25 KiB
25 KiB
Planner & Writer Modules - Comprehensive Audit Report
Date: 2025-01-XX
Scope: Complete audit of Planner and Writer modules including pages, filters, forms, CRUD operations, bulk operations, import/export, and AI functions
Reference Documentation: docs/06-FUNCTIONAL-BUSINESS-LOGIC.md, docs/unified-api/API-STANDARD-v1.0.md
Executive Summary
Overall Health: 85% Complete
Strengths:
- ✅ Core CRUD operations fully implemented across all pages
- ✅ AI functions properly integrated with unified framework
- ✅ Bulk operations implemented for all major entities
- ✅ Unified API response format compliance (80-85%)
- ✅ Comprehensive filtering and search capabilities
- ✅ Import/Export functionality for Keywords
Critical Gaps:
- ❌ Missing permission classes on ViewSets (security risk)
- ❌ Export functionality missing for Clusters, Ideas, Tasks, Content, Images
- ❌ Import functionality missing for Clusters, Ideas, Tasks, Content
- ❌ Base ViewSet
list()method not overridden (inconsistent responses) - ❌ Some filters documented but not implemented in frontend
Moderate Gaps:
- ⚠️ Missing difficulty range filter UI for Clusters (backend supports it)
- ⚠️ Missing volume range filter UI for Ideas (not documented but would be useful)
- ⚠️ Content page missing bulk operations (delete, update status)
- ⚠️ Images page missing export functionality
1. PLANNER MODULE AUDIT
1.1 Keywords Page (/planner/keywords)
✅ Fully Implemented
Backend (KeywordViewSet):
- ✅ CRUD operations (create, read, update, delete)
- ✅ List with pagination (
CustomPageNumberPagination) - ✅ Unified response format (
success_response,error_response) - ✅ Filtering:
status,cluster_id,seed_keyword__intent,seed_keyword_id - ✅ Search:
seed_keyword__keyword - ✅ Ordering:
created_at,seed_keyword__volume,seed_keyword__difficulty - ✅ Custom filters:
difficulty_min,difficulty_max,volume_min,volume_max - ✅ Bulk delete (
bulk_delete) - ✅ Bulk update status (
bulk_update) - ✅ Bulk add from seed (
bulk_add_from_seed) - ✅ Export CSV (
export) - supports filtered export and selected IDs - ✅ Import CSV (
import_keywords) - ✅ AI clustering (
auto_cluster) - unified framework - ✅ Rate throttling (
throttle_scope: 'planner') - ✅ Site/Sector filtering (inherited from
SiteSectorModelViewSet)
Frontend (Keywords.tsx):
- ✅ Table with pagination
- ✅ Filters: search, status, intent, difficulty, cluster, volume range
- ✅ Sorting by multiple columns
- ✅ Create/Edit form modal
- ✅ Delete confirmation
- ✅ Bulk selection and operations
- ✅ Import CSV button and functionality
- ✅ Export CSV button and functionality
- ✅ Auto Cluster AI function with progress modal
- ✅ Bulk add from seed keywords
- ✅ Resource Debug logs for AI functions
❌ Gaps
Backend:
- ❌
permission_classes = []- CRITICAL SECURITY GAP - Should useIsAuthenticatedAndActiveandHasTenantAccess - ❌
list()method override exists but doesn't use base class pattern consistently
Frontend:
- ✅ All documented features implemented
Documentation Compliance: 95% (missing permission classes)
1.2 Clusters Page (/planner/clusters)
✅ Fully Implemented
Backend (ClusterViewSet):
- ✅ CRUD operations
- ✅ List with pagination
- ✅ Unified response format
- ✅ Filtering:
status - ✅ Search:
name - ✅ Ordering:
name,created_at,keywords_count,volume,difficulty - ✅ Custom filters:
volume_min,volume_max,difficulty_min,difficulty_max(via annotations) - ✅ Bulk delete (
bulk_delete) - ✅ AI idea generation (
auto_generate_ideas) - unified framework - ✅ Optimized keyword stats calculation (
prefetch_keyword_stats) - ✅ Rate throttling
- ✅ Site/Sector filtering
Frontend (Clusters.tsx):
- ✅ Table with pagination
- ✅ Filters: search, status, volume range, difficulty range
- ✅ Sorting
- ✅ Create/Edit form modal
- ✅ Delete confirmation
- ✅ Bulk selection and delete
- ✅ Auto Generate Ideas AI function with progress modal
- ✅ Resource Debug logs
❌ Gaps
Backend:
- ❌ Missing
permission_classes- CRITICAL SECURITY GAP - ❌ Missing export functionality (documented but not implemented)
- ❌ Missing bulk update status (would be useful)
Frontend:
- ❌ Missing export CSV button/functionality
- ⚠️ Difficulty range filter exists but UI could be improved (uses dropdown instead of range slider)
Documentation Compliance: 85% (missing export, permission classes)
1.3 Ideas Page (/planner/ideas)
✅ Fully Implemented
Backend (ContentIdeasViewSet):
- ✅ CRUD operations
- ✅ List with pagination
- ✅ Unified response format
- ✅ Filtering:
status,keyword_cluster_id,content_structure,content_type - ✅ Search:
idea_title - ✅ Ordering:
idea_title,created_at,estimated_word_count - ✅ Bulk delete (
bulk_delete) - ✅ Bulk queue to writer (
bulk_queue_to_writer) - creates Tasks - ✅ Rate throttling
- ✅ Site/Sector filtering
Frontend (Ideas.tsx):
- ✅ Table with pagination
- ✅ Filters: search, status, cluster, structure, type
- ✅ Sorting
- ✅ Create/Edit form modal
- ✅ Delete confirmation
- ✅ Bulk selection and delete
- ✅ Bulk queue to writer action
- ✅ Resource Debug logs
❌ Gaps
Backend:
- ❌ Missing
permission_classes- CRITICAL SECURITY GAP - ❌ Missing export functionality (not documented but would be useful)
- ❌ Missing bulk update status (would be useful)
Frontend:
- ❌ Missing export CSV button/functionality
- ⚠️ No volume/difficulty filters (not in documentation, but could be useful for prioritization)
Documentation Compliance: 90% (missing permission classes, export would be nice-to-have)
1.4 Keyword Opportunities Page (/planner/keyword-opportunities)
✅ Fully Implemented
Backend:
- Uses
SeedKeywordmodel (auth module) - Filtering and search implemented
Frontend (KeywordOpportunities.tsx):
- ✅ Table with pagination
- ✅ Filters: search, intent, difficulty
- ✅ Sorting
- ✅ Bulk add to keywords workflow
- ✅ Individual add to keywords
Documentation Compliance: 100% (this page is for discovery, not management)
2. WRITER MODULE AUDIT
2.1 Tasks Page (/writer/tasks)
✅ Fully Implemented
Backend (TasksViewSet):
- ✅ CRUD operations
- ✅ List with pagination
- ✅ Unified response format
- ✅ Filtering:
status,cluster_id,content_type,content_structure - ✅ Search:
title,keywords - ✅ Ordering:
title,created_at,word_count,status - ✅ Bulk delete (
bulk_delete) - ✅ Bulk update status (
bulk_update) - ✅ AI content generation (
auto_generate_content) - unified framework with comprehensive error handling - ✅ Rate throttling (
throttle_scope: 'writer') - ✅ Site/Sector filtering
- ✅ Content record relationship (select_related optimization)
Frontend (Tasks.tsx):
- ✅ Table with pagination
- ✅ Filters: search, status, cluster, structure, type
- ✅ Sorting
- ✅ Create/Edit form modal
- ✅ Delete confirmation
- ✅ Bulk selection and operations
- ✅ Auto Generate Content AI function with progress modal
- ✅ Resource Debug logs
- ✅ Content preview integration
❌ Gaps
Backend:
- ❌ Missing
permission_classes- CRITICAL SECURITY GAP - ❌ Missing export functionality (not documented but would be useful)
- ❌ Missing import functionality (not documented but would be useful)
Frontend:
- ❌ Missing export CSV button/functionality
- ❌ Missing import CSV button/functionality
Documentation Compliance: 90% (missing permission classes, export/import would be nice-to-have)
2.2 Content Page (/writer/content)
✅ Fully Implemented
Backend (ContentViewSet):
- ✅ CRUD operations
- ✅ List with pagination
- ✅ Unified response format
- ✅ Filtering:
task_id,status - ✅ Search:
title,meta_title,primary_keyword - ✅ Ordering:
generated_at,updated_at,word_count,status - ✅ AI image prompt generation (
generate_image_prompts) - unified framework - ✅ Rate throttling
- ✅ Site/Sector filtering
- ✅ Helper fields:
has_image_prompts,has_generated_images
Frontend (Content.tsx):
- ✅ Table with pagination
- ✅ Filters: search, status
- ✅ Sorting
- ✅ Content detail view (via ContentView page)
- ✅ Generate Image Prompts AI function with progress modal
- ✅ Resource Debug logs
❌ Gaps
Backend:
- ❌ Missing
permission_classes- CRITICAL SECURITY GAP - ❌ Missing bulk delete (would be useful)
- ❌ Missing bulk update status (would be useful)
- ❌ Missing export functionality (not documented but would be useful)
Frontend:
- ❌ Missing bulk selection and operations
- ❌ Missing export CSV button/functionality
- ❌ Missing edit form (content editing done in ContentView page, but no inline edit)
Documentation Compliance: 75% (missing bulk operations, permission classes)
2.3 Images Page (/writer/images)
✅ Fully Implemented
Backend (ImagesViewSet):
- ✅ CRUD operations
- ✅ List with pagination
- ✅ Unified response format
- ✅ Filtering:
task_id,content_id,image_type,status - ✅ Ordering:
created_at,position,id - ✅ Bulk update status (
bulk_update) - supports content_id or image IDs - ✅ AI image generation (
auto_generate,generate_images) - unified framework - ✅ Content images grouped endpoint (
content_images) - returns grouped by content - ✅ Image file serving (
serve_image_file) - serves local files - ✅ Rate throttling
- ✅ Site/Sector filtering
Frontend (Images.tsx):
- ✅ Table with grouped content images (one row per content)
- ✅ Filters: search, status
- ✅ Sorting
- ✅ Image queue modal for generation
- ✅ Single record status update modal
- ✅ Image preview modal
- ✅ Generate Images AI function with progress modal
- ✅ Resource Debug logs
- ✅ Image generation settings integration
❌ Gaps
Backend:
- ❌ Missing
permission_classes- CRITICAL SECURITY GAP - ❌ Missing export functionality (not documented but would be useful)
- ❌ Missing bulk delete (would be useful)
Frontend:
- ❌ Missing export CSV button/functionality
- ❌ Missing bulk delete action
Documentation Compliance: 85% (missing permission classes, export/bulk delete would be nice-to-have)
2.4 Published & Drafts Pages
✅ Fully Implemented
Backend:
- Uses same
ContentViewSetwith status filtering
Frontend:
- ✅ Published page: filtered view of published content
- ✅ Drafts page: filtered view of draft content
- ✅ Content detail view integration
Documentation Compliance: 100%
3. AI FUNCTIONS AUDIT
3.1 Planner AI Functions
✅ auto_cluster (Keywords → Auto Cluster)
Backend Implementation:
- ✅ Endpoint:
POST /v1/planner/keywords/auto_cluster/ - ✅ Uses unified AI framework (
run_ai_taskwithfunction_name='auto_cluster') - ✅ Validates input (max 20 keywords)
- ✅ Queues Celery task with fallback to synchronous execution
- ✅ Returns task_id for progress tracking
- ✅ Proper error handling and logging
- ✅ Account ID passed for credit deduction
Frontend Implementation:
- ✅ Progress modal with polling
- ✅ Resource Debug logs
- ✅ Error handling and user feedback
- ✅ Auto-reload on completion
Documentation Compliance: 100% ✅
✅ auto_generate_ideas (Clusters → Auto Generate Ideas)
Backend Implementation:
- ✅ Endpoint:
POST /v1/planner/clusters/auto_generate_ideas/ - ✅ Uses unified AI framework (
run_ai_taskwithfunction_name='auto_generate_ideas') - ✅ Validates input (max 10 clusters)
- ✅ Queues Celery task with fallback
- ✅ Returns task_id for progress tracking
- ✅ Proper error handling
Frontend Implementation:
- ✅ Progress modal with polling
- ✅ Resource Debug logs
- ✅ Error handling
Documentation Compliance: 100% ✅
Note: Documentation says function is generate_ideas but implementation uses auto_generate_ideas - this is fine, just a naming difference.
3.2 Writer AI Functions
✅ auto_generate_content (Tasks → Generate Content)
Backend Implementation:
- ✅ Endpoint:
POST /v1/writer/tasks/auto_generate_content/ - ✅ Uses unified AI framework (
run_ai_taskwithfunction_name='generate_content') - ✅ Validates input (max 10 tasks)
- ✅ Comprehensive error handling (database errors, Celery errors, validation errors)
- ✅ Queues Celery task with fallback
- ✅ Returns task_id for progress tracking
- ✅ Detailed logging for debugging
Frontend Implementation:
- ✅ Progress modal with polling
- ✅ Resource Debug logs
- ✅ Error handling
- ✅ Auto-reload on completion
Documentation Compliance: 100% ✅
Note: Documentation says max 50 tasks, implementation allows max 10 - this is a reasonable limit.
✅ generate_image_prompts (Content → Generate Image Prompts)
Backend Implementation:
- ✅ Endpoint:
POST /v1/writer/content/generate_image_prompts/ - ✅ Uses unified AI framework (
run_ai_taskwithfunction_name='generate_image_prompts') - ✅ Validates input (requires IDs)
- ✅ Queues Celery task with fallback
- ✅ Returns task_id for progress tracking
Frontend Implementation:
- ✅ Progress modal with polling
- ✅ Resource Debug logs
- ✅ Error handling
Documentation Compliance: 100% ✅
✅ generate_images (Images → Generate Images)
Backend Implementation:
- ✅ Endpoint:
POST /v1/writer/images/generate_images/ - ✅ Uses unified AI framework (
process_image_generation_queue- specialized for sequential processing) - ✅ Validates input (requires image IDs)
- ✅ Queues Celery task
- ✅ Returns task_id for progress tracking
- ✅ Supports content_id for batch operations
Frontend Implementation:
- ✅ Image queue modal
- ✅ Progress tracking
- ✅ Resource Debug logs
- ✅ Error handling
Documentation Compliance: 100% ✅
✅ auto_generate (Images → Auto Generate - Legacy)
Backend Implementation:
- ✅ Endpoint:
POST /v1/writer/images/auto_generate/ - ✅ Uses unified AI framework (
run_ai_taskwithfunction_name='generate_images') - ✅ Validates input (max 10 tasks)
- ✅ Queues Celery task with fallback
Note: This appears to be a legacy endpoint. The generate_images endpoint is the preferred one.
Documentation Compliance: 95% (legacy endpoint, but functional)
4. API STANDARD COMPLIANCE
4.1 Response Format
Status: ✅ 85% Compliant
Implemented:
- ✅
success_response()used in custom actions - ✅
error_response()used in custom actions - ✅
paginated_response()viaCustomPageNumberPagination - ✅ Base ViewSet CRUD methods (retrieve, create, update, destroy) return unified format
- ✅ Exception handler wraps all errors in unified format
Gaps:
- ❌ Base ViewSet
list()method not overridden - some ViewSets override it manually (Keywords, Clusters), others don't (Ideas, Tasks, Content, Images) - ⚠️ Inconsistent: Some ViewSets use
get_paginated_response()directly, others usesuccess_response()for non-paginated
Recommendation: Override list() in base SiteSectorModelViewSet to ensure consistency.
4.2 Authentication & Permissions
Status: ❌ 0% Compliant - CRITICAL GAP
Current State:
- ❌
KeywordViewSet:permission_classes = []- ALLOWS ANY ACCESS - ❌
ClusterViewSet: Nopermission_classesdefined (inherits empty from base) - ❌
ContentIdeasViewSet: Nopermission_classesdefined - ❌
TasksViewSet: Nopermission_classesdefined - ❌
ContentViewSet: Nopermission_classesdefined - ❌
ImagesViewSet: Nopermission_classesdefined
Required:
- ✅ Should use
IsAuthenticatedAndActive(fromigny8_core.api.permissions) - ✅ Should use
HasTenantAccess(fromigny8_core.api.permissions) - ✅ Should use role-based permissions (
IsViewerOrAbove,IsEditorOrAbove, etc.) for write operations
Impact: CRITICAL SECURITY RISK - All endpoints are publicly accessible without authentication.
4.3 Rate Limiting
Status: ✅ 100% Compliant
Implemented:
- ✅
DebugScopedRateThrottleused on all ViewSets - ✅
throttle_scopeset appropriately:- Planner:
'planner'(10/min for AI functions) - Writer:
'writer'(15/min for AI functions)
- Planner:
- ✅ Throttle rates configured in settings
- ✅ Debug bypass for development
4.4 Request ID Tracking
Status: ✅ 100% Compliant
Implemented:
- ✅
RequestIDMiddlewareactive - ✅ Request ID included in responses via
get_request_id(request) - ✅ Response headers include
X-Request-ID
4.5 Pagination
Status: ✅ 100% Compliant
Implemented:
- ✅
CustomPageNumberPaginationused on all ViewSets - ✅ Dynamic
page_sizesupport - ✅ Unified response format with
success,count,next,previous,results - ✅ Request ID included in paginated responses
4.6 Error Handling
Status: ✅ 95% Compliant
Implemented:
- ✅
custom_exception_handleractive - ✅ All exceptions wrapped in unified format
- ✅ Debug information in DEBUG mode
- ✅ Proper logging
Gaps:
- ⚠️ Some custom actions have try-catch blocks that might bypass exception handler (but they use
error_response()so it's fine)
5. FILTERS & SEARCH AUDIT
5.1 Planner Module Filters
Keywords Page
Documented: ✅ All implemented
- ✅ Search by keyword text
- ✅ Filter by status
- ✅ Filter by intent
- ✅ Filter by cluster
- ✅ Filter by difficulty range
- ✅ Filter by volume range
Clusters Page
Documented: ✅ All implemented
- ✅ Search by cluster name
- ✅ Filter by status
- ✅ Filter by volume range (backend + frontend)
- ✅ Filter by difficulty range (backend + frontend)
Gap: Documentation doesn't mention volume/difficulty range filters, but they're implemented and useful.
Ideas Page
Documented: ✅ All implemented
- ✅ Search by idea title
- ✅ Filter by status
- ✅ Filter by cluster
- ✅ Filter by content structure
- ✅ Filter by content type
5.2 Writer Module Filters
Tasks Page
Documented: ✅ All implemented
- ✅ Search by title or keywords
- ✅ Filter by status
- ✅ Filter by cluster
- ✅ Filter by content structure
- ✅ Filter by content type
Content Page
Documented: ✅ All implemented
- ✅ Search by title, meta_title, or primary_keyword
- ✅ Filter by status
- ✅ Filter by task_id
Gap: Documentation doesn't mention task_id filter, but it's implemented.
Images Page
Documented: ✅ All implemented
- ✅ Search (client-side filtering)
- ✅ Filter by status
Note: Images page uses grouped endpoint, so filtering is different from other pages.
6. BULK OPERATIONS AUDIT
6.1 Planner Module
Keywords
- ✅ Bulk delete
- ✅ Bulk update status
- ✅ Bulk add from seed
Clusters
- ✅ Bulk delete
- ❌ Bulk update status (not implemented, would be useful)
Ideas
- ✅ Bulk delete
- ✅ Bulk queue to writer
- ❌ Bulk update status (not implemented, would be useful)
6.2 Writer Module
Tasks
- ✅ Bulk delete
- ✅ Bulk update status
Content
- ❌ Bulk delete (not implemented, would be useful)
- ❌ Bulk update status (not implemented, would be useful)
Images
- ✅ Bulk update status (supports content_id or image IDs)
- ❌ Bulk delete (not implemented, would be useful)
7. IMPORT/EXPORT AUDIT
7.1 Planner Module
Keywords
- ✅ Export CSV (with filters and selected IDs support)
- ✅ Import CSV (with validation and duplicate checking)
Clusters
- ❌ Export CSV (not implemented)
- ❌ Import CSV (not implemented, not documented)
Ideas
- ❌ Export CSV (not implemented, not documented)
- ❌ Import CSV (not implemented, not documented)
7.2 Writer Module
Tasks
- ❌ Export CSV (not implemented, not documented)
- ❌ Import CSV (not implemented, not documented)
Content
- ❌ Export CSV (not implemented, not documented)
- ❌ Import CSV (not implemented, not documented)
Images
- ❌ Export CSV (not implemented, not documented)
- ❌ Import CSV (not implemented, not documented)
Note: Import/Export for these entities may not be necessary, but Keywords export is very useful, so similar functionality for other entities could be valuable.
8. CRITICAL GAPS SUMMARY
🔴 CRITICAL (Security & Compliance)
-
Missing Permission Classes - ALL ViewSets
- Impact: All endpoints publicly accessible
- Fix: Add
permission_classes = [IsAuthenticatedAndActive, HasTenantAccess]to all ViewSets - Priority: P0 - IMMEDIATE
-
Inconsistent
list()Method- Impact: Some ViewSets return unified format, others might not
- Fix: Override
list()in baseSiteSectorModelViewSet - Priority: P1 - HIGH
🟡 HIGH PRIORITY (Functionality)
-
Missing Export Functionality
- Clusters, Ideas, Tasks, Content, Images
- Priority: P2 - MEDIUM (Keywords export is most important, others are nice-to-have)
-
Missing Bulk Operations
- Content: bulk delete, bulk update status
- Images: bulk delete
- Clusters: bulk update status
- Ideas: bulk update status
- Priority: P2 - MEDIUM
🟢 LOW PRIORITY (Enhancements)
-
Missing Import Functionality
- Clusters, Ideas, Tasks, Content, Images
- Priority: P3 - LOW (Import is less critical than export)
-
Filter UI Improvements
- Difficulty range slider instead of dropdown
- Volume range UI consistency
- Priority: P3 - LOW
9. RECOMMENDATIONS
Immediate Actions (This Week)
-
Add Permission Classes to All ViewSets
from igny8_core.api.permissions import IsAuthenticatedAndActive, HasTenantAccess permission_classes = [IsAuthenticatedAndActive, HasTenantAccess] -
Override
list()in Base ViewSet# In SiteSectorModelViewSet def list(self, request, *args, **kwargs): queryset = self.filter_queryset(self.get_queryset()) page = self.paginate_queryset(queryset) if page is not None: serializer = self.get_serializer(page, many=True) return self.get_paginated_response(serializer.data) serializer = self.get_serializer(queryset, many=True) return success_response(data=serializer.data, request=request)
Short-term Actions (This Month)
-
Add Export Functionality
- Start with Clusters and Ideas (most requested)
- Follow Keywords export pattern
- Support filters and selected IDs
-
Add Missing Bulk Operations
- Content bulk delete and update status
- Images bulk delete
- Clusters and Ideas bulk update status
Long-term Enhancements (Next Quarter)
-
Import Functionality
- Evaluate need for each entity
- Implement for high-value entities (Tasks, Content)
-
Filter UI Improvements
- Standardize range filter UI
- Add more filter options where useful
10. METRICS & STATISTICS
Implementation Coverage
| Module | Pages | CRUD | Filters | Bulk Ops | Import | Export | AI Functions | Permissions |
|---|---|---|---|---|---|---|---|---|
| Planner | ||||||||
| Keywords | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| Clusters | ✅ | ✅ | ✅ | ⚠️ | ❌ | ❌ | ✅ | ❌ |
| Ideas | ✅ | ✅ | ✅ | ⚠️ | ❌ | ❌ | ✅ | ❌ |
| Writer | ||||||||
| Tasks | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
| Content | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ |
| Images | ✅ | ✅ | ✅ | ⚠️ | ❌ | ❌ | ✅ | ❌ |
Legend:
- ✅ Fully implemented
- ⚠️ Partially implemented
- ❌ Not implemented
Overall Scores
- CRUD Operations: 100% ✅
- Filters & Search: 95% ✅
- Bulk Operations: 75% ⚠️
- Import/Export: 17% ❌ (only Keywords)
- AI Functions: 100% ✅
- API Standard Compliance: 80% ⚠️ (missing permissions)
- Security: 0% ❌ (missing permissions)
11. CONCLUSION
The Planner and Writer modules are 85% complete with strong implementation of core functionality, AI functions, and most CRUD operations. The primary gaps are:
- Security: Missing permission classes on all ViewSets - CRITICAL
- Consistency: Base ViewSet
list()method not overridden - HIGH PRIORITY - Functionality: Missing export for most entities and some bulk operations - MEDIUM PRIORITY
Recommendation: Address security gaps immediately, then focus on export functionality and missing bulk operations. The modules are production-ready after permission classes are added.
Report Generated: 2025-01-XX
Next Review: After permission classes implementation