Add optional project scope to API tokens, allowing tokens to be restricted to a specific project and optionally its sub-projects. This builds on the existing API token system by adding two new fields: project_id and include_sub_projects. Key changes: - Database migration adding project_id and include_sub_projects columns - ProjectScopedAuth wrapper type implementing web.Auth with scope info - AuthUnwrapper interface for transparent auth type unwrapping - Scope enforcement in project/task permission checks and list queries - Middleware resolves scoped project IDs (with recursive CTE for sub-projects) - Frontend: project selector in token creation form, scope display in list - Tests for scope resolution, permission enforcement, and token creation https://claude.ai/code/session_015JjPNeSkwxYQNCeMf2PYTi |
||
|---|---|---|
| .. | ||
| fixtures | ||
| db.go | ||
| db_path_test.go | ||
| dump.go | ||
| helpers.go | ||
| helpers_test.go | ||
| test.go | ||
| test_fixtures.go | ||