vikunja/pkg/webtests
Claude 25c6c6750a
feat: per-user pro feature toggles
Licensed features can now be granted or revoked per user instead of
applying instance-wide. Resolution is layered: the instance license must
include the feature, then a per-user override, an admin-set instance
default and the built-in code default are consulted in that order.
Time tracking is the first per-user toggleable feature; admin_panel and
audit_logs stay instance-wide. New features opt in via the
perUserToggleable map in pkg/license.

- store per-user overrides in a json column on users, instance defaults
  in the new pro_feature_instance_defaults table
- enforce the toggle in the v2 time-entries route gate and in the
  TimeEntry permission chokepoint for non-route callers
- new admin v2 endpoints to manage instance defaults and per-user
  overrides
- expose effective_pro_features on /api/v1/user; the frontend prefers it
  over /info's instance-wide list once the user is loaded
- admin UI: per-user toggles on the user detail modal, instance defaults
  on the admin overview

https://claude.ai/code/session_01AVt4FHWrUUhv5p6yn99pdp
2026-06-09 19:46:32 +00:00
..
_test.go.tpl chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
admin_share_bypass_test.go test(admin): add webtests for /admin/* endpoints and share bypass 2026-04-20 18:55:06 +00:00
admin_test.go test(admin): add webtests for /admin/* endpoints and share bypass 2026-04-20 18:55:06 +00:00
api_token_method_matching_test.go fix(security): enforce HTTP method and path in scoped API token matcher 2026-04-09 15:17:20 +00:00
api_tokens_test.go test: verify caldav permission group appears in /routes 2026-03-30 12:09:53 +00:00
archived_test.go fix(project): remove non-existent columns from UpdateProject column list 2026-04-03 16:59:05 +00:00
background_test.go test: verify background removal preserves project title 2026-04-08 09:07:15 +00:00
caldav_test.go fix(caldav): return 404 when trying to access a project that cannot exist with CalDAV (#2796) 2026-05-28 08:14:52 +02:00
error_responses_test.go feat: add session-based auth with refresh token rotation 2026-02-25 10:30:25 +01:00
healthcheck_test.go feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
huma_admin_pro_features_test.go feat: per-user pro feature toggles 2026-06-09 19:46:32 +00:00
huma_admin_test.go test(api/v2): port full v1 admin projects coverage 2026-06-03 19:48:08 +00:00
huma_api_token_test.go feat(api/v2): add API token list/create/delete on /api/v2 2026-06-05 08:49:23 +00:00
huma_archived_test.go test(api/v2): isolate project tests per-handler, not via shared harness 2026-06-05 07:40:07 +00:00
huma_avatar_test.go test(api/v2): port full v1 avatar coverage to TestAvatar 2026-06-03 19:58:27 +00:00
huma_avatar_upload_test.go fix(api/v2): reject non-decodable images (e.g. SVG) on avatar upload with 400 2026-06-02 11:55:25 +00:00
huma_bot_user_test.go feat(api/v2): add bot user CRUD on /api/v2 2026-06-05 08:51:39 +00:00
huma_errors_test.go test(api/v2): Label round-trip, ETag, PATCH, error shapes 2026-05-31 12:56:57 +00:00
huma_helpers_test.go test(api/v2): Label round-trip, ETag, PATCH, error shapes 2026-05-31 12:56:57 +00:00
huma_label_task_test.go feat(api/v2): add task labels (create/list/delete) on /api/v2 2026-06-05 08:33:47 +00:00
huma_label_test.go feat(labels): let bot owners manage labels created by their bots 2026-06-09 11:40:04 +00:00
huma_link_sharing_test.go fix(link-sharing): resolve share read permission via project id so by-id reads work 2026-06-05 09:17:25 +00:00
huma_notification_test.go fix(api/v2): return 200 from notifications mark-all (creates nothing) 2026-06-07 10:05:24 +00:00
huma_project_team_test.go feat(api/v2): add project team shares CRUD on /api/v2 2026-06-07 15:33:20 +00:00
huma_project_test.go test(api/v2): cover central validation (422, invalid_fields, full-body webhook updates) 2026-06-06 21:09:56 +00:00
huma_project_user_test.go feat(api/v2): add project user shares CRUD on /api/v2 2026-06-07 10:37:59 +00:00
huma_project_view_test.go feat(api/v2): report max_permission on label and project-view reads 2026-06-04 21:16:51 +00:00
huma_saved_filter_test.go feat(api/v2): add saved filter CRUD on /api/v2 2026-06-07 10:40:20 +00:00
huma_session_test.go feat(api/v2): add session list/delete on /api/v2 2026-06-05 08:21:48 +00:00
huma_subscription_test.go docs: trim wordy comments to load-bearing whys 2026-06-07 09:57:51 +00:00
huma_task_assignee_test.go feat(api/v2): add task assignees (create/list/delete) on /api/v2 2026-06-06 19:06:12 +00:00
huma_task_comment_test.go test(api/v2): assert task comment max_permission and per-caller ETag 2026-06-05 07:43:38 +00:00
huma_task_duplicate_test.go test(api/v2): port full v1 TaskDuplicate coverage 2026-06-03 20:29:15 +00:00
huma_team_member_test.go feat(api/v2): add team members (add/remove/admin-toggle) on /api/v2 2026-06-07 10:48:23 +00:00
huma_team_test.go test(api/v2): assert both ETags non-empty in team permission test 2026-06-05 08:06:54 +00:00
huma_time_entry_test.go test(time-tracking): cover the v2 time-entry routes 2026-06-08 13:54:09 +00:00
huma_webhook_test.go test(api/v2): cover central validation (422, invalid_fields, full-body webhook updates) 2026-06-06 21:09:56 +00:00
integrations.go test(api/v2): isolate project tests per-handler, not via shared harness 2026-06-05 07:40:07 +00:00
kanban_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
label_task_test.go test: add web tests for bulk label task endpoint 2026-03-10 23:58:44 +01:00
link_share_avatar_test.go feat!: rename right to permission (#1277) 2025-08-13 11:05:05 +02:00
link_sharing_auth_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
link_sharing_test.go test(security): webtest that a deleted link share rejects its still-valid JWT 2026-04-09 15:38:07 +00:00
login_test.go test(webtests): add end-to-end TOTP lockout test 2026-04-09 16:08:26 +00:00
main_test.go refactor: use Go idioms for running tests 2026-02-17 18:01:05 +01:00
oauth2_test.go test: add tests for OAuth 2.0 authorization flow 2026-03-27 23:05:04 +00:00
project_test.go fix(security): move reparent Admin gate into UpdateProject 2026-04-09 16:47:35 +00:00
register_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
sessions_test.go test: add session lifecycle tests 2026-02-25 10:30:25 +01:00
task_attachment_idor_test.go test: add IDOR test for task attachment ReadOne (GHSA-jfmm-mjcp-8wq2) 2026-03-23 16:34:07 +00:00
task_attachment_upload_test.go feat: add session-based auth with refresh token rotation 2026-02-25 10:30:25 +01:00
task_by_index_test.go test(api): cover positive project-identifier resolution 2026-05-19 08:53:25 +00:00
task_collection_test.go feat(projects): always store identifiers as uppercase (#2775) 2026-05-19 10:35:43 +02:00
task_comment_test.go fix: use require.Error instead of assert.Error for error assertions 2026-03-20 11:41:28 +00:00
task_test.go fix(assignees): resolve 500 error when reading task assignees 2026-05-26 18:59:33 +00:00
token_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
user_change_password_test.go test(api): add tests for password validation in reset and update flows 2026-02-25 13:44:56 +01:00
user_confirm_email_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
user_export_download_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
user_export_status_test.go feat: show user export status in settings (#1200) 2025-07-30 15:50:26 +00:00
user_password_request_token_test.go refactor: centralize HTTP error handling (#2062) 2026-01-08 10:02:59 +00:00
user_password_reset_test.go test: add web test for disabled user password reset rejection 2026-03-20 11:23:21 +00:00
user_project_test.go test: verify email masking for external team name search 2026-03-04 20:32:11 +01:00
user_show_test.go chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
user_totp_test.go fix: update TOTP fixtures and tests to avoid conflicts with existing enrollment tests 2026-03-20 12:22:27 +00:00
webhook_test.go test: add failing test for webhook BasicAuth credential exposure 2026-03-23 16:35:47 +00:00