Commit Graph

1244 Commits

Author SHA1 Message Date
Tink d11f097eee
fix(tasks): support both expand and expand[] query parameter formats (#2415)
The `expand` query parameter only supported the `expand[]=foo` array
format, but the swagger docs described it as a plain string parameter.
This adds support for both formats (`expand=foo` and `expand[]=foo`),
matching the existing pattern used by `sort_by` and `order_by`
parameters.

Closes #2408

---------

Co-authored-by: kolaente <k@knt.li>
2026-03-19 09:18:11 +00:00
kolaente e19bea8e3a fix: register bulk label route correctly for API token permissions
The tasks_labels_bulk route was not recognized as a CRUD route by
isStandardCRUDRoute, causing it to be processed as a non-CRUD route
and registered in the wrong apiTokenRoutes group. API tokens with
tasks_labels permissions could not access the bulk endpoint, resulting
in a 401 error.

Fixes https://github.com/go-vikunja/vikunja/issues/2375
2026-03-10 23:58:44 +01:00
kolaente 554593cdb6 test: add failing test for bulk label API token route registration 2026-03-10 23:58:44 +01:00
kolaente 79a612aa5d fix: send account deletion notification before deleting user row
When deleting a user via CLI (`vikunja user delete <id> -n`), the user
row was deleted first, then `notifications.Notify` was called. But
`Notify` calls `User.ShouldNotify()` which queries the database to check
the user's status — and since the row was already deleted within the same
transaction, it returned `ErrUserDoesNotExist`.

Move the notification call before the `DELETE` so the user row still
exists when `ShouldNotify` checks it.

Closes go-vikunja/vikunja#2335
2026-03-10 23:44:53 +01:00
kolaente dbbc80aea6 feat: extend WebhookListener for user-level webhooks
Add User field to reminder and overdue events so the webhook listener
can look up user-level webhooks. Add conditional user filtering to
reminder and overdue cron jobs - when only email is enabled, filter to
email-enabled users; when webhooks are enabled, fetch all users so
events can be dispatched. Dispatch TasksOverdueEvent and
TaskReminderFiredEvent for webhook consumption.
2026-03-08 19:45:53 +01:00
kolaente d4577c660f feat: add user_id to webhooks and user-directed event infrastructure
Add user_id column to webhooks table (nullable, for user-level webhooks
vs project-level). Extend webhook model, permissions, and listener to
support user-level webhooks that fire for user-directed events like
task reminders and overdue task notifications.

Add TasksOverdueEvent for dispatching overdue notifications via webhooks.
Update webhook permissions to handle both user-level and project-level
ownership. Add webhook test fixture and register webhooks table in test
fixture loader.
2026-03-08 19:45:53 +01:00
kolaente aacf650ec2 test: add tests for conversational email system
Add tests for conversational header generation, HTML rendering
with p-tag wrapping, plain-text conversion, footer handling,
and conditional action links. Update mention test fixtures
with Project field.
2026-03-08 16:03:47 +01:00
kolaente b3572c5932 feat: convert notifications to conversational email style
Convert task comment, mention, assignment, and reminder notifications
to use the conversational email format. Add Project field to notification
structs, include task identifiers in subjects and headers, add doer
avatars, notification settings links in footers, and From headers.
2026-03-08 16:03:47 +01:00
kolaente c7c63e8ead test: add result count assertions for ParadeDB search tests
Address review feedback: assert exact result counts when ParadeDB is
active. fuzzy(1, prefix=true) broadens matches via edit distance,
returning 6 projects for "TEST10", 14 tasks for "number #17", and
12 projects for "Test1".
2026-03-05 13:57:05 +01:00
kolaente b69705e64b test: fix lint and adjust project search test for ParadeDB fuzzy matching
- Use require.NotEmpty instead of require.Greater for testifylint
- Skip exclusion assertions in web project search test when ParadeDB is
  active, since fuzzy(1, prefix=true) on "Test1" also matches Test2, Test3
2026-03-05 13:57:05 +01:00
kolaente 6268c48f15 test: adjust ParadeDB search tests for fuzzy prefix match broadening
ParadeDB fuzzy(1, prefix=true) returns more results than ILIKE due to
edit-distance tolerance on tokenized terms. Adjust assertions to check
containment rather than exact result sets when ParadeDB is active.
2026-03-05 13:57:05 +01:00
kolaente 3568aaacee test: add task #48 to expected results in feature tests
The new fixture task #48 (Landingpages update, project 1) needs to
appear in all feature test expected result sets that list project 1
tasks. Also bumps the expected next index in TestTask_Create.
2026-03-05 13:57:05 +01:00
kolaente 7288483879 fix: handle deleted user in saved filter view event listener
Use a separate error variable for the user lookup in
UpdateTaskInSavedFilterViews so that ErrUserDoesNotExist does not
pollute the named return `err`. The `:=` inside the for loop shadowed
the outer `err`, leaving it set to the stale user-not-found error,
which caused the handler to be poisoned.

Closes #2359
2026-03-04 22:05:01 +01:00
kolaente 54c7c4aef2 refactor: move ListUsers tests from pkg/user to pkg/models
The ListUsers function now references team_members and teams tables
via a subquery for external team discoverability. The pkg/user test
environment only syncs user tables, so these tests need to run in
pkg/models which has the full schema and all fixtures.

Also adds new tests for the external team discoverability bypass
directly in the models package alongside the moved tests.
2026-03-04 20:32:11 +01:00
kolaente 9c23e19644 fix: preserve cover image when duplicating task
Track old-to-new attachment ID mapping during duplication and
re-set CoverImageAttachmentID on the new task if the original
had a cover image configured.
2026-03-04 17:20:26 +01:00
kolaente 7aad96b199 fix: close source file handle when duplicating attachments
Save the source file handle before calling NewAttachment (which
overwrites attachment.File) and use defer to ensure it gets closed.
This prevents file descriptor leaks on both success and error paths.
2026-03-04 17:20:26 +01:00
kolaente 692357a648 refactor: use TaskRelation.Create for copy relation
Use the TaskRelation Create method instead of raw inserts. This
handles the bidirectional relation automatically and dispatches
the appropriate event.
2026-03-04 17:20:26 +01:00
kolaente e07eeed211 refactor: batch label inserts during task duplication
Collect all LabelTask records in the loop and insert them in a single
database call instead of inserting one at a time.
2026-03-04 17:20:26 +01:00
kolaente 6da0f68562 fix: remove debug log statements from task duplicate
Remove all log.Debugf calls from the Create method as they were
leftover development aids and should not be in production code.
2026-03-04 17:20:26 +01:00
kolaente d8f3a96b06 feat: add task duplicate backend model and tests 2026-03-04 17:20:26 +01:00
kolaente 3dd2ba4aa4 feat: register Vikunja tables with db package at init 2026-03-04 15:37:54 +01:00
kolaente 18f16878a8 fix: prevent nil pointer panic in mention notification listeners
When a task bucket is updated without changing buckets (early return in
updateTaskBucket), b.Task remains nil. The TaskUpdatedEvent was then
dispatched with a nil Task, causing a nil pointer dereference in
HandleTaskUpdatedMentions when accessing event.Task.Description.

This adds:
- A nil guard in TaskBucket.Update to skip event dispatch when b.Task is nil
- Nil checks in HandleTaskUpdatedMentions, HandleTaskCreateMentions,
  HandleTaskCommentEditMentions, and UpdateTaskInSavedFilterViews
- Tests verifying the handlers gracefully handle nil task events

Closes #2351
2026-03-04 10:29:16 +01:00
kolaente f516bbe560 test: update event assertions to work with deferred dispatch
Tests that call model methods directly now call events.DispatchPending
before asserting event dispatch.

Refs #2315
2026-03-03 12:46:34 +01:00
kolaente 1f363dbd43 fix(events): defer event dispatch for user creation and task positions
Refs #2315
2026-03-03 12:46:34 +01:00
kolaente 8afbdf2deb fix(events): defer event dispatch for team operations
Convert events.Dispatch to events.DispatchOnCommit in team and team
member CRUD. Also removes premature s.Commit() from TeamMember.Delete
since the handler manages the transaction lifecycle.

Refs #2315
2026-03-03 12:46:34 +01:00
kolaente dd7f7de518 fix(events): defer event dispatch for project operations
Convert events.Dispatch to events.DispatchOnCommit in project CRUD,
project-user sharing, and project-team sharing.

Refs #2315
2026-03-03 12:46:34 +01:00
kolaente fe459c9297 fix(events): defer event dispatch for task sub-entities
Convert events.Dispatch to events.DispatchOnCommit in task assignees,
comments, attachments, relations, and kanban bucket operations.

Refs #2315
2026-03-03 12:46:34 +01:00
kolaente 3eb289262f fix(events): defer task event dispatch until after transaction commit
Convert events.Dispatch to events.DispatchOnCommit in Task.Create,
updateSingleTask, Task.Delete, and triggerTaskUpdatedEventForTaskID.
Events are now dispatched by the handler after s.Commit(), ensuring
webhook listeners see committed data.

Fixes #2315
2026-03-03 12:46:34 +01:00
Weijie Zhao 3ca4913fcb
fix: use MinPositionSpacing threshold in calculateNewPositionForTask (#2320)
calculateNewPositionForTask only checked for lowestPosition == 0 before
triggering a full position recalculation. Extremely small position
values (e.g. 3.16e-285) passed this check, causing new tasks to get
meaningless positions via the index * 2^16 fallback, breaking sort
order.

Use the same < MinPositionSpacing threshold that
createPositionsForTasksInView and the position update handler already
use.

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-02 09:14:38 +01:00
kolaente 23d84e7811
fix(views): assign default position when creating new project views
When creating a new view without specifying a position, it defaulted to
0, causing it to always sort before all other views. Apply
calculateDefaultPosition to assign a unique position based on the view
ID, consistent with how projects, tasks, and buckets handle this.

Fixes go-vikunja/vikunja#2319
2026-03-02 08:35:35 +01:00
kolaente 3d5ad73d4f
fix(filter): recover from datemath panic on malformed date filter values
The go-datemath lexer panics with "scanner internal error" when given
certain malformed inputs like "no" (it starts recognizing "now" but
hits EOF). Wrap datemath.Parse in a recover so the panic becomes a
regular error, allowing the fallback date parser to handle it gracefully.

Closes go-vikunja/vikunja#2307
2026-02-26 16:09:13 +01:00
kolaente f3ac0574c0 fix(auth): use checked type assertions for all JWT claims 2026-02-25 13:01:00 +01:00
kolaente b6155d525c
feat(cli): reorganize repair commands under unified 'vikunja repair' parent (#2300)
Consolidate four scattered repair/maintenance CLI commands into a unified `vikunja repair` parent command with subcommands.
2026-02-25 11:50:09 +00:00
kolaente a5b1a90c42 refactor: remove typesense support
Typesense was an optional external search backend. This commit fully
removes the integration, leaving the database searcher as the only
search implementation.

Changes:
- Delete pkg/models/typesense.go (core integration)
- Delete pkg/cmd/index.go (CLI command for indexing)
- Simplify task search to always use database searcher
- Remove Typesense event listeners for task sync
- Remove TypesenseSync model registration
- Remove Typesense config keys and defaults
- Remove Typesense doctor health check
- Remove Typesense initialization from startup
- Clean up benchmark test
- Add migration to drop typesense_sync table
- Remove golangci-lint suppression for typesense.go
- Remove typesense-go dependency
2026-02-25 12:15:28 +01:00
kolaente 71657fce30 feat: add repair-projects CLI command 2026-02-25 11:56:25 +01:00
kolaente ad307a3499 feat: add RepairOrphanedProjects function 2026-02-25 11:56:25 +01:00
kolaente 963235c0ce test: add failing tests for RepairOrphanedProjects 2026-02-25 11:56:25 +01:00
kolaente 107a92f573 fix: commit transaction in session cleanup cron
RegisterSessionCleanupCron opens a transaction via db.NewSession() but
never calls s.Commit(). The deferred s.Close() auto-rolls-back, making
the DELETE a no-op. Add the missing commit.
2026-02-25 11:03:02 +01:00
kolaente 2f680d041c fix: address review comments on session lifecycle
- user_export.go: Remove defer s.Close() from checkExportRequest since
  it returns the session to callers. Callers now own the session
  lifecycle with their own defer s.Close(). Close session on all error
  paths within checkExportRequest.

- user_delete.go: Close the read session immediately after Find() before
  the per-user deletion loop, avoiding a long-lived transaction holding
  locks unnecessarily.

- user/delete.go: Remove double s.Close() in notifyUsersScheduledForDeletion
  by closing immediately after Find() instead of using both defer and
  explicit close.

- caldav_token.go: Return nil token on Commit() error to prevent callers
  from using an unpersisted token.
2026-02-25 11:03:02 +01:00
kolaente a7086e5e49 fix: prevent session leaks and visibility issues in model tests
Two categories of fixes:

1. Use defer s.Close() instead of explicit s.Close() to prevent session
   leaks when require.FailNow() triggers runtime.Goexit(), which skips
   explicit close calls but runs deferred functions. Leaked sessions
   hold SQLite write locks that block all subsequent fixture loading.

2. Add s.Commit() before db.AssertExists/db.AssertMissing calls. These
   assertion helpers query via the global engine (not the test session),
   so they cannot see uncommitted data from the session's transaction.

For block-scoped sessions (kanban_task_bucket_test.go), wrap each block
in an anonymous function so defer runs at block boundary rather than
deferring to the enclosing test function.
2026-02-25 11:03:02 +01:00
kolaente 2a10b22c5c fix: use session-aware file creation to avoid nested transactions
files.Create() and files.CreateWithMime() internally create their own
sessions and transactions. When called from within an existing
transaction (now that db.NewSession() auto-begins), this creates nested
transactions that deadlock on SQLite.

Switch to files.CreateWithSession() and files.CreateWithMimeAndSession()
to participate in the caller's existing transaction instead.
2026-02-25 11:03:02 +01:00
kolaente cbfd0e63ed fix: pass pointer to xorm Update to avoid hash panic in transaction mode
In transaction mode, xorm stores the bean argument as a map key in
afterUpdateBeans. Since Task contains slices and maps (unhashable
types), passing a Task value causes "hash of unhashable type" panic.
Passing a pointer (&ot) fixes this since pointers are always hashable.
2026-02-25 11:03:02 +01:00
kolaente 2188c7a79d fix: add missing Commit() to event listeners and cron jobs
With db.NewSession() now starting real transactions, all sessions that
do writes must explicitly commit. These listeners and cron jobs were
previously relying on auto-commit mode where each SQL statement was
committed immediately. Without explicit Commit(), the writes are
silently rolled back on Close(), and the held write locks cause
"database is locked" errors for subsequent requests on SQLite.
2026-02-25 11:03:02 +01:00
kolaente 23176bb8e1 test: add regression test for atomic parent project deletion
Verify that deleting a parent project atomically deletes all child
projects, including archived children and deeply nested hierarchies.
Also add missing defer s.Close() to existing delete test cases.
2026-02-25 11:03:02 +01:00
kolaente 49bba7f830 fix: eliminate nested database sessions to prevent table locks
Refactor functions that created their own sessions when called from
within existing transactions, which caused "database table is locked"
errors in SQLite's shared-cache mode.

Changes:
- Add files.CreateWithSession() to reuse caller's session
- Refactor DeleteBackgroundFileIfExists() to accept session parameter
- Add variadic session parameter to notifications.Notify() and
  Notifiable.ShouldNotify() interface
- Update all Notify callers (~17 sites) to pass their session through
- Use files.CreateWithSession in SaveBackgroundFile and NewAttachment
- Fix test code to commit sessions before assertions
2026-02-25 11:03:02 +01:00
kolaente a6e6f252db refactor: remove redundant Begin() calls after NewSession auto-begins
Since NewSession() now auto-begins a transaction, explicit Begin()
calls are redundant (xorm's Begin() is a no-op when already in a
transaction). Removing them reduces confusion.

Special case: user_delete.go's loop previously called Begin/Commit
per user on a shared session. Restructured to create a new session
per user deletion so each gets its own transaction.
2026-02-25 11:03:02 +01:00
kolaente 764d3569ce fix: close leaked database sessions
Add defer s.Close() to sessions that were never closed:
- auth.GetAuthFromClaims inline session
- models.deleteUsers cron function
- notifications.notify database insert
2026-02-25 11:03:02 +01:00
kolaente c9c250fb1c fix: add missing Commit() to write callers
After NewSession() auto-begins a transaction, callers that perform
writes must explicitly call Commit() for changes to persist. Without
this, writes are silently rolled back when Close() is called.

Affected callers:
- user deletion notification cron
- caldav token generation/deletion
- token cleanup cron
- mark-all-notifications-read endpoint
- saved filter view cron
- project background delete
- typesense reindex
- export cleanup cron
- task last-updated listener
- saved filter view listener
- SSO team cleanup cron
- migration status start/finish
- background set/remove handlers
- orphaned task position cleanup
- file creation
2026-02-25 11:03:02 +01:00
kolaente b3d0b2f697 feat: add Session model with CRUD, permissions, and cleanup cron
- Session struct with UUID primary key, hashed refresh token, device
  info, IP address, and last-active tracking
- Token generation via generateHashedToken (SHA-256, 128 random bytes)
- CreateSession, GetSessionByRefreshToken, GetSessionByID
- Atomic RotateRefreshToken with WHERE on old hash to prevent replays
- ReadAll scoped to authenticated user (link shares rejected)
- Delete scoped to owning user (link shares rejected)
- Hourly cleanup cron for expired sessions based on is_long_session
- ErrSessionNotFound error type with HTTP 404 mapping
2026-02-25 10:30:25 +01:00
kolaente 04e60472b7 feat: add sessions table migration
Adds the `sessions` table for storing server-side session records.
Each row tracks a session ID (UUID), user ID, hashed refresh token,
device info, IP address, and timestamps.
2026-02-25 10:30:25 +01:00
kolaente 6de82db7e4 fix: decouple webhook dispatch from email/mailer config
The reminder and overdue crons now always run and dispatch webhook
events. Email notifications are only sent when both
ServiceEnableEmailReminders and MailerEnabled are true. Webhook
dispatch errors are logged but no longer abort the cron run.
2026-02-24 20:24:56 +01:00
kolaente 54aacd3707 feat: dispatch TaskOverdueEvent from overdue cron 2026-02-24 20:24:56 +01:00
kolaente 626e731ae4 feat: dispatch TaskReminderFiredEvent from reminder cron 2026-02-24 20:24:56 +01:00
kolaente 83dc7537c4 feat: register reminder and overdue events for webhooks 2026-02-24 20:24:56 +01:00
kolaente e04c1a3d2e feat: add TaskReminderFiredEvent and TaskOverdueEvent types 2026-02-24 20:24:56 +01:00
kolaente 519f66a51f fix: detect and store mime type when creating file attachments
Use mimetype.DetectReader in files.Create to automatically detect and
store the MIME type from file content. This fixes task attachment
previews, S3 Content-Type headers, and UI display for newly uploaded
files.
2026-02-22 00:00:11 +01:00
kolaente c12bbbe93e feat(comments): support order_by query parameter in comments API
Add an OrderBy field to the TaskComment struct with a query:"order_by"
tag so that the frontend can request ascending or descending comment
order. The value is validated to only accept "asc" or "desc", defaulting
to "asc". Also adds the corresponding swagger @Param annotation.
2026-02-19 14:20:52 +01:00
kolaente 1943d6993c fix: only merge range comparators in sub-table filter grouping
Restrict the AND-joined sub-table filter merging to range comparators
(>, >=, <, <=) only. Equality and negative comparators (=, !=, in,
not in) must remain as separate EXISTS/NOT EXISTS subqueries because
each matching value lives in its own row.

Merging equality filters like `labels = 4 && labels = 5` into a single
EXISTS would produce an unsatisfiable condition (no single row has
label_id=4 AND label_id=5). Merging negative filters like
`labels != 4 && labels != 5` into NOT EXISTS(label_id IN 4 AND
label_id IN 5) would be trivially true.

Also fix the join tracking to use the first filter's join type
(how the group connects to the previous element) instead of the last.
2026-02-19 12:40:29 +01:00
kolaente 302b58dac0 style: fix alignment in test case 2026-02-19 12:40:29 +01:00
kolaente a93f6bf160 test: add OR-joined reminder filter regression test
Verify that OR-joined conditions on the same sub-table still produce
separate EXISTS subqueries and match independently, as expected.
2026-02-19 12:40:29 +01:00
kolaente d1901f46c3 test: update expected task index after adding task #47 fixture
Task #47 in project 1 has index 32, so the next auto-assigned index
is now 33 instead of 18.
2026-02-19 12:40:29 +01:00
kolaente c034e431cb fix: merge AND-joined sub-table filters into single EXISTS subquery
When multiple AND-joined filter conditions target the same sub-table
(e.g., reminders > X && reminders < Y), they are now combined into
a single EXISTS subquery so that all conditions must be satisfied by
the same row. Previously, each condition generated a separate EXISTS
subquery that could match different rows, causing false positives.

Fixes #2245
2026-02-19 12:40:29 +01:00
kolaente cd72231502 test: add failing test for sub-table filter multi-row matching bug #2245
Add task47 variable (with reminders straddling the test window) and new
test cases that verify AND-joined sub-table filters match the same row.
The test "filtered reminder dates should not match task with reminders
outside window" will fail until the fix is applied.
2026-02-19 12:40:29 +01:00
Mattia Maglie 8779a28d1d
fix: prevent duplicated sql condition in filters (#1546)
Proposing the fix as in #1545

Co-authored-by: mattia.maglie <mattia.maglie@alispa.com>
Co-authored-by: kolaente <k@knt.li>
2026-02-18 17:02:25 +01:00
John Starich 591a646f84 refactor: remove environment variable requirements for go test 2026-02-17 18:01:05 +01:00
kolaente 82933a0836 test(files): update tests for io.ReadSeeker API
- Replace custom testfile structs with bytes.NewReader
- Remove readerOnly wrapper and non-seekable reader tests (no longer
  possible at the type level)
- Update S3 unit tests to remove temp file assertions
2026-02-08 15:31:25 +01:00
kolaente dbd74491c4 fix(files): update all callers to provide seekable readers for S3 uploads
Update all code paths that pass file content to the storage layer to
provide io.ReadSeeker instead of io.Reader:

- Avatar upload: use bytes.NewReader instead of bytes.Buffer
- Background upload handler: use bytes.NewReader instead of bytes.Buffer
- Unsplash background: buffer response body into bytes.NewReader
- Dump restore: buffer zip entry into bytes.NewReader
- Migration structure: pass bytes.NewReader directly instead of wrapping
  in io.NopCloser
- Task attachment: change NewAttachment parameter from io.ReadCloser to
  io.ReadSeeker
2026-02-08 15:31:25 +01:00
rhclayto cf029cef0c
feat: add option to send Basic Auth header with webhook requests (#2137)
Resolves https://github.com/go-vikunja/vikunja/issues/2136
Docs PR: https://github.com/go-vikunja/website/pull/284
2026-01-30 15:07:31 +01:00
renovate[bot] 9a61453e86
fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131)
Closes https://github.com/go-vikunja/vikunja/pull/2133

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2026-01-24 20:38:32 +01:00
kolaente 731b7c3001
fix: avoid mutating global http.DefaultClient in webhook proxy (#2145)
Fixes a bug where the webhook HTTP client was mutating `http.DefaultClient` (the global singleton), causing ALL HTTP requests in the application to use the webhook proxy. This broke OIDC authentication and other external HTTP calls when webhook proxy was configured.

Fixes #2144
2026-01-24 13:58:47 +01:00
kolaente 0cd25f47e5
fix: populate complete entity data in deletion event webhooks (#2135)
Fixes webhook payloads for deletion events that were previously
containing incomplete or empty entity data. This occurred because
entities were being deleted from the database before the webhook event
was dispatched.

## Changes

This PR implements four targeted fixes to ensure complete entity data in
deletion event webhooks:

### 1. TaskAssignee Deletion (`pkg/models/listeners.go`)
- Extended `reloadEventData()` to fetch full assignee user data by ID
- Webhook payload now includes complete user object (username, email,
timestamps, etc.)

### 2. TaskComment Deletion (`pkg/models/task_comments.go`)
- Modified `Delete()` to call `ReadOne()` before deletion
- Ensures comment text, author, and timestamps are included in webhook
payload
- Follows the same pattern used by `Task.Delete()` and
`TaskAttachment.Delete()`

### 3. TaskAttachment Deletion (`pkg/models/task_attachment.go`)
- Extended `ReadOne()` to fetch the `CreatedBy` user
- Webhook payload now includes file creator information

### 4. TaskRelation Deletion (`pkg/models/task_relation.go`)
- Modified `Delete()` to fetch complete relation including `CreatedBy`
user before deletion
- Webhook payload now includes relation timestamps and creator
information

Fixes #2125
2026-01-24 12:50:18 +01:00
kolaente 534483f237 fix(filter): ensure year is always within mysql allowed range
Fixes https://github.com/go-vikunja/vikunja/issues/2077
2026-01-09 23:11:22 +01:00
kolaente 39b4568bc5
refactor: centralize HTTP error handling (#2062)
This changes the error handling to a centralized HTTP error handler in `pkg/routes/error_handler.go` that converts all error types to proper HTTP responses. This simplifies the overall error handling because http handler now only need to return the error instead of calling HandleHTTPError as previously.
It also removes the duplication between handling errors with and without Sentry.

🐰 Hop along, dear errors, no more wrapping today!
We've centralized handlers in a shiny new way,
From scattered to unified, the code flows so clean,
ValidationHTTPError marshals JSON supreme!
Direct propagation hops forward with glee,
A refactor so grand—what a sight to see! 🎉
2026-01-08 10:02:59 +00:00
kolaente 4f31300915 fix(export): use os-level temp file to create user data export 2026-01-08 10:37:51 +01:00
kolaente 49af08d3f6
feat(filters): add UI for marking saved filters as favorites (#2055)
This PR adds UI support for marking saved filters as favorites. The backend already supports the `is_favorite` field for saved filters, but the frontend didn't expose this functionality. Users can now favorite/unfavorite saved filters just like regular projects.
2026-01-07 16:21:41 +00:00
Samuel Rodda 3a47c062da
fix(filters): preserve IsFavorite for saved filters in ReadOne (#2031)
- Saved filters' `IsFavorite` field was not being properly returned when
fetched as pseudo-projects via `/projects/{id}`
- This caused favorited filters to appear in both the Favorites and
Filters sections initially, but then disappear from Favorites after
clicking on them (navigating to the filter)

Fixes #1989

Co-authored-by: iamsamuelrodda <iamsamuelrodda@users.noreply.github.com>
2026-01-06 15:17:17 +00:00
kolaente a9adc3490d
fix(positions): detect and repair duplicate task positions automatically (#1998)
Relates to:
https://community.vikunja.io/t/reordering-not-possible-position-value-the-same-for-different-tasks/4078

Duplicate positions can occur due to race conditions or historical bugs, causing tasks to appear in the wrong order or jump around when the page is refreshed.

This change adds a `repair-task-positions` CLI command to detect and resolve task position conflicts, with dry-run preview option.
Also implemented automatic conflict detection and resolution to ensure
unique task positions.

🐰 Positions once conflicted, clustered tight,
But now we nudge them back into the light!
MinSpacing guards precision from decay,
While conflicts heal and duplicates give way. 
2025-12-20 19:38:28 +01:00
kolaente 82558dba87
fix(filters): ensure saved filter views never have position=0 (#1996)
Fixes #724 - Tasks in saved filter views get `position: 0` when they first appear in the filter, causing drag-and-drop sorting to not persist correctly.

**Changes:**
- Remove harmful `Position: 0` inserts from cron job and
`SavedFilter.Update` - `RecalculateTaskPositions` already creates
positions with proper values, so the intermediate inserts created a race
window
- Add on-demand position creation when fetching tasks for saved filter
views - safety net for newly matching tasks before the cron runs
- Add 5 new tests covering the fix and regression scenarios

🐰 Positions once zero, now bloom with care,
Sorted with grace, no more despair,
When filters call and tasks appear,
Numbers spring up, crystal clear!
Issue 724 hops away—
Sorting's fixed to stay, hooray! 🎉
2025-12-16 22:13:40 +00:00
kolaente 0b3decd869
fix: ensure API consistency for /tasks and empty array responses (#1988)
- Renames the `/tasks/all` endpoint to `/tasks` for consistency with
other collection endpoints like `/projects` and `/labels`
- Returns `[]` instead of `null` for empty pagination results across all
list endpoints
- Updates the frontend service to use the new endpoint path
- Updates API token tests to use the new endpoint path

Fixes #1984
2025-12-15 15:34:13 +00:00
kolaente fb7764d9f1
feat: format user mentions with display names in email notifications (#1930)
Email notifications now display user mentions with inline avatar images for improved visual recognition and easier identification. Mentions gracefully fall back to display names if avatars are unavailable.
2025-12-10 12:39:05 +01:00
kolaente d4eccccbfe fix(reminders): only send reminders to active users 2025-12-10 10:56:19 +01:00
Copilot 7cf2a6886e
fix: clear error when duplicating project with uploaded background (#1926)
Resolves https://github.com/go-vikunja/vikunja/issues/1745

- [x] Understand the issue from GitHub issue #1745
- [x] Analyze the codebase to locate the bug in
`duplicateProjectBackground` function
- [x] Fix the bug: return nil explicitly at the end of
duplicateProjectBackground
- [x] Add test for duplicating a project with an uploaded background (as
subtest)
- [x] Run tests and verify the fix
- [x] Run code review and address any feedback
- [x] Run CodeQL security scan

## Summary of Changes

### Problem
When duplicating a project with an uploaded (non-Unsplash) background
image, users encounter an internal server error (HTTP 500). The backend
logs show: `file was not downloaded from unsplash [FileID: X]`

### Root Cause
The `duplicateProjectBackground` function in
`pkg/models/project_duplicate.go` uses named returns. When
`GetUnsplashPhotoByFileID` returns `ErrFileIsNotUnsplashFile` for an
uploaded background, the error was intentionally ignored (to proceed
with copying the file) but not cleared from the named return variable.
This caused the error to be returned at the end of the function via the
bare `return` statement, triggering a 500 response.

### Solution
Changed the bare `return` at the end of `duplicateProjectBackground` to
`return nil` explicitly.

### Changes
1. **`pkg/models/project_duplicate.go`**: Changed bare `return` to
`return nil` at the end of `duplicateProjectBackground`
2. **`pkg/models/project_duplicate_test.go`**: Added subtest "duplicate
project with uploaded background" to `TestProjectDuplicate`

### Testing
- All existing tests pass
- Added subtest to `TestProjectDuplicate` for uploaded background
scenario (project 35 with non-Unsplash background)

### Security Summary
- No security vulnerabilities found by CodeQL
- Code review passed

<!-- START COPILOT CODING AGENT SUFFIX -->



<details>

<summary>Original prompt</summary>

> # Duplicate project with uploaded background - Implementation Plan
> 
> ## Overview
> Users encounter an internal server error when duplicating a project
that uses an uploaded background image (non-Unsplash). The b
> ackend attempt to copy the background leaves a non-Unsplash error
(`ErrFileIsNotUnsplashFile`) in a named return value, causing
> the duplication API call to fail even though the error should be
ignored. We need to adjust the duplication flow to allow upload
> ed backgrounds and add regression tests.
> 
> ## Current State Analysis
> - Project duplication calls `duplicateProjectBackground` to copy the
background file. The helper tries to copy a downloaded Unsp
> lash image and returns `ErrFileIsNotUnsplashFile` for uploaded files.
> - In the duplication code, the error variable is not cleared after
intentionally ignoring this specific error, so the function s
> till returns the error and triggers a 500 response.
> - There are no automated regression tests covering project duplication
with uploaded backgrounds.
> 
> ### Key Discoveries
> - The duplication logic treats Unsplash and uploaded backgrounds
differently and only clears the Unsplash download error, leavin
> g the non-Unsplash error set.
> - The API currently works for Unsplash backgrounds but fails for
uploaded backgrounds due to the lingering error value.
> 
> ## Desired End State
> - Duplicating a project succeeds for both Unsplash and uploaded
backgrounds.
> - Uploaded background files (and their metadata) are copied correctly
to the new project when possible, or gracefully skipped wi
> thout failing duplication.
> - Regression tests cover duplication with both background types to
prevent future regressions.
> 
> ## What We're NOT Doing
> - No changes to the background upload endpoints or UI selection
workflow.
> - No changes to Unsplash download behavior or quota handling.
> - No new migration or database schema changes.
> 
> ## Implementation Approach
> 1. Fix backend duplication error handling so uploaded backgrounds do
not cause a fatal error.
> 2. Add backend tests to cover duplication with uploaded backgrounds
and Unsplash backgrounds (success paths) and verify duplicat
> ion works without returning 500 errors.
> 3. Ensure tests document the expected behavior and guard against
regressions.
> 
> ## Phase 1: Fix duplication error handling
> ### Overview
> Make project duplication tolerate uploaded backgrounds by clearing or
not propagating `ErrFileIsNotUnsplashFile` once it has bee
> n intentionally ignored.
> 
> ### Changes Required
> - **File:** `pkg/models/projects.go` (or relevant duplication helper)
> - Adjust `duplicateProjectBackground` (or the calling logic) to reset
the named return error after handling `ErrFileIsNotUnspl
> ashFile`, ensuring the function returns `nil` when no real error
occurs.
> - Keep existing behavior for other errors and for Unsplash downloads.
> 
> ### Success Criteria
> - Uploaded background duplication no longer returns an internal server
error.
> - Unsplash background duplication remains functional and still
surfaces real errors.
> 
> ## Phase 2: Add regression tests
> ### Overview
> Add automated tests verifying project duplication works for both
uploaded and Unsplash backgrounds.
> 
> ### Changes Required
> - **File:** `pkg/models/projects_test.go` (or closest existing test
file for project duplication)
> - Add a test that sets up a project with an uploaded background file,
duplicates the project, and asserts duplication succeeds
>  and the duplicated project has an appropriate background reference.
> - Add/adjust test coverage for Unsplash background duplication to
confirm unchanged behavior.
> - Use existing fixtures or temporary files as needed for uploaded
background setup.
> 
> ### Success Criteria
> - Tests fail on current main branch but pass after the fix.
> - Tests validate that duplication completes without 500 errors for
both background types.
> 
> ## Testing Strategy
> - Automated Go tests via `mage test:filter` targeting the new
duplication tests.
> - Optionally run the broader suite (`mage test:feature`) if time
permits to ensure no regressions.
> 
> ## Manual Verification
> 1. Create a project and upload a background via the UI; duplicate it;
observe duplication succeeds and background is present or
> gracefully handled.
> 2. Create a project with an Unsplash background; duplicate it; verify
duplication succeeds.
> 3. Check API responses for duplication calls to ensure no internal
server errors.


</details>



<!-- START COPILOT CODING AGENT TIPS -->
---

💬 We'd love your input! Share your thoughts on Copilot coding agent in
our [2 minute survey](https://gh.io/copilot-coding-agent-survey).

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-12-04 10:16:16 +01:00
kolaente 7f5a08b316
fix(tasks): make sure all users get overdue reminder mails (#1901)
Fixes a regression introduced in 2a43f9b076

Resolves https://github.com/go-vikunja/vikunja/issues/1581
2025-11-28 11:06:47 +01:00
kolaente 869a8b0ab9
fix(sharing): use the highest team sharing permission when sharing the same project with multiple teams (#1894) 2025-11-27 22:25:06 +01:00
Mithilesh Gupta 7dddc5dfa2
feat: task unread tracking (#1857)
---------

Co-authored-by: Mithilesh Gupta <guptamithilesh@protonmail.com>
Co-authored-by: kolaente <k@knt.li>
2025-11-27 15:14:42 +01:00
Weijie Zhao cfab3ff922
fix: update mention format to use custom HTML element with usernames (#1843) 2025-11-21 15:29:15 +01:00
Copilot 9d0633268a
fix: prevent panic in webhook listener when fetching project (#1848)
This fixes a panic that occurred when handling webhooks. The code was
incorrectly using webhook.CreatedByID (user ID) to fetch a project,
when it should use webhook.ProjectID. This could cause GetProjectSimpleByID
to return nil if no project exists with that ID.

Additionally, added a nil check before calling project.ReadOne() to prevent
a nil pointer dereference panic when accessing p.ID.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-11-19 14:43:08 +00:00
Copilot 5f795bb531
fix: self-assignment notification to use "themselves" instead of repeating username (#1836)
When a user assigns a task to themselves, notifications to other users now
correctly say "User A assigned Task #123 to themselves" instead of
"User A assigned Task #123 to User A"

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-11-17 23:07:48 +00:00
kolaente 9b78584734
fix(events): only trigger task.updated once when marking task done
Resolves https://github.com/go-vikunja/vikunja/issues/1724
2025-11-16 11:01:15 +01:00
kolaente f96601bf18
fix(webhook): make sure the payload always contains a fully loaded project 2025-11-16 10:48:53 +01:00
Copilot f2a1348c51
feat: add thread IDs to task notification emails for client-side threading (#1826)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-11-15 18:58:32 +01:00
Biagio00 5b42724205
fix(kanban): repeating tasks dates won't update when moved in done bucket (#1638) 2025-11-14 16:57:53 +00:00
Mithilesh Gupta 01a84dd2d5
feat: add comment count to tasks (#1771) 2025-11-11 23:00:05 +01:00
kolaente 22fc19cd24
fix: ignore filter_include_nulls from views
The filter_include_nulls property from the filter in a view would override the property set through the query string. Because we don't have a way in the UI to set this for filters in views, this makes the setting pretty opaque and unpredictable. Since we want to remove the nulls option anyways, we can just ignore it here.

Resolves https://github.com/go-vikunja/vikunja/issues/1781
2025-11-11 11:04:33 +01:00
Weijie Zhao 43a5ae1309
feat: enable user mentions in task description & comments (#1754) 2025-11-09 19:42:38 +01:00
kolaente 541a38456e
chore(deps): update golangci-lint to 2.6.0 (#1737) 2025-10-31 17:28:52 +00:00
kolaente c8837aeaeb
fix(filters): support project filter in parentheses (#1647)
The filter regex pattern was not matching values inside parentheses correctly.
The lookahead pattern only allowed `&&`, `||`, or end-of-string after filter
values, but when filters are wrapped in parentheses like `( project = Filtertest )`,
the closing `)` appears after the value.

Fixed by adding `\)` to the lookahead pattern so it correctly handles closing
parentheses. This allows the project filter (and other filters) to work
properly when nested in parentheses.

- Added tests for project filters in parentheses (both frontend and backend)
- Backend tests confirm the backend already handled this correctly
- Frontend regex pattern now matches the backend behavior

Fixes #1645
2025-10-13 11:10:22 +02:00
kolaente 2a43f9b076 fix(reminders): refactor and check permissions when fetching task users 2025-10-09 13:33:27 +02:00
kolaente 9358954c90 fix: cleanup team memberships, assignments and subscriptions when users lose access to a project 2025-10-09 13:33:27 +02:00
kolaente 2dd36ad0a9
fix(sharing): make editing link share comments work
Resolves https://github.com/go-vikunja/vikunja/issues/1510
2025-10-09 10:53:18 +02:00
kolaente db6b82a002
fix: task.comment.deleted triggers panic in event listener which sends webhook (#1621)
Co-authored-by: Gabriel <fossecruor@gmail.com>
2025-10-08 21:46:57 +00:00
kolaente d33e742961
chore: make condition simpler 2025-10-07 10:56:03 +02:00
kolaente 1b02f78eee
fix(filter): check date boundary after timezone conversion
Resolves https://github.com/go-vikunja/vikunja/issues/1605
2025-10-07 10:55:22 +02:00
kolaente ff8e98e6e2
fix: process multiple reminders in the same time window (#1564)
Resolves https://github.com/go-vikunja/vikunja/issues/1550
2025-09-29 10:43:12 +02:00
kolaente fb426a6e22
fix(webhook): actually fetch project before enriching details
This fixes a bug where the project is fetched before adding more details
through ReadOne since ReadOne does not fetch the project. In the normal
project reading flow through the api, this is done in the permission
check.

Resolves https://github.com/go-vikunja/vikunja/issues/1498
2025-09-17 17:04:39 +02:00
kolaente 0506b9215a
fix(filters): initialize task positions for saved filters (#1477) 2025-09-11 17:39:56 +02:00
kolaente f0cb752f2c
fix(task): preserve done timestamp when moving tasks between projects (#1470) 2025-09-11 17:07:43 +02:00
kolaente e5e0413b70
fix(task): ensure done_at can never be set by user (#1461) 2025-09-11 07:45:42 +00:00
kolaente db123674a7
feat: share logic for bulk update (#1456)
This change refactors the bulk task update logic so that it updates all fields a single task update would update as well.

Could be improved in the future so that it is more efficient, instead of calling the update function repeatedly. Right now, this reduces the complexity by a lot and it should be fast enough for most cases using this.

Resolves #1452
2025-09-10 16:40:59 +00:00
kolaente 15ea38183c
fix: bypass Typesense in user export (#1385) 2025-09-02 15:49:17 +02:00
kolaente ed04638726
fix(task): only load first comments page when loading comments with task
Resolves
https://community.vikunja.io/t/task-comment-pagination-in-1-0-0-rc1/3988
2025-08-31 21:58:46 +02:00
kolaente 0039ec045e
fix(auth): fail when link share token is not parsable 2025-08-14 17:11:57 +02:00
kolaente a81a3ee0e5
feat!: rename right to permission (#1277) 2025-08-13 11:05:05 +02:00
kolaente 4042f66efa
feat: show user export status in settings (#1200) 2025-07-30 15:50:26 +00:00
kolaente 2fd3046acc chore: rename user_id field to username
The field is actually the username, but it was called user_id for some reason. This change makes this more clear
2025-07-28 10:56:36 +02:00
kolaente e10837476a
fix: subscription should only be visible for the user who subscribed (#1183) 2025-07-28 10:32:59 +02:00
Copilot 9712dbe2ab
fix: MySQL constraint violations returning HTTP 500 instead of 400 for task bucket duplicates (#1154)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-07-22 08:59:12 +00:00
kolaente ca83ad1f98 feat: move to slog for logging 2025-07-21 18:15:39 +02:00
kolaente 7985a6500a fix: use assertions which are more specific 2025-07-18 23:18:04 +02:00
kolaente 07d83e67d7 feat(projects): add support for ParadeDB when searching for project 2025-07-18 23:18:04 +02:00
kolaente a571d42f46 chore: refactor searching for link shares 2025-07-18 23:18:04 +02:00
kolaente 3db1ddcee4 feat(tasks): add support for ParadeDB when searching tasks 2025-07-18 23:18:04 +02:00
kolaente e7f5142e3d fix: adjust benchmark so that it only checks the task fetching 2025-07-18 23:18:04 +02:00
kolaente fcdcdcf46a feat: use keyvalue.Remember where it makes sense 2025-07-17 16:19:13 +02:00
Quiwy 5ee3077f5d
docs: fix typo (#1122) 2025-07-16 11:01:49 +00:00
kolaente 510b1f246a refactor: move test 2025-07-02 23:16:05 +02:00
kolaente 9b579d282c fix(tasks): do not return subtasks multiple times when they are related
to multiple tasks

Resolves https://community.vikunja.io/t/tasks-with-parent-tasks-appear-duplicated-in-list-views/3676
2025-07-02 23:16:05 +02:00
Dominik Pschenitschni 342bbd6192 fix: correct comments 2025-07-02 17:46:21 +02:00
kolaente a8025a9e36
fix: guard invalid user lookups (#1034) 2025-06-26 21:58:47 +00:00
kolaente c6c18d1ca1
fix(task): ambiguous description search (#1032)
test: relocate search regression
2025-06-26 20:05:04 +00:00
kolaente 53264d350e
fix(kanban): make bucket query fixed per-view (#1007) 2025-06-25 11:38:24 +00:00
kolaente f9b31ab4bf
fix: ambiguous title column in task search (#1012) 2025-06-24 20:38:35 +00:00
kolaente 4f99bdb50c
fix(tasks): ambiguous done column in task sorting (#1011)
fix: prefix task fields in sorting
2025-06-24 20:37:25 +00:00
kolaente 842a71019d
fix(view): add unique index for task buckets (#1005) 2025-06-24 10:45:17 +00:00
kolaente 57dfdc5168
chore: adjust comment about bucketless tasks (#1004)
docs: clarify bucketless task behavior
2025-06-24 09:56:58 +00:00
kolaente 49963d88a6
fix(task): add tasks table prefix for sort order (#1003)
fix: qualify task index for mysql order
2025-06-24 09:55:00 +00:00
kolaente 048e09ee12
fix(tasks): subtasks missing in list view (#1000) 2025-06-24 11:08:01 +02:00
kolaente 663339a294
feat(test): add benchmark for task search (#963) 2025-06-16 21:41:14 +02:00
kolaente 59a0b9c40d
feat(auth): require auth to fetch avatars (#930) 2025-06-14 13:12:41 +00:00
kolaente 6671ce38a8
chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
Dominik Pschenitschni 62f048767c
fix: correct unknown subscription entity typo (#883) 2025-06-10 12:18:07 +02:00
Dominik Pschenitschni 508cdf027c
fix: param type (#895) 2025-06-10 12:06:41 +02:00
kolaente c4566fdb53
chore(i18n): improve overdue task emails translation 2025-05-21 10:28:50 +02:00
kolaente 5acca8144b
fix(projects): do not try to fetch project permissions when no projects exist
Resolves https://vikunja.sentry.io/issues/6572520737/events/2a747d0e53e7431fafca89429c552eae/
2025-05-19 18:21:05 +02:00
kolaente 9f30a099ee
fix(projects): (un-)archive child projects when archiving parent (#775) 2025-05-15 14:31:56 +00:00
kolaente cb0e68f625
fix(i18n): make notification settings link translatable 2025-05-15 09:18:27 +02:00
Piotr Sarna 1d38306e7d
fix(docs): improve swagger output by setting swaggertype and enums (#705)
Co-authored-by: Piotr Sarna <piotr@piksar.eu>
2025-05-13 11:02:12 +00:00
kolaente f7229ba647
fix(i18n): translate all parts of reminder notifications 2025-05-12 16:24:20 +02:00
Vladimir c3fffefcf4
fix(db): refactor filtering with subqueries (#701)
Resolves #285
2025-05-12 10:52:48 +02:00
renovate[bot] 4a75f7d4da
chore(deps): update golangci/golangci-lint-action action to v7 (#462)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2025-04-02 09:28:56 +02:00
kolaente 2e11c55e9e
fix(test): use correct assertion
Resolves a regression introduced in 1bdb01712e
2025-03-24 17:41:39 +01:00
kolaente 1bdb01712e
fix(filter): correctly use user time zone when filtering for date fields
Resolves https://community.vikunja.io/t/upcoming-list-doesnt-display-repeating-tasks/3539
2025-03-24 17:22:33 +01:00
kolaente 13d4e0e00d
chore(utils): remove deprecated MakeRandomString function 2025-03-24 16:52:46 +01:00
kolaente 063753a543
fix(filter): do not try to set timezone when doer does not exist
Resolves https://vikunja.sentry.io/issues/6025547266/events/e0d0a5fdf01c46a2ac9101d94ab4f304/
2025-03-23 19:08:11 +01:00
kolaente 8489cf57f6
fix(typesense): use upsert instead of emplace when updating tasks in typesense
Resolves https://github.com/go-vikunja/vikunja/issues/376
2025-03-23 18:46:49 +01:00
kolaente bbd9d0d0b3
fix(comment): add validation check for the max comment length
Resolves https://vikunja.sentry.io/issues/6441922105/events/245b8f1de3e64951a108e2f6cb654c58/
2025-03-23 18:03:29 +01:00
kolaente 4d41a1bd9b
feat(kanban): create To-Do, Doing, Done buckets when creating a new kanban view 2025-03-21 19:16:52 +01:00
kolaente 0585045260
fix(kanban): Mark tasks done when creating them in the done bucket
Resolves https://community.vikunja.io/t/bugs-around-project-duplication-with-kanban-buckets/3433/6
2025-03-21 17:32:50 +01:00
kolaente 096de3382f
fix(kanban): load full task when moving task between buckets 2025-03-21 16:59:20 +01:00
kolaente e3f006c527
fix(i18n): add missing translations 2025-03-20 17:41:45 +01:00
kolaente e287364b78
fix(team): do not allow leaving exernal teams 2025-03-20 17:13:51 +01:00
kolaente 6e9886c6b8
fix(project): make order stable in duplicate test 2025-03-20 13:46:32 +01:00
kolaente 84cbd25e67
chore(project): do not use fmt.Sprintf directly 2025-03-19 19:47:38 +01:00
kolaente 7e1aba7606
fix(kanban): correctly set default bucket id when duplicating project
Partially resolves https://community.vikunja.io/t/bugs-around-project-duplication-with-kanban-buckets/3433
2025-03-19 17:28:59 +01:00
kolaente 4887f7fe60
fix(webhook): do not fail to send webhook when loading the project fails
https://community.vikunja.io/t/webhook-project-error/3305/7
2025-03-19 16:27:04 +01:00
kolaente 617070f9f7
fix(kanban): use full updated kanban bucket when moving task 2025-03-19 16:06:20 +01:00
kolaente 134c2a1a80
fix(kanban): do not allow creating tasks in full bucket 2025-03-19 15:18:55 +01:00
kolaente 732431773d
fix(i18n): remove duplicate api strings 2025-03-18 18:23:47 +01:00
kolaente 99213c66ee chore(openid): use general external team sync 2025-03-18 16:36:00 +00:00
kolaente a3b19a7b3c feat(auth): refactor group sync 2025-03-18 16:36:00 +00:00
kolaente 9f5c761fd9 chore(auth): rename error 2025-03-18 16:36:00 +00:00
kolaente 06851ca639 chore(auth): rename external team id find methods 2025-03-18 16:36:00 +00:00
kolaente 62beb3db2d feat(auth): rename oidc_id to external_id 2025-03-18 16:36:00 +00:00
kolaente dbb4652fad
fix(docs): clarify team member username instead of id 2025-03-16 18:02:17 +01:00
kolaente 5c6be117fe
fix(kanban): increase dates when moving a task into the done bucket
Resolves https://community.vikunja.io/t/unable-to-drag-a-repeating-task-to-done-bucket/3321/2
Resolves https://github.com/go-vikunja/vikunja/issues/402
2025-03-16 17:19:51 +01:00
kolaente 61333c9b7f
fix: lint 2025-03-02 19:43:41 +01:00
Marc f4a0c0ef31 feat(auth): sso fallback mapping (#3068)
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3068
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Marc <marc88@free.fr>
Co-committed-by: Marc <marc88@free.fr>
2025-03-02 15:21:09 +00:00
kolaente bbbfbb36bb
fix(filters): ignore invalid task fields when recomputing task positions
Resolves https://vikunja.sentry.io/issues/6025547266/
2025-03-02 14:00:31 +01:00
kolaente 4e90c6bb78
chore(deps): update golangci-lint 2025-03-02 13:00:18 +01:00
kolaente 250bb8ec99
fix(i18n): pass language to notification mail function 2025-03-02 12:29:31 +01:00
kolaente e11a3026b9
feat: translate notifications 2025-03-02 11:41:38 +01:00
kolaente b230bb94a4
chore(webhook): refactor reloading event data 2025-02-24 18:18:38 +01:00
kolaente 70e1fdae91
feat: always add project to webhook payload
Resolves https://github.com/go-vikunja/vikunja/issues/410
2025-02-21 19:45:07 +01:00
kolaente 398d0c7ab5
fix: add missing error messages to translations 2025-02-21 17:27:52 +01:00
kolaente ef01c2217b
fix(task): correctly validate all task fields 2025-01-25 14:38:25 +01:00
kolaente acf1ce862a
fix(filter): validate fields before using them
Resolves https://vikunja.sentry.io/share/issue/0e99ec2d0ee64e7aa40ea78098d5a316/
2025-01-24 19:06:59 +01:00
kolaente 9aa197b196
fix: swagger docs 2025-01-24 14:20:07 +01:00
kolaente 6b7c3ffef3
feat(tasks): add parameter to expand comments on a task 2025-01-24 13:00:06 +01:00
kolaente 75bd569a93
fix(projects): return list of projects when accessing as link share 2025-01-24 11:46:45 +01:00
kolaente e887cdeb5e
feat(task): expand reactions via parameter 2025-01-24 11:39:51 +01:00
kolaente 68d07a8c0f
feat(webhooks): expand buckets in webhooks
Resolves https://community.vikunja.io/t/bucket-id-is-0-in-webhook-payload-after-moving-task-between-columns/2993/2
2025-01-24 11:21:53 +01:00
kolaente 333e35e648
feat: add expand property to read one task 2025-01-24 11:20:23 +01:00
kolaente 7f6cb1e06e
feat: expand buckets 2025-01-24 11:03:40 +01:00
kolaente bc0c0b103f
feat: validate expand api parameter 2025-01-24 10:09:36 +01:00
kolaente 760f6d6800
fix(projects): adjust test assumptions
This adjusts the test for the changes made in f6bfe2f13c
2025-01-21 12:43:01 +01:00
kolaente f6bfe2f13c
fix(quick actions): show saved filters in search results
This fixes a bug where saved filters would not show up in quick actions search results. It was caused by explicitely only searching for projects.
During the debugging of this, I've discovered the search parameter is ignored when searching for filters.

Resolves https://community.vikunja.io/t/virtual-projects-a-k-a-saved-filters-do-not-show-up-in-search-bar-results/3180/4
2025-01-21 11:07:28 +01:00
kolaente f25f983417
feat(notifications): include link to settings in notifications 2025-01-20 17:38:18 +01:00
kolaente debdcd4dd3
docs: clarify return value of /tasks 2025-01-20 16:23:26 +01:00
kolaente a7be41ef04
fix(filter): do not override filter include nulls query
This fixes a bug where the "include nulls" query parameter would get overridden when the current view had a filter set, even if that filter didn't specify the parameter.
2025-01-20 14:23:35 +01:00
kolaente 6673adf0b5
fix(filter): do not show tasks in filter results when they are filtered out by labels
This fixes a bug where tasks which were filtered out by their label would still be shown. That was caused by the way the filter query was translated to sql under the hood.

Resolves https://github.com/go-vikunja/vikunja/issues/394
2025-01-20 14:05:42 +01:00
kolaente 4858f7c82f
fix(project): transfer ownership after deleting a user
This fixes a bug where the ownership of a project was not transferred when the user was deleted, leading to errors when viewing the project, as the owner user could not be found.

Resolves https://kolaente.dev/vikunja/vikunja/issues/2827
2025-01-20 12:25:38 +01:00
Dominik Pschenitschni 47538ca810 fix: method name 2025-01-17 13:59:12 +01:00
kolaente abae6f05e0
fix(auth): move read all notifications to notification group
Resolves
https://kolaente.dev/vikunja/vikunja/issues/2977
2025-01-17 12:52:42 +01:00
kolaente 45ec1a4c47
fix(auth): make sure routes from the "other" group work as intended
Resolves
https://kolaente.dev/vikunja/vikunja/issues/2977
2025-01-17 11:06:00 +01:00
kolaente 1db99dba47
fix(kanban): correctly check bucket limit for saved filters or view filters
Resolves https://github.com/go-vikunja/vikunja/issues/355
2025-01-09 16:21:28 +01:00
kolaente 70f1b4f28b
fix(export): update only current user export file id 2024-12-22 19:48:47 +01:00
kolaente 47ff7d8ad3
fix(migration): fetch members when they do not exist
Resolves https://github.com/go-vikunja/vikunja/issues/378
2024-12-15 13:11:29 +01:00
kolaente b3c93ae811
fix(task): do not update all project_view ids
Might fix https://community.vikunja.io/t/not-able-to-move-task-between-buckets-within-a-kanban-view-for-saved-filter/2882/6
2024-12-11 18:50:01 +01:00
kolaente 7ac2c42e4d
fix(caldav): fetch saved filter
This fixes a bug which caused fetching saved filter and favorite projects to crash, because the respective project ID is not a valid project id without special handling.
2024-12-11 17:05:51 +01:00
kolaente 25fd0f6108
fix(filter): correctly create task positions during filter creation
This fixes a bug where a saved filter would contain many "dead" entries for tasks which are not part of that filter. These entries were "dead" because the filter would not match for them and thus they were not shown.
The problem was caused by a routine during the creation of the filter where all projects from all matching tasks would be used as input for fetching the tasks to add to task_positions.

https://community.vikunja.io/t/not-able-to-move-task-between-buckets-within-a-kanban-view-for-saved-filter/2882/3
2024-12-09 19:21:13 +01:00
graves501 ed5474a28a fix(typo): Simpl -> Simple -> GetProjectsMapSimpleByTaskIDs (#2906)
Fix typo -> GetProjectSimplByTaskID -> GetProjectSimpleByTaskID

Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2906
Co-authored-by: graves501 <graves501@protonmail.com>
Co-committed-by: graves501 <graves501@protonmail.com>
2024-12-09 13:55:16 +00:00
kolaente 8d8406df05
fix: task overdue at the same time as the notification
If a task is overdue at the same time the notification is sent, it would contain a message like "overdue since" without a time. This now shows "overdue now" instead.
2024-12-03 08:33:16 +01:00
kolaente 8732837596
chore: simplify sentry code 2024-11-22 12:05:02 +01:00
kolaente 3659b7b58d
fix(attachments): check permissions when accessing all attachments 2024-11-21 15:42:53 +01:00
kolaente bbbd936868
fix(saved filters): check permissions when accessing tasks of a filter 2024-11-21 15:42:26 +01:00
kolaente f2eac4623d
fix(filters): do not crash when paginating bucket with empty filter
Resolves https://community.vikunja.io/t/error-in-kanban-view-of-virtual-project-saved-filter/2876/7
2024-11-19 19:32:09 +01:00
kolaente 0b9fd2c485
fix(project): correctly set done bucket after duplicating project
Resolves https://community.vikunja.io/t/duplicating-projects-with-a-kanband-done-bucket-is-broken/2979
2024-11-19 19:23:08 +01:00
kolaente d616bab76d fix(views): enable search in bucket filters 2024-11-19 16:27:22 +00:00
kolaente 624907ad6a fix: make search in saved filter work 2024-11-19 16:27:22 +00:00
Maximilian Bosch 3bafaa7101 fix(tasks): also delete corresponding task positions (#2840)
Closes [#348](https://github.com/go-vikunja/vikunja/issues/348)

When moving a project, the old task bucket entries (project, saved
filters) will be removed, but not the corresponding position. This has
the effect that the saved_filter event hook UpdateTaskInSavedFilterViews
wrongly assumes that the task doesn't need to be re-added to the saved
filter since the position part still exists.

Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2840
Co-authored-by: Maximilian Bosch <maximilian@mbosch.me>
Co-committed-by: Maximilian Bosch <maximilian@mbosch.me>
2024-11-18 16:02:05 +00:00
kolaente feb6b708e3
fix(tasks): prefix created and updated columns when sorting by them
Resolves https://github.com/go-vikunja/vikunja/issues/350
2024-11-18 12:07:29 +01:00
kolaente bd3eab8c34
fix(filters): validate filter expression when creating or updating filter
Resolves https://github.com/go-vikunja/vikunja/issues/354
2024-11-18 11:02:21 +01:00
kolaente 3f62c013ba
fix(typesense): fetch task comments without permission check
Fetching the task comments during indexing would always check the permissions - in the specific case of indexing comments into Typesense, this will always return true, because we're checking with the owner of the project. Because this is a rather expensive operation, it is even more unnecessary.
2024-11-02 18:42:12 +01:00
kolaente e393cfdfd7
fix(views): delete task buckets and task positions as well when deleting a view 2024-10-31 19:22:51 +01:00
kolaente 1fac81c8de
feat(cli): add cli command to delete orphan task positions 2024-10-31 19:19:56 +01:00
kolaente d03f9c7b73
fix(positions): directly look in the database to fetch tasks when recalculating their position 2024-10-31 19:02:15 +01:00
kolaente d7eff8e43b
feat(positions): add more debug logs 2024-10-31 18:46:09 +01:00
kolaente 7f5f5a4b8d
fix(events): do not crash filter event handler when triggered by a link share user
Resolves https://vikunja.sentry.io/issues/6030883119/events/4013802889b64b6b9d868e7c83ba4eb5/
2024-10-30 14:49:33 +01:00
kolaente d081cf80fc
chore(caldav): refactor fetching projects 2024-10-30 08:37:27 +01:00
kolaente b9366ca9e3
fix(filter): use correct syntax for not in query in typesense
Related to https://github.com/typesense/typesense/issues/2038
2024-10-29 17:23:16 +01:00
kolaente 57c6f2cd10
feat(filters): add "not in" operator for filters
Resolves https://community.vikunja.io/t/feature-requests-regarding-view-ordering-project-reference-in-kanban-and-a-notin-operator/2728
2024-10-29 12:03:16 +01:00
kolaente 412a8ef654
chore(projects): only pass users to checks 2024-10-29 09:11:06 +01:00
kolaente 816da6bc50
fix(projects): check with the current user if they have access to the project 2024-10-29 08:40:14 +01:00
kolaente dace07efda
fix(projects): return 0 if no parent project exists 2024-10-29 08:25:20 +01:00
kolaente fa032a889f
fix(filters): do not crash when a filter is invalid
Resolves https://vikunja.sentry.io/issues/6025547266/events/a62beaa09caf482ba238b18f363956df
2024-10-28 16:16:48 +01:00
kolaente e30374a28c
fix(projects): only add conditions to query when they are non-empty 2024-10-28 16:09:31 +01:00
kolaente b013b294e2
fix(projects): remove unnecessary join
The removal of the unnecessary join condition speeds up the query 10x. Before, it would take ~700ms on Vikunja Cloud. With this removal, the otherwise same query now takes ~70ms (which still leaves plenty of room for improvements, but it's already a great step forwards).
2024-10-28 15:58:07 +01:00
kolaente e1893ff573
chore: cleanup 2024-10-28 12:44:54 +01:00
kolaente 7055d7341c
feat(sharing): add config so that users only find members of their teams
This adds a feature where you can enable users to only find members of teams they're part of. This makes the user search when sharing projects less confusing, because users only see other users they already know.
It is still possible to add users to teams with their email address, if they have that enabled in the user settings.
2024-10-28 11:08:06 +01:00
Sterad 1f76a8bb64 feat: preferably award admin access to project users with write access on user deletion (#2772)
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2772
Co-authored-by: Sterad <hgasuser@gmail.com>
Co-committed-by: Sterad <hgasuser@gmail.com>
2024-10-24 20:42:38 +00:00
kolaente 3ad5797307
fix: do not prefix tasks all the time
Fixes a regression from 29b9001078
2024-10-21 10:32:14 +02:00
kolaente 29b9001078
feat(filters): allow filtering by created and updated task fields
Resolves https://kolaente.dev/vikunja/vikunja/issues/2768
2024-10-18 15:15:19 +02:00
kolaente d50572c544
fix(project): permission query on mysql 2024-10-15 12:16:22 +02:00
kolaente 302424b047
fix: lint 2024-10-15 11:57:49 +02:00
kolaente cda8155de4
fix(projects): correctly check inherited permissions 2024-10-15 11:56:51 +02:00
kolaente 92b90013ab
feat(projects): optionally return max right when querying all projects
This change introduces an expand query parameter which, when provided, allows to return all projects with the max right the current user has on that project. This allows to show and hide appropriate buttons in the frontend.

Resolves https://github.com/go-vikunja/vikunja/issues/334
2024-10-13 19:22:09 +02:00
kolaente 3e9c41cfc6
fix(api): allow api tokens to retrieve the user who created the token
Resolves https://kolaente.dev/vikunja/vikunja/issues/2644
2024-10-13 16:02:53 +02:00
kolaente a88124cfce
feat: make used bcrypt rounds configurable
This allows to configure the used bcrypt rounds and set it to 4 in tests, greatly speeding up the tests. It's not really required to set this to another value but it might be in the future as computers get faster.
2024-10-13 15:38:04 +02:00
kolaente 9219f7032e
fix: error reporting 2024-10-11 08:54:50 +02:00