vikunja/pkg/user
kolaente 22d82e292b feat(user): always include own bots in user search
User search previously filtered bots only when they happened to match the
search string. That produced two bad behaviours:

1. Bots owned by other users could surface on an exact-username match,
   leaking them into assignee pickers and similar UI.
2. A user could not reliably find their own bots by typing a partial
   name, so bots became awkward to assign to tasks.

Change ListUsers to treat bot ownership explicitly: the existing match
branch excludes rows owned by someone else, and a second branch always
returns bots owned by the calling user. The own-bots branch also
respects any AdditionalCond passed in so project-scoped listings don't
start leaking bots from outside the project.
2026-05-01 14:44:10 +00:00
..
caldav_token.go fix(caldav): eliminate nested db session in CalDAV auth 2026-03-03 10:41:19 +01:00
db.go feat: register Vikunja tables with db package at init 2026-03-04 15:37:54 +01:00
delete.go fix: address review comments on session lifecycle 2026-02-25 11:03:02 +01:00
error.go feat(user): add bot-related error types 2026-05-01 14:44:10 +00:00
error_test.go feat(user): add bot-related error types 2026-05-01 14:44:10 +00:00
events.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
is_admin_test.go feat(user): extract last-admin guard and close invariant gaps 2026-04-20 18:55:06 +00:00
listeners.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
main_test.go feat: move to slog for logging 2025-07-21 18:15:39 +02:00
notifications.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
test.go test: add TOTP fixture and load it in user test bootstrap 2026-03-23 10:34:49 +00:00
token.go fix(auth): correctly delete older password reset tokens in cron 2026-02-27 14:44:26 +01:00
totp.go fix(security): persist TOTP lockout across login rollback 2026-04-09 16:08:26 +00:00
totp_test.go test(user): cover TOTP lockout persistence and password-reset unlock 2026-04-09 16:08:26 +00:00
update_email.go fix: eliminate nested database sessions to prevent table locks 2026-02-25 11:03:02 +01:00
update_email_test.go fix(user): persist status on email updates (#1084) 2025-08-04 14:07:00 +00:00
user.go feat(models): add BotUser CRUD wrapper 2026-05-01 14:44:10 +00:00
user_claims_test.go feat(user): extract last-admin guard and close invariant gaps 2026-04-20 18:55:06 +00:00
user_create.go feat(user): add CreateBotUser 2026-05-01 14:44:10 +00:00
user_email_confirm.go fix(user): handle status errors in pkg/user callers, remove redundant checks 2026-03-23 12:06:16 +00:00
user_email_confirm_test.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
user_password_reset.go fix(user): handle status errors in pkg/user callers, remove redundant checks 2026-03-23 12:06:16 +00:00
user_test.go feat(user): add CreateBotUser 2026-05-01 14:44:10 +00:00
users_project.go feat(user): always include own bots in user search 2026-05-01 14:44:10 +00:00
validator.go feat(api): enforce password validation on reset and update flows 2026-02-25 13:44:56 +01:00