="margin-top: 2rem; padding-top: 2rem; border-top: 1px solid #ddd;">
  <a href="{% url 'standard_list' %}" class="btn btn-default">Zu den Standards</a>
 </div>
 {% endblock %}
--- a/dokumente/templates/standards/user_comments.html
+++ b/dokumente/templates/standards/user_comments.html
@@ -1,66 +0,0 @@
 {% extends "base.html" %}
 {% block content %}
 <h1>Meine Kommentare</h1>
 {% if total_comments == 0 %}
  <div class="alert alert-info">
    <p>Sie haben noch keine Kommentare zu Vorgaben hinterlassen.</p>
    <p><a href="{% url 'standard_list' %}">Zu den Standards</a></p>
  </div>
 {% else %}
  <p class="text-muted">Insgesamt {{ total_comments }} Kommentar{{ total_comments|pluralize:"e" }}</p>
  {% for dokument, comments in comments_by_document.items %}
  <div class="panel panel-default" style="margin-top: 2rem;">
    <div class="panel-heading">
      <h2 style="margin: 0;">
        <a href="{% url 'standard_detail' nummer=dokument.nummer %}">
          {{ dokument.nummer }} – {{ dokument.name }}
        </a>
      </h2>
      <p style="margin: 0; color: #666; font-size: 0.9rem;">
        {{ comments|length }} Kommentar{{ comments|length|pluralize:"e" }}
      </p>
    </div>
    <div class="panel-body">
      <div class="list-group">
        {% for comment in comments %}
        <div class="list-group-item" style="border-left: 3px solid #007bff; padding: 1rem;">
          <div style="display: flex; justify-content: space-between; align-items: flex-start;">
            <div style="flex: 1;">
              <h4 style="margin: 0 0 0.5rem 0;">
                <a href="{% url 'standard_detail' nummer=comment.vorgabe.dokument.nummer %}#{{ comment.vorgabe.Vorgabennummer }}">
                  {{ comment.vorgabe.Vorgabennummer }}
                </a> {{ comment.vorgabe.titel }}
              </h4>
              <p style="margin: 0 0 0.75rem 0; color: #666; font-size: 0.9rem;">
                <strong>Erstellt:</strong> {{ comment.created_at|date:"d.m.Y H:i" }}
                {% if comment.updated_at != comment.created_at %}
                  <br>
                  <strong>Bearbeitet:</strong> {{ comment.updated_at|date:"d.m.Y H:i" }}
                {% endif %}
              </p>
            </div>
            <form method="POST" action="{% url 'delete_vorgabe_comment' comment.id %}" 
                  style="display: inline; margin-left: 1rem;"
                  onsubmit="return confirm('Sind Sie sicher, dass Sie diesen Kommentar löschen möchten?');">
              {% csrf_token %}
              <button type="submit" class="btn btn-sm btn-danger">Löschen</button>
            </form>
          </div>
          <div style="background: #f8f9fa; padding: 0.75rem; border-radius: 4px; margin-top: 0.5rem; white-space: pre-wrap; word-wrap: break-word;">
            {{ comment.text }}
          </div>
        </div>
        {% endfor %}
      </div>
    </div>
  </div>
  {% endfor %}
 {% endif %}
 <div style="margin-top: 2rem; padding-top: 2rem; border-top: 1px solid #ddd;">
  <a href="{% url 'standard_list' %}" class="btn btn-default">Zu den Standards</a>
 </div>
 {% endblock %}
--- a/dokumente/tests.py
+++ b/dokumente/tests.py
@@ -1620,25 +1620,19 @@ class GetVorgabeCommentsViewTest(TestCase):
        # Create users
        self.regular_user = User.objects.create_user(
            username='regularuser',
-            password='testpass123',
+            password='testpass123'
            first_name='Regular',
            last_name='User'
        )
        self.staff_user = User.objects.create_user(
            username='staffuser',
-            password='testpass123',
+            password='testpass123'
            first_name='Staff',
            last_name='User'
        )
        self.staff_user.is_staff = True
        self.staff_user.save()
        self.other_user = User.objects.create_user(
            username='otheruser',
-            password='testpass123',
+            password='testpass123'
            first_name='Other',
            last_name='User'
        )
        # Create test data
@@ -1703,7 +1697,7 @@ class GetVorgabeCommentsViewTest(TestCase):
        # Should only see their own comment
        self.assertEqual(len(data['comments']), 1)
        self.assertEqual(data['comments'][0]['text'], 'Kommentar von Regular User')
-        self.assertEqual(data['comments'][0]['user'], 'Regular User')
+        self.assertEqual(data['comments'][0]['user'], 'regularuser')
        self.assertTrue(data['comments'][0]['is_own'])
    def test_staff_user_sees_all_comments(self):
@@ -1721,8 +1715,8 @@ class GetVorgabeCommentsViewTest(TestCase):
        # Should see all comments
        self.assertEqual(len(data['comments']), 2)
        usernames = [c['user'] for c in data['comments']]
-        self.assertIn('Regular User', usernames)
+        self.assertIn('regularuser', usernames)
-        self.assertIn('Other User', usernames)
+        self.assertIn('otheruser', usernames)
    def test_get_comments_returns_404_for_nonexistent_vorgabe(self):
        """Test that requesting comments for non-existent Vorgabe returns 404"""
@@ -2047,16 +2041,12 @@ class DeleteVorgabeCommentViewTest(TestCase):
        self.other_user = User.objects.create_user(
            username='otheruser',
-            password='testpass123',
+            password='testpass123'
            first_name='Other',
            last_name='User'
        )
        self.staff_user = User.objects.create_user(
            username='staffuser',
-            password='testpass123',
+            password='testpass123'
            first_name='Staff',
            last_name='User'
        )
        self.staff_user.is_staff = True
        self.staff_user.save()
@@ -2182,383 +2172,3 @@ class DeleteVorgabeCommentViewTest(TestCase):
        self.assertIn('Content-Security-Policy', response)
        self.assertIn('X-Content-Type-Options', response)
        self.assertEqual(response['X-Content-Type-Options'], 'nosniff')
 class UserCommentsViewTest(TestCase):
    """Test the user comments view that displays all comments grouped by document"""
    def setUp(self):
        """Set up test data"""
        # Create users
        self.user1 = User.objects.create_user(username='user1', password='pass123')
        self.user2 = User.objects.create_user(username='user2', password='pass123')
        # Create documents
        self.doc_type = Dokumententyp.objects.create(name='Test Type', verantwortliche_ve='test')
        self.doc1 = Dokument.objects.create(nummer='DOC-001', name='Document 1', dokumententyp=self.doc_type, aktiv=True)
        self.doc2 = Dokument.objects.create(nummer='DOC-002', name='Document 2', dokumententyp=self.doc_type, aktiv=True)
        # Create themes
        self.theme1 = Thema.objects.create(name='Theme 1')
        self.theme2 = Thema.objects.create(name='Theme 2')
        # Create vorgaben
        from datetime import date
        self.vorgabe1 = Vorgabe.objects.create(
            nummer=1,
            order=1,
            dokument=self.doc1,
            thema=self.theme1,
            titel='Vorgabe 1',
            gueltigkeit_von=date.today()
        )
        self.vorgabe2 = Vorgabe.objects.create(
            nummer=2,
            order=2,
            dokument=self.doc1,
            thema=self.theme1,
            titel='Vorgabe 2',
            gueltigkeit_von=date.today()
        )
        self.vorgabe3 = Vorgabe.objects.create(
            nummer=1,
            order=1,
            dokument=self.doc2,
            thema=self.theme2,
            titel='Vorgabe 3',
            gueltigkeit_von=date.today()
        )
        # Create comments for user1
        self.comment1 = VorgabeComment.objects.create(
            vorgabe=self.vorgabe1,
            user=self.user1,
            text='User1 comment on vorgabe1'
        )
        self.comment2 = VorgabeComment.objects.create(
            vorgabe=self.vorgabe2,
            user=self.user1,
            text='User1 comment on vorgabe2'
        )
        self.comment3 = VorgabeComment.objects.create(
            vorgabe=self.vorgabe3,
            user=self.user1,
            text='User1 comment on vorgabe3'
        )
        # Create comment for user2
        self.comment4 = VorgabeComment.objects.create(
            vorgabe=self.vorgabe1,
            user=self.user2,
            text='User2 comment on vorgabe1'
        )
    def test_user_comments_requires_login(self):
        """Test that user comments view requires authentication"""
        response = self.client.get(reverse('user_comments'))
        self.assertEqual(response.status_code, 302)
        self.assertIn('/login/', response.url)
    def test_user_comments_shows_only_own_comments(self):
        """Test that user only sees their own comments"""
        self.client.login(username='user1', password='pass123')
        response = self.client.get(reverse('user_comments'))
        self.assertEqual(response.status_code, 200)
        self.assertContains(response, 'User1 comment on vorgabe1')
        self.assertContains(response, 'User1 comment on vorgabe2')
        self.assertContains(response, 'User1 comment on vorgabe3')
        self.assertNotContains(response, 'User2 comment on vorgabe1')
    def test_user_comments_grouped_by_document(self):
        """Test that comments are properly grouped by document"""
        self.client.login(username='user1', password='pass123')
        response = self.client.get(reverse('user_comments'))
        self.assertEqual(response.status_code, 200)
        # Check that document titles appear
        self.assertContains(response, 'DOC-001 – Document 1')
        self.assertContains(response, 'DOC-002 – Document 2')
        # Check context
        self.assertIn('comments_by_document', response.context)
        self.assertEqual(len(response.context['comments_by_document']), 2)
    def test_user_comments_count_display(self):
        """Test that total comment count is displayed"""
        self.client.login(username='user1', password='pass123')
        response = self.client.get(reverse('user_comments'))
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.context['total_comments'], 3)
        self.assertContains(response, '3 Kommentare')
    def test_user_comments_empty_view(self):
        """Test the view when user has no comments"""
        # Create a new user with no comments
        user3 = User.objects.create_user(username='user3', password='pass123')
        self.client.login(username='user3', password='pass123')
        response = self.client.get(reverse('user_comments'))
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.context['total_comments'], 0)
        self.assertContains(response, 'Sie haben noch keine Kommentare')
    def test_user_comments_comment_text_preserved(self):
        """Test that comment text is correctly displayed"""
        self.client.login(username='user1', password='pass123')
        response = self.client.get(reverse('user_comments'))
        self.assertEqual(response.status_code, 200)
        # Check that comment text appears in response
        self.assertContains(response, 'User1 comment on vorgabe1')
    def test_user_comments_vorgabe_number_link(self):
        """Test that vorgabe numbers are linked correctly"""
        self.client.login(username='user1', password='pass123')
        response = self.client.get(reverse('user_comments'))
        self.assertEqual(response.status_code, 200)
        # Check that vorgabe numbers appear (format is DOC-001.T.1)
        self.assertContains(response, 'DOC-001.T.1')
        self.assertContains(response, 'DOC-001.T.2')
        self.assertContains(response, 'DOC-002.T.1')
    def test_user_comments_ordered_by_creation_date(self):
        """Test that comments are ordered by creation date (newest first)"""
        self.client.login(username='user1', password='pass123')
        response = self.client.get(reverse('user_comments'))
        self.assertEqual(response.status_code, 200)
        # The queryset orders by vorgabe document, then by -created_at
        # Check that all three comments are in the response
        self.assertContains(response, 'User1 comment on vorgabe1')
        self.assertContains(response, 'User1 comment on vorgabe2')
        self.assertContains(response, 'User1 comment on vorgabe3')
    def test_user_comments_template_used(self):
        """Test that correct template is used"""
        self.client.login(username='user1', password='pass123')
        response = self.client.get(reverse('user_comments'))
        self.assertEqual(response.status_code, 200)
        self.assertTemplateUsed(response, 'standards/user_comments.html')
 class AllCommentsViewTest(TestCase):
    """Test the all comments view that displays all comments from all users (staff only)"""
    def setUp(self):
        """Set up test data"""
        # Create users
        self.user1 = User.objects.create_user(username='user1', password='pass123', first_name='Max', last_name='Mustermann')
        self.user2 = User.objects.create_user(username='user2', password='pass123', first_name='Anna', last_name='Mueller')
        self.staff_user = User.objects.create_user(username='staff', password='pass123', is_staff=True, first_name='Admin', last_name='User')
        # Create documents
        self.doc_type = Dokumententyp.objects.create(name='Test Type', verantwortliche_ve='test')
        self.doc1 = Dokument.objects.create(nummer='DOC-001', name='Document 1', dokumententyp=self.doc_type, aktiv=True)
        self.doc2 = Dokument.objects.create(nummer='DOC-002', name='Document 2', dokumententyp=self.doc_type, aktiv=True)
        # Create themes
        self.theme1 = Thema.objects.create(name='Theme 1')
        self.theme2 = Thema.objects.create(name='Theme 2')
        # Create vorgaben
        self.vorgabe1 = Vorgabe.objects.create(
            nummer=1,
            order=1,
            dokument=self.doc1,
            thema=self.theme1,
            titel='Vorgabe 1',
            gueltigkeit_von=date.today()
        )
        self.vorgabe2 = Vorgabe.objects.create(
            nummer=2,
            order=2,
            dokument=self.doc1,
            thema=self.theme1,
            titel='Vorgabe 2',
            gueltigkeit_von=date.today()
        )
        self.vorgabe3 = Vorgabe.objects.create(
            nummer=1,
            order=1,
            dokument=self.doc2,
            thema=self.theme2,
            titel='Vorgabe 3',
            gueltigkeit_von=date.today()
        )
        # Create comments from different users
        self.comment1 = VorgabeComment.objects.create(
            vorgabe=self.vorgabe1,
            user=self.user1,
            text='User1 comment on vorgabe1'
        )
        self.comment2 = VorgabeComment.objects.create(
            vorgabe=self.vorgabe2,
            user=self.user1,
            text='User1 comment on vorgabe2'
        )
        self.comment3 = VorgabeComment.objects.create(
            vorgabe=self.vorgabe3,
            user=self.user2,
            text='User2 comment on vorgabe3'
        )
        self.comment4 = VorgabeComment.objects.create(
            vorgabe=self.vorgabe1,
            user=self.user2,
            text='User2 comment on vorgabe1'
        )
    def test_all_comments_requires_login(self):
        """Test that all comments view requires authentication"""
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 302)
        self.assertIn('/login/', response.url)
    def test_all_comments_staff_only(self):
        """Test that non-staff users cannot access all comments view"""
        self.client.login(username='user1', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 302)
        self.assertIn('/login/', response.url)
    def test_all_comments_staff_can_access(self):
        """Test that staff users can access all comments view"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
    def test_all_comments_shows_all_comments(self):
        """Test that staff sees all comments from all users"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        self.assertContains(response, 'User1 comment on vorgabe1')
        self.assertContains(response, 'User1 comment on vorgabe2')
        self.assertContains(response, 'User2 comment on vorgabe3')
        self.assertContains(response, 'User2 comment on vorgabe1')
    def test_all_comments_shows_usernames(self):
        """Test that all comments display the username of the author"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        # Check that user names appear in the response
        self.assertContains(response, 'Max Mustermann')
        self.assertContains(response, 'Anna Mueller')
    def test_all_comments_grouped_by_document(self):
        """Test that comments are properly grouped by document"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        # Check that document titles appear
        self.assertContains(response, 'DOC-001 – Document 1')
        self.assertContains(response, 'DOC-002 – Document 2')
        # Check context
        self.assertIn('comments_by_document', response.context)
        self.assertEqual(len(response.context['comments_by_document']), 2)
    def test_all_comments_count_display(self):
        """Test that total comment count is displayed"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.context['total_comments'], 4)
        self.assertContains(response, '4 Kommentare')
    def test_all_comments_empty_view(self):
        """Test the view when there are no comments"""
        # Delete all comments
        VorgabeComment.objects.all().delete()
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.context['total_comments'], 0)
        self.assertContains(response, 'Es gibt noch keine Kommentare')
    def test_all_comments_template_used(self):
        """Test that correct template is used"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        self.assertTemplateUsed(response, 'standards/all_comments.html')
    def test_all_comments_has_delete_buttons(self):
        """Test that delete buttons are present for each comment"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        # Check for delete button form elements - look for the delete form action URLs
        self.assertContains(response, '/dokumente/comments/delete/', count=4)
        # Also check for the delete button text
        self.assertContains(response, 'Löschen', count=4)
    def test_all_comments_vorgabe_number_link(self):
        """Test that vorgabe numbers are linked correctly"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        # Check that vorgabe numbers appear
        self.assertContains(response, 'DOC-001.T.1')
        self.assertContains(response, 'DOC-001.T.2')
        self.assertContains(response, 'DOC-002.T.1')
    def test_all_comments_ordered_by_document_and_date(self):
        """Test that comments are ordered by document then by creation date"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        # Check context has properly grouped comments
        comments_by_doc = response.context['comments_by_document']
        # Verify all documents are present
        doc_numbers = [doc.nummer for doc in comments_by_doc.keys()]
        self.assertIn('DOC-001', doc_numbers)
        self.assertIn('DOC-002', doc_numbers)
    def test_all_comments_displays_timestamps(self):
        """Test that comment timestamps are displayed"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        self.assertEqual(response.status_code, 200)
        # Check that timestamp patterns appear (date formatting)
        self.assertContains(response, 'Erstellt:')
    def test_all_comments_regular_user_redirect(self):
        """Test that regular users are redirected to login"""
        # Create and login as regular user
        regular_user = User.objects.create_user(username='regular', password='pass123')
        self.client.login(username='regular', password='pass123')
        response = self.client.get(reverse('all_comments'))
        # Should redirect to login since user is not staff
        self.assertEqual(response.status_code, 302)
        self.assertIn('/login/', response.url)
    def test_all_comments_no_own_comments_filter(self):
        """Test that staff sees comments from ALL users, not just their own"""
        self.client.login(username='staff', password='pass123')
        response = self.client.get(reverse('all_comments'))
        # Verify all comments are visible, not filtered by user
        self.assertContains(response, 'User1 comment on vorgabe1')
        self.assertContains(response, 'User2 comment on vorgabe1')
        # Both users' comments on the same vorgabe should be visible
        self.assertEqual(response.context['total_comments'], 4)
--- a/dokumente/urls.py
+++ b/dokumente/urls.py
@@ -4,8 +4,6 @@ from . import views
 urlpatterns = [
    path('', views.standard_list, name='standard_list'),
    path('unvollstaendig/', views.incomplete_vorgaben, name='incomplete_vorgaben'),
    path('meine-kommentare/', views.user_comments, name='user_comments'),
    path('alle-kommentare/', views.all_comments, name='all_comments'),
    path('<str:nummer>/', views.standard_detail, name='standard_detail'),
    path('<str:nummer>/history/<str:check_date>/', views.standard_detail),
    path('<str:nummer>/history/', views.standard_detail, {"check_date":"today"}, name='standard_history'),
--- a/dokumente/views.py
+++ b/dokumente/views.py
@@ -366,57 +366,3 @@ def delete_vorgabe_comment(request, comment_id):
        response['Content-Security-Policy'] = "default-src 'self'"
        response['X-Content-Type-Options'] = 'nosniff'
        return response
@login_required
 def user_comments(request):
    """
    Display all comments made by the logged-in user, grouped by document.
    """
    # Get all comments by the current user
    user_comments = VorgabeComment.objects.filter(
        user=request.user
    ).select_related('vorgabe', 'vorgabe__dokument').order_by(
        'vorgabe__dokument__nummer', '-created_at'
    )
    # Group comments by document
    comments_by_document = {}
    for comment in user_comments:
        dokument = comment.vorgabe.dokument
        if dokument not in comments_by_document:
            comments_by_document[dokument] = []
        comments_by_document[dokument].append(comment)
    return render(request, 'standards/user_comments.html', {
        'comments_by_document': comments_by_document,
        'total_comments': user_comments.count(),
    })
@login_required
@user_passes_test(is_staff_user)
 def all_comments(request):
    """
    Display all comments from all users, grouped by document.
    Staff only.
    """
    # Get all comments
    all_comments_qs = VorgabeComment.objects.select_related(
        'vorgabe', 'vorgabe__dokument', 'user'
    ).order_by(
        'vorgabe__dokument__nummer', '-created_at'
    )
    # Group comments by document
    comments_by_document = {}
    for comment in all_comments_qs:
        dokument = comment.vorgabe.dokument
        if dokument not in comments_by_document:
            comments_by_document[dokument] = []
        comments_by_document[dokument].append(comment)
    return render(request, 'standards/all_comments.html', {
        'comments_by_document': comments_by_document,
        'total_comments': all_comments_qs.count(),
    })
--- a/k8s/deployment.yaml
+++ b/k8s/deployment.yaml
@@ -24,8 +24,8 @@ spec:
            - name: data
              mountPath: /data
      containers:
-         - name: web
+        - name: web
-           image: docker.io/adebaumann/vui:0.918
+          image: docker.io/adebaumann/vui:0.917
          imagePullPolicy: Always
          ports:
            - containerPort: 8000
--- a/pages/templates/base.html
+++ b/pages/templates/base.html
@@ -51,22 +51,18 @@
 	  <span class="hidden-xs" style="margin-left: 0;">{{ user.first_name }} {{ user.last_name }}</span>
          <span class="caret" style="margin-left: 8px;"></span>
        </a>
-         <ul class="dropdown-menu dropdown-menu-right" role="menu">
+        <ul class="dropdown-menu dropdown-menu-right" role="menu">
-            <li><a href="{% url 'user_comments' %}">Meine Kommentare</a></li>
+          <li><a href="{% url 'password_change' %}">Passwort ändern</a></li>
-            {% if user.is_staff %}
+          <li class="divider"></li>
-            <li><a href="{% url 'all_comments' %}">Alle Kommentare</a></li>
+          <li>
-            {% endif %}
+            <form method="post" action="{% url 'logout' %}" style="display: inline;">
-            <li><a href="{% url 'password_change' %}">Passwort ändern</a></li>
+              {% csrf_token %}
-            <li class="divider"></li>
+              <button type="submit" style="background: none; border: none; color: inherit; padding: 3px 20px; width: 100%; text-align: left; cursor: pointer;">
-            <li>
+                Abmelden
-              <form method="post" action="{% url 'logout' %}" style="display: inline;">
+              </button>
-                {% csrf_token %}
+            </form>
-                <button type="submit" style="background: none; border: none; color: inherit; padding: 3px 20px; width: 100%; text-align: left; cursor: pointer;">
+          </li>
-                  Abmelden
+        </ul>
                </button>
              </form>
            </li>
          </ul>
      </div>
    </div>
    {% else %}
@@ -106,7 +102,7 @@
                  <li><a href="/dokumente">Standards</a></li>
                  {% if user.is_staff %}
                  <li><a href="/dokumente/unvollstaendig/">Unvollständig</a></li>
-                  <li><a href="/autorenumgebung/">Autor</a></li>
+                  <li><a href="/autorenumgebung/">Autorenumgebung</a></li>
                  {% endif %}
                  <li><a href="/referenzen">Referenzen</a></li>
                  <li><a href="/stichworte">Stichworte</a></li>
@@ -137,7 +133,7 @@
        <a href="/dokumente/unvollstaendig/">Unvollständig</a>
      </li>
      <li class="dropdown {% if 'autorenumgebung' in request.path %}current{% endif %}">
-        <a href="/autorenumgebung/">Autor</a>
+        <a href="/autorenumgebung/">Autorenumgebung</a>
      </li>
      {% endif %}
      <li class="dropdown {% if 'referenzen' in request.path %}current{% endif %}">
@@ -219,8 +215,8 @@
          </p>
        </div>
        <div class="col-sm-6 text-right">
-           <p class="text-muted">Version {{ version|default:"0.968" }}</p>
+          <p class="text-muted">Version {{ version|default:"0.961" }}</p>
-         </div>
+        </div>
      </div>
    </div>
  </footer>
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,7 @@ certifi==2025.8.3
 charset-normalizer==3.4.3
 curtsies==0.4.3
 cwcwidth==0.1.10
-Django==5.2.8
+Django==5.2.5
 django-admin-sortable2==2.2.8
 django-js-asset==3.1.2
 django-mptt==0.17.0
@@ -33,4 +33,3 @@ sqlparse==0.5.3
 urllib3==2.5.0
 wcwidth==0.2.13
 bleach==6.1.0
 coverage==7.6.1