Commit Graph

9 Commits

Author SHA1 Message Date
Claude 25c6c6750a
feat: per-user pro feature toggles
Licensed features can now be granted or revoked per user instead of
applying instance-wide. Resolution is layered: the instance license must
include the feature, then a per-user override, an admin-set instance
default and the built-in code default are consulted in that order.
Time tracking is the first per-user toggleable feature; admin_panel and
audit_logs stay instance-wide. New features opt in via the
perUserToggleable map in pkg/license.

- store per-user overrides in a json column on users, instance defaults
  in the new pro_feature_instance_defaults table
- enforce the toggle in the v2 time-entries route gate and in the
  TimeEntry permission chokepoint for non-route callers
- new admin v2 endpoints to manage instance defaults and per-user
  overrides
- expose effective_pro_features on /api/v1/user; the frontend prefers it
  over /info's instance-wide list once the user is loaded
- admin UI: per-user toggles on the user detail modal, instance defaults
  on the admin overview

https://claude.ai/code/session_01AVt4FHWrUUhv5p6yn99pdp
2026-06-09 19:46:32 +00:00
kolaente b8b376c53a test(time-tracking): cover the time_entries model 2026-06-08 13:54:09 +00:00
kolaente 6fc36cb700 feat(comments): treat quoted comment authors as implicit mentions
A comment whose body contains <blockquote data-comment-id="…"> nodes
now triggers the same task-comment mention notification for the
quoted comments' authors, respecting CanRead, subscription, and
existing dedup. Self-quotes, wrong-task quotes, and malformed ids
are silently skipped.
2026-05-20 21:02:14 +00:00
kolaente 71282dcffd feat: add OAuth 2.0 authorization code model and migration
Add the OAuthCode model for storing short-lived authorization codes
with PKCE challenges. Codes are hashed (SHA-256) before storage and
are single-use with a 10-minute expiry. Add the database migration
and OAuth-specific error types.
2026-03-27 23:05:04 +00:00
kolaente a66bda2f51 test: register totp fixture in test setup 2026-03-20 12:22:27 +00:00
kolaente d4577c660f feat: add user_id to webhooks and user-directed event infrastructure
Add user_id column to webhooks table (nullable, for user-level webhooks
vs project-level). Extend webhook model, permissions, and listener to
support user-level webhooks that fire for user-directed events like
task reminders and overdue task notifications.

Add TasksOverdueEvent for dispatching overdue notifications via webhooks.
Update webhook permissions to handle both user-level and project-level
ownership. Add webhook test fixture and register webhooks table in test
fixture loader.
2026-03-08 19:45:53 +01:00
kolaente b3d0b2f697 feat: add Session model with CRUD, permissions, and cleanup cron
- Session struct with UUID primary key, hashed refresh token, device
  info, IP address, and last-active tracking
- Token generation via generateHashedToken (SHA-256, 128 random bytes)
- CreateSession, GetSessionByRefreshToken, GetSessionByID
- Atomic RotateRefreshToken with WHERE on old hash to prevent replays
- ReadAll scoped to authenticated user (link shares rejected)
- Delete scoped to owning user (link shares rejected)
- Hourly cleanup cron for expired sessions based on is_long_session
- ErrSessionNotFound error type with HTTP 404 mapping
2026-02-25 10:30:25 +01:00
kolaente 3db1ddcee4 feat(tasks): add support for ParadeDB when searching tasks 2025-07-18 23:18:04 +02:00
kolaente 6671ce38a8
chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
Renamed from pkg/models/unit_tests.go (Browse further)