Initial commit

app/internal/handlers/admin.go

@@ -0,0 +1,402 @@
+package handlers
+
+import (
+	"database/sql"
+	"errors"
+	"log"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/patel-mann/poll-system/app/internal/models"
+	"github.com/patel-mann/poll-system/app/internal/utils"
+)
+
+// View model for listing/assigning schedules
+type AssignmentVM struct {
+	ID               int
+	VolunteerID      int
+	VolunteerName    string
+	AddressID        int
+	Address          string
+	Date             string // YYYY-MM-DD (for input[type=date])
+	AppointmentTime  string // HH:MM
+	VisitedValidated bool
+}
+
+// GET + POST in one handler:
+// - GET: show assignments + form to assign
+// - POST: create a new assignment
+func AdminAssignmentsHandler(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case http.MethodPost:
+		if err := createAssignmentFromForm(r); err != nil {
+			log.Println("create assignment error:", err)
+			volunteers, _ := fetchVolunteers()
+			addresses, _ := fetchAddresses()
+			assignments, _ := fetchAssignments()
+
+			utils.Render(w, "schedual/assignments.html", map[string]interface{}{
+				"Title":           "Admin — Assign Addresses",
+				"IsAuthenticated": true,
+				"ActiveSection":   "admin_assignments",
+				"Volunteers":      volunteers,
+				"Addresses":       addresses,
+				"Assignments":     assignments,
+				"Error":           err.Error(),
+			})
+			return
+		}
+		http.Redirect(w, r, "/admin/assignments", http.StatusSeeOther)
+		return
+	}
+
+	// GET: fetch volunteers, addresses, and existing assignments
+	volunteers, err := fetchVolunteers()
+	if err != nil {
+		log.Println("fetch volunteers error:", err)
+		http.Error(w, "Failed to load volunteers", http.StatusInternalServerError)
+		return
+	}
+	addresses, err := fetchAddresses()
+	if err != nil {
+		log.Println("fetch addresses error:", err)
+		http.Error(w, "Failed to load addresses", http.StatusInternalServerError)
+		return
+	}
+	assignments, err := fetchAssignments()
+	if err != nil {
+		log.Println("fetch assignments error:", err)
+		http.Error(w, "Failed to load assignments", http.StatusInternalServerError)
+		return
+	}
+
+	utils.Render(w, "assignments.html", map[string]interface{}{
+		"Title":           "Admin — Assign Addresses",
+		"IsAuthenticated": true,
+		"ActiveSection":   "admin_assignments",
+		"Volunteers":      volunteers,
+		"Addresses":       addresses,
+		"Assignments":     assignments,
+	})
+}
+
+// GET (edit form) + POST (update/delete)
+func AdminAssignmentEditHandler(w http.ResponseWriter, r *http.Request) {
+	idStr := r.URL.Query().Get("id")
+	id, _ := strconv.Atoi(idStr)
+	if id <= 0 {
+		http.NotFound(w, r)
+		return
+	}
+
+	if r.Method == http.MethodPost {
+		action := r.FormValue("action")
+		switch action {
+		case "delete":
+			if err := deleteAssignment(id); err != nil {
+				log.Println("delete assignment error:", err)
+				http.Error(w, "Failed to delete assignment", http.StatusInternalServerError)
+				return
+			}
+			http.Redirect(w, r, "/admin/assignments", http.StatusSeeOther)
+			return
+		case "update":
+			if err := updateAssignmentFromForm(id, r); err != nil {
+				log.Println("update assignment error:", err)
+				vm, _ := fetchAssignmentByID(id)
+				volunteers, _ := fetchVolunteers()
+				addresses, _ := fetchAddresses()
+
+				utils.Render(w, "assignment_edit.html", map[string]interface{}{
+					"Title":      "Edit Assignment",
+					"Assignment": vm,
+					"Volunteers": volunteers,
+					"Addresses":  addresses,
+					"Error":      err.Error(),
+				})
+				return
+			}
+			http.Redirect(w, r, "/admin/assignments", http.StatusSeeOther)
+			return
+		default:
+			http.Error(w, "Unknown action", http.StatusBadRequest)
+			return
+		}
+	}
+
+	// GET edit
+	vm, err := fetchAssignmentByID(id)
+	if err != nil {
+		if err == sql.ErrNoRows {
+			http.NotFound(w, r)
+			return
+		}
+		log.Println("fetch assignment by ID error:", err)
+		http.Error(w, "Failed to load assignment", http.StatusInternalServerError)
+		return
+	}
+
+	volunteers, err := fetchVolunteers()
+	if err != nil {
+		log.Println("fetch volunteers error:", err)
+		http.Error(w, "Failed to load volunteers", http.StatusInternalServerError)
+		return
+	}
+	addresses, err := fetchAddresses()
+	if err != nil {
+		log.Println("fetch addresses error:", err)
+		http.Error(w, "Failed to load addresses", http.StatusInternalServerError)
+		return
+	}
+
+	utils.Render(w, "assignment_edit.html", map[string]interface{}{
+		"Title":      "Edit Assignment",
+		"Assignment": vm,
+		"Volunteers": volunteers,
+		"Addresses":  addresses,
+	})
+}
+
+// ----- Helpers -----
+
+func createAssignmentFromForm(r *http.Request) error {
+	volID, _ := strconv.Atoi(r.FormValue("volunteer_id"))
+	addrID, _ := strconv.Atoi(r.FormValue("address_id"))
+	dateStr := r.FormValue("date")
+	timeStr := r.FormValue("appointment_time")
+
+	if volID <= 0 || addrID <= 0 || dateStr == "" || timeStr == "" {
+		return errors.New("please fill all required fields")
+	}
+
+	if _, err := time.Parse("2006-01-02", dateStr); err != nil {
+		return errors.New("invalid date format")
+	}
+	if _, err := time.Parse("15:04", timeStr); err != nil {
+		return errors.New("invalid time format")
+	}
+
+	_, err := models.DB.Exec(`
+		INSERT INTO schedual (user_id, address_id, appointment_date, appointment_time, created_at, updated_at)
+		VALUES ($1,$2,$3,$4,NOW(),NOW())
+	`, volID, addrID, dateStr, timeStr)
+
+	if err != nil {
+		log.Println("database insert error:", err)
+		return errors.New("failed to create assignment")
+	}
+
+	return nil
+}
+
+func updateAssignmentFromForm(id int, r *http.Request) error {
+	volID, _ := strconv.Atoi(r.FormValue("volunteer_id"))
+	addrID, _ := strconv.Atoi(r.FormValue("address_id"))
+	dateStr := r.FormValue("date")
+	timeStr := r.FormValue("appointment_time")
+
+	if volID <= 0 || addrID <= 0 || dateStr == "" || timeStr == "" {
+		return errors.New("please fill all required fields")
+	}
+
+	if _, err := time.Parse("2006-01-02", dateStr); err != nil {
+		return errors.New("invalid date format")
+	}
+	if _, err := time.Parse("15:04", timeStr); err != nil {
+		return errors.New("invalid time format")
+	}
+
+	result, err := models.DB.Exec(`
+		UPDATE schedual
+		SET user_id=$1, address_id=$2, appointment_date=$3, appointment_time=$4, updated_at=NOW()
+		WHERE schedual_id=$5
+	`, volID, addrID, dateStr, timeStr, id)
+
+	if err != nil {
+		log.Println("database update error:", err)
+		return errors.New("failed to update assignment")
+	}
+
+	rowsAffected, _ := result.RowsAffected()
+	if rowsAffected == 0 {
+		return errors.New("assignment not found")
+	}
+	return nil
+}
+
+func deleteAssignment(id int) error {
+	result, err := models.DB.Exec(`DELETE FROM schedual WHERE schedual_id=$1`, id)
+	if err != nil {
+		log.Println("database delete error:", err)
+		return errors.New("failed to delete assignment")
+	}
+	rowsAffected, _ := result.RowsAffected()
+	if rowsAffected == 0 {
+		return errors.New("assignment not found")
+	}
+	return nil
+}
+
+// Fetch volunteers
+type VolunteerPick struct {
+	ID        int
+	FirstName string
+	LastName  string
+	Email     string
+}
+
+func fetchVolunteers() ([]VolunteerPick, error) {
+	rows, err := models.DB.Query(`
+		SELECT users_id, first_name, last_name, email
+		FROM "user"
+		WHERE role='volunteer'
+		ORDER BY first_name, last_name
+	`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var out []VolunteerPick
+	for rows.Next() {
+		var v VolunteerPick
+		if err := rows.Scan(&v.ID, &v.FirstName, &v.LastName, &v.Email); err != nil {
+			log.Println("fetchVolunteers scan:", err)
+			continue
+		}
+		out = append(out, v)
+	}
+	return out, rows.Err()
+}
+
+// Fetch addresses
+type AddressPick struct {
+	ID               int
+	Label            string
+	VisitedValidated bool
+}
+
+func fetchAddresses() ([]AddressPick, error) {
+	rows, err := models.DB.Query(`
+		SELECT
+			address_id,
+			address,
+			street_name,
+			street_type,
+			street_quadrant,
+			house_number,
+			house_alpha,
+			longitude,
+			latitude,
+			visited_validated
+		FROM address_database
+		ORDER BY address_id DESC
+	`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var out []AddressPick
+	for rows.Next() {
+		var addr models.AddressDatabase
+		if err := rows.Scan(
+			&addr.AddressID,
+			&addr.Address,
+			&addr.StreetName,
+			&addr.StreetType,
+			&addr.StreetQuadrant,
+			&addr.HouseNumber,
+			&addr.HouseAlpha,
+			&addr.Longitude,
+			&addr.Latitude,
+			&addr.VisitedValidated,
+		); err != nil {
+			log.Println("fetchAddresses scan:", err)
+			continue
+		}
+
+		label := addr.Address
+		if label == "" {
+			label = addr.HouseNumber
+			if addr.StreetName != "" {
+				if label != "" {
+					label += " "
+				}
+				label += addr.StreetName
+			}
+			if addr.StreetType != "" {
+				label += " " + addr.StreetType
+			}
+			if addr.StreetQuadrant != "" {
+				label += " " + addr.StreetQuadrant
+			}
+			if addr.HouseAlpha != nil {
+				label += " " + *addr.HouseAlpha
+			}
+		}
+
+		out = append(out, AddressPick{
+			ID:               addr.AddressID,
+			Label:            label,
+			VisitedValidated: addr.VisitedValidated,
+		})
+	}
+	return out, rows.Err()
+}
+
+// Add this missing function
+func fetchAssignments() ([]AssignmentVM, error) {
+	rows, err := models.DB.Query(`
+		SELECT
+			s.schedual_id,
+			u.users_id,
+			COALESCE(u.first_name,'') || ' ' || COALESCE(u.last_name,'') AS volunteer_name,
+			a.address_id,
+			COALESCE(a.address,'') AS address,
+			s.appointment_date,
+			s.appointment_time
+		FROM schedual s
+		JOIN "user" u ON u.users_id = s.user_id
+		JOIN address_database a ON a.address_id = s.address_id
+		ORDER BY s.appointment_date DESC, s.appointment_time DESC
+	`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var assignments []AssignmentVM
+	for rows.Next() {
+		var vm AssignmentVM
+		if err := rows.Scan(&vm.ID, &vm.VolunteerID, &vm.VolunteerName, &vm.AddressID, &vm.Address,
+			&vm.Date, &vm.AppointmentTime); err != nil {
+			log.Println("fetchAssignments scan:", err)
+			continue
+		}
+		assignments = append(assignments, vm)
+	}
+	return assignments, rows.Err()
+}
+
+func fetchAssignmentByID(id int) (AssignmentVM, error) {
+	var vm AssignmentVM
+	err := models.DB.QueryRow(`
+		SELECT
+			s.schedual_id,
+			u.users_id,
+			COALESCE(u.first_name,'') || ' ' || COALESCE(u.last_name,'') AS volunteer_name,
+			a.address_id,
+			COALESCE(a.address,'') AS address,
+			s.appointment_date,
+			s.appointment_time
+		FROM schedual s
+		JOIN "user" u ON u.users_id = s.user_id
+		JOIN address_database a ON a.address_id = s.address_id
+		WHERE s.schedual_id = $1
+	`, id).Scan(&vm.ID, &vm.VolunteerID, &vm.VolunteerName, &vm.AddressID, &vm.Address,
+		&vm.Date, &vm.AppointmentTime)
+
+	return vm, err
+}

app/internal/handlers/admin_addresses.go

@@ -0,0 +1,184 @@
+package handlers
+
+import (
+	"log"
+	"net/http"
+	"strconv"
+
+	"github.com/patel-mann/poll-system/app/internal/models"
+	"github.com/patel-mann/poll-system/app/internal/utils"
+)
+
+// PaginationInfo holds pagination metadata
+type PaginationInfo struct {
+	CurrentPage  int
+	TotalPages   int
+	TotalRecords int
+	PageSize     int
+	HasPrevious  bool
+	HasNext      bool
+	StartRecord  int
+	EndRecord    int
+	PreviousPage int
+	NextPage     int
+	FirstPage    int
+	LastPage     int
+	PageNumbers  []PageNumber
+}
+
+type PageNumber struct {
+	Number    int
+	IsCurrent bool
+}
+
+func AddressHandler(w http.ResponseWriter, r *http.Request) {
+	// Get pagination parameters from query string
+	pageStr := r.URL.Query().Get("page")
+	pageSizeStr := r.URL.Query().Get("pageSize")
+
+	// Default values
+	page := 1
+	pageSize := 20 // Default page size
+
+	// Parse page number
+	if pageStr != "" {
+		if p, err := strconv.Atoi(pageStr); err == nil && p > 0 {
+			page = p
+		}
+	}
+
+	// Parse page size
+	if pageSizeStr != "" {
+		if ps, err := strconv.Atoi(pageSizeStr); err == nil && ps > 0 && ps <= 100 {
+			pageSize = ps
+		}
+	}
+
+	// Calculate offset
+	offset := (page - 1) * pageSize
+
+	// Get total count first
+	var totalRecords int
+	err := models.DB.QueryRow(`SELECT COUNT(*) FROM "address_database"`).Scan(&totalRecords)
+	if err != nil {
+		log.Println("Count query error:", err)
+		http.Error(w, "Database error", http.StatusInternalServerError)
+		return
+	}
+
+	// Calculate pagination info
+	totalPages := (totalRecords + pageSize - 1) / pageSize
+	if totalPages == 0 {
+		totalPages = 1
+	}
+
+	// Ensure current page is within bounds
+	if page > totalPages {
+		page = totalPages
+		offset = (page - 1) * pageSize
+	}
+
+	// Get paginated results
+	rows, err := models.DB.Query(`
+		SELECT address_id, address, street_name, street_type,
+		       street_quadrant, house_number, house_alpha, longitude,
+		       latitude, visited_validated
+		FROM "address_database"
+		WHERE street_quadrant = 'ne'
+		ORDER BY address_id
+		LIMIT $1 OFFSET $2
+	`, pageSize, offset)
+	if err != nil {
+		log.Println("Query error:", err)
+		http.Error(w, "Database error", http.StatusInternalServerError)
+		return
+	}
+	defer rows.Close()
+
+	var addresses []models.AddressDatabase
+	for rows.Next() {
+		var a models.AddressDatabase
+		err := rows.Scan(
+			&a.AddressID,
+			&a.Address,
+			&a.StreetName,
+			&a.StreetType,
+			&a.StreetQuadrant,
+			&a.HouseNumber,
+			&a.HouseAlpha,
+			&a.Longitude,
+			&a.Latitude,
+			&a.VisitedValidated,
+		)
+		if err != nil {
+			log.Println("Scan error:", err)
+			continue
+		}
+		addresses = append(addresses, a)
+	}
+
+	// Calculate start and end record numbers for display
+	startRecord := offset + 1
+	endRecord := offset + len(addresses)
+	if totalRecords == 0 {
+		startRecord = 0
+	}
+
+	// Generate page numbers for pagination controls
+	pageNumbers := generatePageNumbers(page, totalPages)
+
+	pagination := PaginationInfo{
+		CurrentPage:  page,
+		TotalPages:   totalPages,
+		TotalRecords: totalRecords,
+		PageSize:     pageSize,
+		HasPrevious:  page > 1,
+		HasNext:      page < totalPages,
+		StartRecord:  startRecord,
+		EndRecord:    endRecord,
+		PreviousPage: page - 1,
+		NextPage:     page + 1,
+		FirstPage:    1,
+		LastPage:     totalPages,
+		PageNumbers:  pageNumbers,
+	}
+
+	utils.Render(w, "address/address.html", map[string]interface{}{
+		"Title":           "Addresses",
+		"IsAuthenticated": true,
+		"ShowAdminNav":    true,
+		"ActiveSection":   "address", // Add this line
+		"Addresses":       addresses,
+		"Role": 			"admin",
+		"Pagination":      pagination,
+	})
+}
+
+func generatePageNumbers(currentPage, totalPages int) []PageNumber {
+	var pageNumbers []PageNumber
+
+	// Generate page numbers to show (max 7 pages)
+	start := currentPage - 3
+	end := currentPage + 3
+
+	if start < 1 {
+		end += 1 - start
+		start = 1
+	}
+	if end > totalPages {
+		start -= end - totalPages
+		end = totalPages
+	}
+	if start < 1 {
+		start = 1
+	}
+
+	for i := start; i <= end; i++ {
+		pageNumbers = append(pageNumbers, PageNumber{
+			Number:    i,
+			IsCurrent: i == currentPage,
+		})
+	}
+
+	return pageNumbers
+}

app/internal/handlers/admin_dashboard.go

@@ -0,0 +1,81 @@
+package handlers
+
+import (
+	"log"
+	"net/http"
+
+	"github.com/patel-mann/poll-system/app/internal/models"
+	"github.com/patel-mann/poll-system/app/internal/utils"
+)
+
+
+func AdminDashboardHandler(w http.ResponseWriter, r *http.Request) {
+	currentAdminID := r.Context().Value("user_id").(int)
+
+	role, _ := r.Context().Value("uesr_role").(int)
+
+    var volunteerCount int
+	var totalDonations float64
+	var validatedCount int
+	var housesLeftPercent float64
+
+	// 1. Count volunteers assigned to this admin
+	err := models.DB.QueryRow(`
+		SELECT COUNT(av.volunteer_id) 
+		FROM admin_volunteers av
+		WHERE av.admin_id = $1 AND av.is_active = TRUE;
+	`, currentAdminID).Scan(&volunteerCount)
+	if err != nil {
+		log.Println("Volunteer query error:", err)
+		volunteerCount = 0 // Set default value on error
+	}
+
+	// 2. Total donations from polls
+	err = models.DB.QueryRow(`
+		SELECT COALESCE(SUM(amount_donated), 0) 
+		FROM poll;
+	`).Scan(&totalDonations)
+	if err != nil {
+		log.Println("Donation query error:", err)
+		totalDonations = 0 // Set default value on error
+	}
+
+	// 3. Count validated addresses
+	err = models.DB.QueryRow(`
+		SELECT COUNT(*) 
+		FROM address_database
+		WHERE visited_validated = TRUE;
+	`).Scan(&validatedCount)
+	if err != nil {
+		log.Println("Validated addresses query error:", err)
+		validatedCount = 0 // Set default value on error
+	}
+
+	// 4. Calculate percentage of houses left to visit
+	err = models.DB.QueryRow(`
+		SELECT 
+			CASE 
+				WHEN COUNT(*) = 0 THEN 0
+				ELSE ROUND(
+					(COUNT(*) FILTER (WHERE visited_validated = FALSE)::numeric / COUNT(*)::numeric) * 100, 2
+				)
+			END
+		FROM address_database;
+	`).Scan(&housesLeftPercent)
+	if err != nil {
+		log.Println("Houses left query error:", err)
+		housesLeftPercent = 0 // Set default value on error
+	}
+
+	utils.Render(w, "dashboard/dashboard.html", map[string]interface{}{
+		"Title":              "Admin Dashboard",
+		"IsAuthenticated":    true,
+		"VolunteerCount":     volunteerCount,
+		"TotalDonations":     totalDonations,
+		"ValidatedCount":     validatedCount,
+		"HousesLeftPercent":  housesLeftPercent,
+		"ShowAdminNav": 	  true,
+		"Role": 			  role,
+		"ActiveSection":      "dashboard",
+	})
+}

app/internal/handlers/admin_post.go

@@ -0,0 +1,160 @@
+// Updated admin_post.go with better image handling
+
+package handlers
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/patel-mann/poll-system/app/internal/models"
+	"github.com/patel-mann/poll-system/app/internal/utils"
+)
+
+func PostsHandler(w http.ResponseWriter, r *http.Request) {
+	userID := r.Context().Value("user_id").(int)
+	role := r.Context().Value("user_role").(int)
+
+	if r.Method == http.MethodPost {
+		// Parse multipart form
+		err := r.ParseMultipartForm(10 << 20) // 10MB max
+		if err != nil {
+			fmt.Printf("Error parsing form: %v\n", err)
+			http.Error(w, "Invalid form", http.StatusBadRequest)
+			return
+		}
+
+		content := r.FormValue("content")
+		if strings.TrimSpace(content) == "" {
+			http.Error(w, "Content cannot be empty", http.StatusBadRequest)
+			return
+		}
+
+		var imagePath string
+		file, handler, err := r.FormFile("image")
+		if err == nil && file != nil {
+			defer file.Close()
+
+			// Validate file type
+			allowedTypes := map[string]bool{
+				".jpg":  true,
+				".jpeg": true,
+				".png":  true,
+				".gif":  true,
+				".webp": true,
+			}
+
+			ext := strings.ToLower(filepath.Ext(handler.Filename))
+			if !allowedTypes[ext] {
+				http.Error(w, "Invalid file type. Only images allowed.", http.StatusBadRequest)
+				return
+			}
+
+			// Ensure uploads folder exists
+			uploadDir := "uploads"
+			if err := os.MkdirAll(uploadDir, 0755); err != nil {
+				fmt.Printf("Error creating upload directory: %v\n", err)
+				http.Error(w, "Unable to create upload directory", http.StatusInternalServerError)
+				return
+			}
+
+			// Create unique filename
+			filename := fmt.Sprintf("%d_%d%s", userID, time.Now().UnixNano(), ext)
+			savePath := filepath.Join(uploadDir, filename)
+
+			out, err := os.Create(savePath)
+			if err != nil {
+				fmt.Printf("Error creating file: %v\n", err)
+				http.Error(w, "Unable to save file", http.StatusInternalServerError)
+				return
+			}
+			defer out.Close()
+
+			_, err = io.Copy(out, file)
+			if err != nil {
+				fmt.Printf("Error copying file: %v\n", err)
+				http.Error(w, "Failed to save file", http.StatusInternalServerError)
+				return
+			}
+
+			// Save path relative to the static route
+			imagePath = "/uploads/" + filename
+			fmt.Printf("Image saved at: %s\n", imagePath)
+		} else if err != http.ErrMissingFile {
+			fmt.Printf("Error getting file: %v\n", err)
+		}
+
+		// Insert post
+		_, err = models.DB.Exec(`INSERT INTO post (author_id, content, image_url) VALUES ($1, $2, $3)`,
+			userID, content, imagePath)
+		if err != nil {
+			fmt.Printf("Database error: %v\n", err)
+			http.Error(w, "Failed to create post", http.StatusInternalServerError)
+			return
+		}
+
+		fmt.Printf("Post created successfully with image: %s\n", imagePath)
+		http.Redirect(w, r, "/posts", http.StatusSeeOther)
+		return
+	}
+
+	// GET request: fetch posts
+	rows, err := models.DB.Query(`
+		SELECT p.post_id, p.author_id, u.first_name || ' ' || u.last_name AS author_name,
+		       p.content, COALESCE(p.image_url, '') as image_url, p.created_at
+		FROM post p
+		JOIN users u ON p.author_id = u.user_id
+		ORDER BY p.created_at DESC
+	`)
+	if err != nil {
+		fmt.Printf("Database query error: %v\n", err)
+		http.Error(w, "Failed to fetch posts", http.StatusInternalServerError)
+		return
+	}
+	defer rows.Close()
+
+	var posts []models.Post
+	for rows.Next() {
+		var p models.Post
+		err := rows.Scan(&p.PostID, &p.AuthorID, &p.AuthorName, &p.Content, &p.ImageURL, &p.CreatedAt)
+		if err != nil {
+			fmt.Printf("Row scan error: %v\n", err)
+			continue
+		}
+		posts = append(posts, p)
+	}
+
+	// Add cache busting parameter to image URLs
+	for i := range posts {
+		if posts[i].ImageURL != "" {
+			posts[i].ImageURL += "?t=" + strconv.FormatInt(time.Now().UnixNano(), 10)
+			fmt.Printf("Post %d image URL: %s\n", posts[i].PostID, posts[i].ImageURL)
+		}
+	}
+
+	// Get navigation flags
+	showAdminNav, showVolunteerNav := getNavFlags(role)
+
+	fmt.Printf("Rendering %d posts\n", len(posts))
+	
+	utils.Render(w, "posts.html", map[string]interface{}{
+		"Title":             "Posts",
+		"IsAuthenticated":   true,
+		"ShowAdminNav":      showAdminNav,
+		"ShowVolunteerNav":  showVolunteerNav,
+		"Posts":             posts,
+		"ActiveSection":     "posts",
+	})
+}
+
+// Helper function (add this to your main.go if not already there)
+func getNavFlags(role int) (bool, bool) {
+	showAdminNav := role == 1     // Admin role
+	showVolunteerNav := role == 3 // Volunteer role
+	return showAdminNav, showVolunteerNav
+}

app/internal/handlers/admin_voluteers.go

@@ -0,0 +1,219 @@
+package handlers
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"strconv"
+
+	"github.com/patel-mann/poll-system/app/internal/models"
+	"github.com/patel-mann/poll-system/app/internal/utils"
+)
+
+
+func VolunteerHandler(w http.ResponseWriter, r *http.Request) {
+	// TODO: Replace this with actual session/jwt extraction
+	currentAdminID := r.Context().Value("user_id").(int)
+
+	rows, err := models.DB.Query(`
+		SELECT u.user_id, u.email, u.role_id, u.first_name, u.last_name, u.phone
+		FROM "users" u
+		JOIN admin_volunteers av ON u.user_id = av.volunteer_id
+		WHERE av.admin_id = $1 AND ( u.role_id = 3 OR u.role_id = 2 )
+	`, currentAdminID)
+	if err != nil {
+		http.Error(w, "Query error", http.StatusInternalServerError)
+		return
+	}
+	defer rows.Close()
+
+	var user []models.User
+	for rows.Next() {
+		var b models.User
+		err := rows.Scan(&b.UserID, &b.Email, &b.RoleID, &b.FirstName, &b.LastName, &b.Phone)
+		if err != nil {
+			log.Println("Scan error:", err)
+			continue
+		}
+		user = append(user, b)
+	}
+
+	utils.Render(w, "volunteer/volunteer.html", map[string]interface{}{
+		"Title":           "Assigned Volunteers",
+		"IsAuthenticated": true,
+		"ShowAdminNav":    true,
+		"Users":           user,
+		"ActiveSection":   "volunteer",
+	})
+}
+
+func EditVolunteerHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodGet {
+		volunteerID := r.URL.Query().Get("id")
+		var user models.User
+		err := models.DB.QueryRow(`
+			SELECT user_id, email, role_id, first_name, last_name, phone
+			FROM "users"
+			WHERE user_id = $1 AND (role_id = 3 OR role_id = 2)
+		`, volunteerID).Scan(&user.UserID, &user.Email, &user.RoleID, &user.FirstName, &user.LastName, &user.Phone)
+
+		if err != nil {
+			http.Error(w, "Volunteer not found", http.StatusNotFound)
+			return
+		}
+
+		utils.Render(w, "volunteer/edit_volunteer.html", map[string]interface{}{
+			"Title":           "Edit Volunteer",
+			"IsAuthenticated": true,
+			"ShowAdminNav":    true,
+			"Volunteer":       user,
+			"ActiveSection":   "volunteer",
+		})
+		return
+	}
+
+	if r.Method == http.MethodPost {
+		err := r.ParseForm()
+		if err != nil {
+			http.Error(w, "Invalid form", http.StatusBadRequest)
+			return
+		}
+
+		volunteerID := r.FormValue("user_id")
+		firstName := r.FormValue("first_name")
+		lastName := r.FormValue("last_name")
+		email := r.FormValue("email")
+		phone := r.FormValue("phone")
+		roleID := r.FormValue("role_id")
+
+		rid, err := strconv.Atoi(roleID)
+		if err != nil || (rid != 2 && rid != 3) {
+			http.Error(w, "Invalid role selection", http.StatusBadRequest)
+			return
+		}
+
+		_, err = models.DB.Exec(`
+			UPDATE "users"
+			SET first_name = $1, last_name = $2, email = $3, phone = $4, role_id = $5
+			WHERE user_id = $6
+		`, firstName, lastName, email, phone, rid, volunteerID)
+
+		if err != nil {
+			fmt.Print(err)
+			http.Error(w, "Update failed", http.StatusInternalServerError)
+			return
+		}
+
+		http.Redirect(w, r, "/volunteers", http.StatusSeeOther)
+	}
+}
+
+type User struct {
+	ID   int
+	Name string
+}
+
+type TeamLead struct {
+	ID         int
+	Name       string
+	Volunteers []User
+}
+
+type TeamBuilderData struct {
+	TeamLeads          []TeamLead
+	UnassignedVolunteers []User
+}
+
+
+
+func TeamBuilderHandler(w http.ResponseWriter, r *http.Request) {
+	// GET request: show team leads and unassigned volunteers
+	if r.Method == http.MethodGet {
+		var teamLeads []TeamLead
+		var unassignedVolunteers []User
+
+		// Get all team leads (role_id = 2)
+		tlRows, err := models.DB.Query(`SELECT user_id, first_name || ' ' || last_name AS name FROM users WHERE role_id = 2`)
+		if err != nil {
+			http.Error(w, "Error fetching team leads", http.StatusInternalServerError)
+			return
+		}
+		defer tlRows.Close()
+		for tlRows.Next() {
+			var tl TeamLead
+			tlRows.Scan(&tl.ID, &tl.Name)
+
+			// Get assigned volunteers for this team lead
+			vRows, _ := models.DB.Query(`SELECT u.user_id, u.first_name || ' ' || u.last_name AS name
+				FROM users u
+				JOIN team t ON u.user_id = t.volunteer_id
+				WHERE t.team_lead_id = $1`, tl.ID)
+
+			for vRows.Next() {
+				var vol User
+				vRows.Scan(&vol.ID, &vol.Name)
+				tl.Volunteers = append(tl.Volunteers, vol)
+			}
+
+			teamLeads = append(teamLeads, tl)
+		}
+
+		// Get unassigned volunteers (role_id = 3)
+		vRows, _ := models.DB.Query(`SELECT user_id, first_name || ' ' || last_name AS name
+			FROM users
+			WHERE role_id = 3
+			AND user_id NOT IN (SELECT volunteer_id FROM team)`)
+		for vRows.Next() {
+			var vol User
+			vRows.Scan(&vol.ID, &vol.Name)
+			unassignedVolunteers = append(unassignedVolunteers, vol)
+		}
+
+		utils.Render(w, "volunteer/team_builder.html", map[string]interface{}{
+			"Title":               "Team Builder",
+			"IsAuthenticated":     true,
+			"ShowAdminNav":        true,
+			"TeamLeads":           teamLeads,
+			"UnassignedVolunteers": unassignedVolunteers,
+			"ActiveSection":       "team_builder",
+		})
+		return
+	}
+
+	// POST request: assign volunteer to a team lead
+	if r.Method == http.MethodPost {
+		if err := r.ParseForm(); err != nil {
+			http.Error(w, "Invalid form", http.StatusBadRequest)
+			return
+		}
+
+		volunteerID, err := strconv.Atoi(r.FormValue("volunteer_id"))
+		if err != nil {
+			http.Error(w, "Invalid volunteer ID", http.StatusBadRequest)
+			return
+		}
+		teamLeadID, err := strconv.Atoi(r.FormValue("team_lead_id"))
+		if err != nil {
+			http.Error(w, "Invalid team lead ID", http.StatusBadRequest)
+			return
+		}
+
+		_, err = models.DB.Exec(`INSERT INTO team (volunteer_id, team_lead_id) VALUES ($1, $2)`, volunteerID, teamLeadID)
+		if err != nil {
+			fmt.Println(err)
+			http.Error(w, "Failed to assign volunteer", http.StatusInternalServerError)
+			return
+		}
+
+		http.Redirect(w, r, "/team_builder", http.StatusSeeOther)
+	}
+}
+
+
+
+
+
+//assign volunterr the title of team_leader
+//Team View
+//edit volnteer data
+//

app/internal/handlers/login.go

@@ -0,0 +1,367 @@
+package handlers
+
+import (
+	"context"
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"golang.org/x/crypto/bcrypt"
+
+	"github.com/patel-mann/poll-system/app/internal/models"
+	"github.com/patel-mann/poll-system/app/internal/utils"
+)
+
+var jwtKey = []byte("your-secret-key") //TODO: Move to env/config
+
+// Helper function to get redirect URL based on role
+func getDefaultRedirectURL(role int) string {
+	switch role {
+	case 1: // Admin
+		return "/dashboard"
+	case 2: // Volunteer
+		return "/volunteer/dashboard"
+	case 3: // Volunteer
+		return "/volunteer/dashboard"
+	default:
+		return "/" // Fallback to login page
+	}
+}
+
+// Helper function to render error pages with consistent data
+func renderLoginError(w http.ResponseWriter, errorMsg string) {
+	utils.Render(w, "login.html", map[string]interface{}{
+		"Error":           errorMsg,
+		"Title":           "Login",
+		"IsAuthenticated": false,
+	})
+}
+
+func renderRegisterError(w http.ResponseWriter, errorMsg string) {
+	utils.Render(w, "register.html", map[string]interface{}{
+		"Error":           errorMsg,
+		"Title":           "Register",
+		"IsAuthenticated": false,
+	})
+}
+
+// Helper function to create and sign JWT token
+func createJWTToken(userID, role int) (string, time.Time, error) {
+	expirationTime := time.Now().Add(12 * time.Hour)
+	claims := &models.Claims{
+		UserID: userID,
+		Role:   role,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(expirationTime),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	tokenString, err := token.SignedString(jwtKey)
+	return tokenString, expirationTime, err
+}
+
+// Helper function to set session cookie
+func setSessionCookie(w http.ResponseWriter, tokenString string, expirationTime time.Time) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     "session",
+		Value:    tokenString,
+		Path:     "/",
+		HttpOnly: true,
+		Secure:   false, // Set to true in production with HTTPS
+		SameSite: http.SameSiteStrictMode,
+		Expires:  expirationTime,
+	})
+}
+
+// Helper function to clear session cookie
+func clearSessionCookie(w http.ResponseWriter) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     "session",
+		Value:    "",
+		Path:     "/",
+		MaxAge:   -1,
+		HttpOnly: true,
+		Secure:   false, // Set to true in production with HTTPS
+		SameSite: http.SameSiteStrictMode,
+	})
+}
+
+// func LoginPage(w http.ResponseWriter, r *http.Request) {
+// 	utils.Render(w, "login.html", map[string]interface{}{
+// 		"Title":           "Login",
+// 		"IsAuthenticated": false,
+// 	})
+// }
+
+func LoginHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Redirect(w, r, "/", http.StatusSeeOther)
+		return
+	}
+
+	email := r.FormValue("email")
+	password := r.FormValue("password")
+
+	// Input validation
+	if email == "" || password == "" {
+		renderLoginError(w, "Email and password are required")
+		return
+	}
+
+	// Get user from database
+	var storedHash string
+	var userID int
+	var role int
+
+	err := models.DB.QueryRow(`
+		SELECT user_id, password, role_id
+		FROM "users"
+		WHERE email = $1
+	`, email).Scan(&userID, &storedHash, &role)
+
+	if err != nil {
+		log.Printf("Login failed for email %s: %v", email, err)
+		renderLoginError(w, "Invalid email or password")
+		return
+	}
+
+	// Verify password
+	err = bcrypt.CompareHashAndPassword([]byte(storedHash), []byte(password))
+	if err != nil {
+		log.Printf("Password verification failed for user ID %d", userID)
+		renderLoginError(w, "Invalid email or password")
+		return
+	}
+
+	// Create JWT token
+	tokenString, expirationTime, err := createJWTToken(userID, role)
+	if err != nil {
+		log.Printf("JWT token creation failed for user ID %d: %v", userID, err)
+		http.Error(w, "Could not log in", http.StatusInternalServerError)
+		return
+	}
+
+	// Set session cookie
+	setSessionCookie(w, tokenString, expirationTime)
+
+	// Redirect based on user role
+	redirectURL := getDefaultRedirectURL(role)
+	log.Printf("User %d (role %d) logged in successfully, redirecting to %s", userID, role, redirectURL)
+	http.Redirect(w, r, redirectURL, http.StatusSeeOther)
+}
+
+func RegisterHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		utils.Render(w, "register.html", map[string]interface{}{
+			"Title":           "Register",
+			"IsAuthenticated": false,
+		})
+		return
+	}
+
+	firstName := r.FormValue("first_name")
+	lastName := r.FormValue("last_name")
+	email := r.FormValue("email")
+	phone := r.FormValue("phone")
+	role := r.FormValue("role")
+	password := r.FormValue("password")
+
+	// Input validation
+	if firstName == "" || lastName == "" || email == "" || password == "" || role == "" {
+		renderRegisterError(w, "All fields are required")
+		return
+	}
+
+	// Hash password
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		log.Printf("Password hashing failed: %v", err)
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		return
+	}
+
+	// Insert user into database
+	_, err = models.DB.Exec(`
+		INSERT INTO "users" (first_name, last_name, email, phone, password, role_id)
+		VALUES ($1, $2, $3, $4, $5, $6)
+	`, firstName, lastName, email, phone, string(hashedPassword), role)
+
+	if err != nil {
+		log.Printf("User registration failed for email %s: %v", email, err)
+		renderRegisterError(w, "Could not create account. Email might already be in use.")
+		return
+	}
+
+	log.Printf("User registered successfully: %s %s (%s)", firstName, lastName, email)
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}
+
+func LogoutHandler(w http.ResponseWriter, r *http.Request) {
+	clearSessionCookie(w)
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}
+
+// // Admin Dashboard Handler
+// func AdminDashboardHandler(w http.ResponseWriter, r *http.Request) {
+// 	role := r.Context().Value("user_role").(int)
+// 	userID := r.Context().Value("user_id").(int)
+	
+// 	// TODO: Fetch real data from database
+// 	dashboardData := map[string]interface{}{
+// 		"UserID":           userID,
+// 		"TotalUsers":       100,  // Example: get from database
+// 		"TotalVolunteers":  50,   // Example: get from database
+// 		"TotalAddresses":   200,  // Example: get from database
+// 		"RecentActivity":   []string{"User logged in", "New volunteer registered"}, // Example
+// 	}
+	
+// 	data := createTemplateData("Admin Dashboard", "dashboard", role, true, dashboardData)
+// 	utils.Render(w, "dashboard/dashboard.html", data)
+// }
+
+// // Volunteer Management Handler
+// func VolunteerHandler(w http.ResponseWriter, r *http.Request) {
+// 	role := r.Context().Value("user_role").(int)
+	
+// 	// TODO: Fetch real volunteer data from database
+// 	volunteerData := map[string]interface{}{
+// 		"Volunteers": []map[string]interface{}{
+// 			{"ID": 1, "Name": "John Doe", "Email": "john@example.com", "Status": "Active"},
+// 			{"ID": 2, "Name": "Jane Smith", "Email": "jane@example.com", "Status": "Active"},
+// 		}, // Example: get from database
+// 	}
+	
+// 	data := createTemplateData("Volunteers", "volunteer", role, true, volunteerData)
+// 	utils.Render(w, "volunteers/volunteers.html", data)
+// }
+
+// // Address Management Handler
+// func AddressHandler(w http.ResponseWriter, r *http.Request) {
+// 	role := r.Context().Value("user_role").(int)
+	
+// 	// TODO: Fetch real address data from database
+// 	addressData := map[string]interface{}{
+// 		"Addresses": []map[string]interface{}{
+// 			{"ID": 1, "Street": "123 Main St", "City": "Calgary", "Status": "Validated"},
+// 			{"ID": 2, "Street": "456 Oak Ave", "City": "Calgary", "Status": "Pending"},
+// 		}, // Example: get from database
+// 	}
+	
+// 	data := createTemplateData("Addresses", "address", role, true, addressData)
+// 	utils.Render(w, "addresses/addresses.html", data)
+// }
+
+// // Reports Handler
+// func ReportHandler(w http.ResponseWriter, r *http.Request) {
+// 	role := r.Context().Value("user_role").(int)
+	
+// 	// TODO: Fetch real report data from database
+// 	reportData := map[string]interface{}{
+// 		"Reports": []map[string]interface{}{
+// 			{"ID": 1, "Name": "Weekly Summary", "Date": "2025-08-25", "Status": "Complete"},
+// 			{"ID": 2, "Name": "Monthly Analytics", "Date": "2025-08-01", "Status": "Pending"},
+// 		}, // Example: get from database
+// 	}
+	
+// 	data := createTemplateData("Reports", "report", role, true, reportData)
+// 	utils.Render(w, "reports/reports.html", data)
+// }
+
+// // Profile Handler (works for both admin and volunteer)
+// func ProfileHandler(w http.ResponseWriter, r *http.Request) {
+// 	role := r.Context().Value("user_role").(int)
+// 	userID := r.Context().Value("user_id").(int)
+	
+// 	// Fetch real user data from database
+// 	var firstName, lastName, email, phone string
+// 	err := models.DB.QueryRow(`
+// 		SELECT first_name, last_name, email, phone
+// 		FROM "users"
+// 		WHERE user_id = $1
+// 	`, userID).Scan(&firstName, &lastName, &email, &phone)
+	
+// 	profileData := map[string]interface{}{
+// 		"UserID": userID,
+// 	}
+	
+// 	if err != nil {
+// 		log.Printf("Error fetching user profile for ID %d: %v", userID, err)
+// 		profileData["Error"] = "Could not load profile data"
+// 	} else {
+// 		profileData["FirstName"] = firstName
+// 		profileData["LastName"] = lastName
+// 		profileData["Email"] = email
+// 		profileData["Phone"] = phone
+// 	}
+	
+// 	data := createTemplateData("Profile", "profile", role, true, profileData)
+// 	utils.Render(w, "profile/profile.html", data)
+// }
+
+// // Volunteer Dashboard Handler
+// func VolunteerDashboardHandler(w http.ResponseWriter, r *http.Request) {
+// 	role := r.Context().Value("user_role").(int)
+// 	userID := r.Context().Value("user_id").(int)
+	
+// 	// TODO: Fetch volunteer-specific data from database
+// 	dashboardData := map[string]interface{}{
+// 		"UserID":           userID,
+// 		"AssignedTasks":    5,    // Example: get from database
+// 		"CompletedTasks":   12,   // Example: get from database
+// 		"UpcomingEvents":   []string{"Community Meeting - Aug 30", "Training Session - Sep 5"}, // Example
+// 	}
+	
+// 	data := createTemplateData("Volunteer Dashboard", "dashboard", role, true, dashboardData)
+// 	utils.Render(w, "volunteer/dashboard.html", data)
+// }
+
+// // Schedule Handler for Volunteers
+// func ScheduleHandler(w http.ResponseWriter, r *http.Request) {
+// 	role := r.Context().Value("user_role").(int)
+// 	userID := r.Context().Value("user_id").(int)
+	
+// 	// TODO: Fetch schedule data from database
+// 	scheduleData := map[string]interface{}{
+// 		"UserID": userID,
+// 		"Schedule": []map[string]interface{}{
+// 			{"Date": "2025-08-26", "Time": "10:00 AM", "Task": "Door-to-door survey", "Location": "Downtown"},
+// 			{"Date": "2025-08-28", "Time": "2:00 PM", "Task": "Data entry", "Location": "Office"},
+// 		}, // Example: get from database
+// 	}
+	
+// 	data := createTemplateData("My Schedule", "schedual", role, true, scheduleData)
+// 	utils.Render(w, "volunteer/schedule.html", data)
+// }
+
+// Enhanced middleware to check JWT auth and add user context
+func AuthMiddleware(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		cookie, err := r.Cookie("session")
+		if err != nil {
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
+
+		claims := &models.Claims{}
+		token, err := jwt.ParseWithClaims(cookie.Value, claims, func(token *jwt.Token) (interface{}, error) {
+			return jwtKey, nil
+		})
+
+		if err != nil || !token.Valid {
+			log.Printf("Invalid token: %v", err)
+			clearSessionCookie(w) // Clear invalid cookie
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
+
+		// Add user info to context
+		ctx := context.WithValue(r.Context(), "user_id", claims.UserID)
+		ctx = context.WithValue(ctx, "user_role", claims.Role)
+		r = r.WithContext(ctx)
+
+		next.ServeHTTP(w, r)
+	}
+}

app/internal/handlers/profile.go

@@ -0,0 +1,98 @@
+package handlers
+
+import (
+	"log"
+	"net/http"
+
+	"github.com/patel-mann/poll-system/app/internal/models"
+	"github.com/patel-mann/poll-system/app/internal/utils"
+)
+
+func ProfileHandler(w http.ResponseWriter, r *http.Request) {
+	// Extract current user ID from session/jwt
+	currentUserID := r.Context().Value("user_id").(int)
+
+	var user models.User
+	err := models.DB.QueryRow(`
+		SELECT user_id, first_name, last_name, email, phone, role_id, created_at, updated_at
+		FROM "users"
+		WHERE user_id = $1
+	`, currentUserID).Scan(
+		&user.UserID,
+		&user.FirstName,
+		&user.LastName,
+		&user.Email,
+		&user.Phone,
+		&user.RoleID,
+		&user.CreatedAt,
+		&user.UpdatedAt,
+	)
+	if err != nil {
+		log.Println("Profile query error:", err)
+		http.Error(w, "Could not load profile", http.StatusInternalServerError)
+		return
+	}
+	
+	role := r.Context().Value("user_role").(int)
+	adminnav := false
+	volunteernav := false
+
+	if role == 1{
+		adminnav = true
+		volunteernav = false
+	}else{
+		volunteernav = true
+		adminnav = false
+	}
+
+	utils.Render(w, "profile/profile.html", map[string]interface{}{
+		"Title":           "My Profile",
+		"IsAuthenticated": true,
+		"ShowAdminNav":    adminnav,
+		"ShowVolunteerNav": volunteernav,
+		"User":            user,
+		"ActiveSection":   "profile",
+	})
+}
+
+// ProfileUpdateHandler handles profile form submissions
+func ProfileUpdateHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Redirect(w, r, "/profile", http.StatusSeeOther)
+		return
+	}
+
+	// Extract current user ID from session/jwt
+	currentUserID := r.Context().Value("user_id").(int)
+
+	// Parse form values
+	err := r.ParseForm()
+	if err != nil {
+		log.Println("Form parse error:", err)
+		http.Error(w, "Invalid form submission", http.StatusBadRequest)
+		return
+	}
+
+	firstName := r.FormValue("first_name")
+	lastName := r.FormValue("last_name")
+	phone := r.FormValue("phone")
+
+	// Update in DB
+	_, err = models.DB.Exec(`
+		UPDATE "users"
+		SET first_name = $1,
+			last_name = $2,
+			phone = $3,
+			updated_at = NOW()
+		WHERE user_id = $4
+	`, firstName, lastName, phone, currentUserID)
+
+	if err != nil {
+		log.Println("Profile update error:", err)
+		http.Error(w, "Could not update profile", http.StatusInternalServerError)
+		return
+	}
+
+	// Redirect back to profile with success
+	http.Redirect(w, r, "/profile?success=1", http.StatusSeeOther)
+}

app/internal/handlers/volunteer_posts.go

@@ -0,0 +1,74 @@
+// Add this to your handlers package (create volunteer_posts.go or add to existing file)
+
+package handlers
+
+import (
+	"fmt"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/patel-mann/poll-system/app/internal/models"
+	"github.com/patel-mann/poll-system/app/internal/utils"
+)
+
+// VolunteerPostsHandler - Read-only posts view for volunteers
+func VolunteerPostsHandler(w http.ResponseWriter, r *http.Request) {
+	// Only allow GET requests for volunteers
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// Get user info from context
+	role := r.Context().Value("user_role").(int)
+
+	// Fetch posts from database
+	rows, err := models.DB.Query(`
+		SELECT p.post_id, p.author_id, u.first_name || ' ' || u.last_name AS author_name,
+		       p.content, COALESCE(p.image_url, '') as image_url, p.created_at
+		FROM post p
+		JOIN users u ON p.author_id = u.user_id
+		ORDER BY p.created_at DESC
+	`)
+	if err != nil {
+		fmt.Printf("Database query error: %v\n", err)
+		http.Error(w, "Failed to fetch posts", http.StatusInternalServerError)
+		return
+	}
+	defer rows.Close()
+
+	var posts []models.Post
+	for rows.Next() {
+		var p models.Post
+		err := rows.Scan(&p.PostID, &p.AuthorID, &p.AuthorName, &p.Content, &p.ImageURL, &p.CreatedAt)
+		if err != nil {
+			fmt.Printf("Row scan error: %v\n", err)
+			continue
+		}
+		posts = append(posts, p)
+	}
+
+	// Add cache busting parameter to image URLs
+	for i := range posts {
+		if posts[i].ImageURL != "" {
+			posts[i].ImageURL += "?t=" + strconv.FormatInt(time.Now().UnixNano(), 10)
+		}
+	}
+
+	// Get navigation flags
+	showAdminNav, showVolunteerNav := getNavFlags(role)
+
+	fmt.Printf("Volunteer viewing %d posts\n", len(posts))
+	
+	utils.Render(w, "dashboard/volunteer_dashboard.html", map[string]interface{}{
+		"Title":             "Community Posts",
+		"IsAuthenticated":   true,
+		"ShowAdminNav":      showAdminNav,
+		"ShowVolunteerNav":  showVolunteerNav,
+		"Posts":             posts,
+		"ActiveSection":     "posts",
+		"IsVolunteer":       true, // Flag to indicate this is volunteer view
+	})
+}
+