vikunja/pkg
kolaente 8a4f5cbe11 fix(models): make API tokens work on /api/v2 routes
Sub-phase G validation caught that a token scoped to e.g.
`labels.read_one` was rejected on /api/v2/labels because the route
collector only stripped /api/v1/ from paths and did not know about
v2's REST-style verbs (POST create, PUT/PATCH update, inverted
from v1 where PUT creates and POST updates).

Introduce a shadow apiTokenRoutesV2 map keyed under the same
(group, permission) names as the v1 entries. Route collection now
routes v2 paths into this shadow map and CanDoAPIRoute consults
both tables, so the same permission bit authorizes the v1 and v2
endpoints for the same resource without changing the data shape
served at /api/v1/routes (which the frontend token UI depends on).

Also teach getRouteDetail about PATCH so Huma's AutoPatch-synthesized
PATCH routes collapse to the `update` permission instead of being
dropped.
2026-05-31 12:56:57 +00:00
..
caldav fix(caldav): escape user-controlled strings per RFC 5545 in VCALENDAR output 2026-04-09 15:44:04 +00:00
caldavtests fix(caldav): skip tests for known CalDAV bugs and fix timing issues 2026-04-02 11:34:55 +00:00
cmd fix(cli): guard last admin on scheduled CLI deletion path 2026-04-20 18:55:06 +00:00
config feat: always enable bot users 2026-05-04 10:38:53 +00:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db feat(comments): treat quoted comment authors as implicit mentions 2026-05-20 21:02:14 +00:00
doctor feat(auth): enforce OpenID Connect issuer uniqueness across providers 2026-03-30 22:41:50 +00:00
e2etests test(webhook): assert bad webhook is retried in no-duplicate test 2026-04-09 09:26:04 +00:00
events feat: add InitEventsForTesting and Unfake for real event dispatch in tests 2026-03-05 12:49:27 +01:00
files refactor(metrics): drop inline file count tracking 2026-05-30 13:48:01 +00:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-05-27 02:31:52 +00:00
initialize refactor(user): remove the now-empty listeners file 2026-05-30 13:48:01 +00:00
license fix(license): degrade to free when servers unreachable or key rejected 2026-04-20 18:55:06 +00:00
log fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests 2026-04-03 18:30:39 +00:00
mail feat: add Atom feed for user notifications with API token auth (#2758) 2026-05-15 17:25:09 +02:00
metrics refactor(metrics): count entities on demand with a TTL cache 2026-05-30 13:48:01 +00:00
migration feat(projects): always store identifiers as uppercase (#2775) 2026-05-19 10:35:43 +02:00
models fix(models): make API tokens work on /api/v2 routes 2026-05-31 12:56:57 +00:00
modules feat(auth): add GetAuthFromContext for Huma handlers 2026-05-31 12:56:57 +00:00
notifications fix(notifications): skip logo attachment for conversational mails 2026-05-18 19:06:49 +00:00
plugins test(plugins): add yaegi plugin integration tests 2026-03-30 20:44:46 +00:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes feat(routes): scaffold /api/v2 Echo group 2026-05-31 12:56:57 +00:00
swagger [skip ci] Updated swagger docs 2026-05-19 09:43:17 +00:00
user refactor(user): remove the now-empty listeners file 2026-05-30 13:48:01 +00:00
utils fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web refactor(handler): return domain error for forbidden instead of echo.HTTPError 2026-04-21 09:23:13 +00:00
websocket feat(websocket): add notification event with XORM AfterInsert dispatch 2026-04-02 16:30:23 +00:00
webtests fix(caldav): return 404 when trying to access a project that cannot exist with CalDAV (#2796) 2026-05-28 08:14:52 +02:00
yaegi_symbols refactor(user): remove the now-empty listeners file 2026-05-30 13:48:01 +00:00