Admin notification system for image upload.

[Pragnasri-363]

This PR adds admin notification system which gets triggered when an image is uploaded.

Admin-notification system features :

• Notifications are created when an image gets uploaded.
• Unseen notification count is also present on admin dashboard.
• Notifications are auto-marked as seen when the notification panel is opened.
• Displays "no notifications" when no images are present.

Testing

Tested locally by uploading images and verifying notifications appear correctly.

• Tested on local PostgreSQL database.
• Tested using Flask development server.

Screenshots

Admin Dashboard – Notifications (With uploads)

Admin Dashboard – Notifications (After marked as seen)

[gemini-code-assist]

Summary of Changes

Hello @Pragnasri-363, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the application's administrative capabilities by integrating a new notification system. Administrators will now receive immediate alerts when images are uploaded, complete with an unread count and an intuitive interface to view and manage these notifications. The changes also lay down a more structured Flask application foundation, incorporating database migrations and a clear separation of concerns for models and views, thereby improving maintainability and scalability.

Highlights

• Admin Notification System: Introduced a comprehensive admin notification system that triggers alerts upon image uploads, providing real-time oversight of user activity.
• Notification Management: Admins can view unseen notification counts on the dashboard, and notifications are automatically marked as seen when the notification panel is opened, ensuring an up-to-date view.
• New Flask Application Structure: The project now includes a full Flask application with SQLAlchemy for ORM and Flask-Migrate for database schema management, establishing a robust backend foundation.
• Database Models: Added a new Notification database model to store notification details, alongside the existing Entries model for patient image data.
• Admin Dashboard UI: A dedicated admin dashboard (admin.html) has been implemented, featuring a dynamic notification panel to display and manage alerts effectively.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This PR introduces a notification system for admin users when new images are uploaded. The implementation is a good start, but there are several critical security vulnerabilities that must be addressed, primarily related to hardcoded secrets (database credentials, secret key, admin API key). These secrets are exposed in the source code, including in client-side JavaScript, which is a major risk.

Additionally, there are opportunities to improve code quality and maintainability by refactoring database transactions to be atomic, using existing helper methods to avoid code duplication, and following best practices for configuration and project structure. The frontend templates also have some issues, including invalid HTML and areas for UX and accessibility improvements. Finally, the documentation and dependency management can be improved for better clarity and reproducibility.

[gemini-code-assist]

The admin API key is hardcoded in the client-side JavaScript. This is a critical security vulnerability as it exposes the key to anyone who can view the page source. This key should never be exposed on the client side. Admin actions should be protected by a server-side session-based authentication mechanism (e.g., a login form for admins).

[gemini-code-assist]

This is an extraneous closing </div> tag without a corresponding opening tag. This results in invalid HTML and should be removed.

[gemini-code-assist]

The alt text for the image is generic. For better accessibility, especially for users with screen readers, the alt text should be more descriptive. For example, it could include the patient's name.

        <img src="{{ url_for('static', filename='uploads/' + entry.image_name) }}" alt="Image for patient {{ entry.patient_name }}">

[gemini-code-assist]

The maximum file size is hardcoded in the JavaScript. This value is also configured on the server side in app.py. To avoid duplication and potential inconsistencies, this value should be passed from the backend to the template, for example, via a data attribute on the form or a global JS variable.

[gemini-code-assist]

Using alert() for validation provides a disruptive user experience. A better approach is to display an inline error message next to the file input field. This is less intrusive and keeps the user within the context of the form.