vikunja/pkg
kolaente 9e880e98a5 fix(api): export api-token permission groups in snake_case
The api-token permission group key is derived from the route slug. Every
group is snake_case except "time-entries", whose URL slug carries a hyphen.
The frontend snake_cases request payloads, rewriting that group key to
"time_entries", which the backend then rejected — so a token granted the
Time Entries scope could not be saved.

Canonicalise group and path-segment names to snake_case where they are
derived, and normalise the group key on token validation and authorisation
so any token stored under the old hyphenated key keeps resolving. No data
migration is needed: the v2 time-entries resource has never shipped in a
release.
2026-06-27 15:01:54 +00:00
..
audit refactor(events): use a concrete doer on project and team events 2026-06-12 08:56:08 +00:00
caldav fix(caldav): escape user-controlled strings per RFC 5545 in VCALENDAR output 2026-04-09 15:44:04 +00:00
caldavtests fix(caldav): skip tests for known CalDAV bugs and fix timing issues 2026-04-02 11:34:55 +00:00
cmd fix(cli): guard last admin on scheduled CLI deletion path 2026-04-20 18:55:06 +00:00
config feat(config): add audit logging config keys 2026-06-12 08:56:08 +00:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db fix(db): interpolate table identifiers in truncate instead of binding them 2026-06-17 12:13:50 +00:00
doctor feat(auth): enforce OpenID Connect issuer uniqueness across providers 2026-03-30 22:41:50 +00:00
e2etests test(webhook): assert bad webhook is retried in no-duplicate test 2026-04-09 09:26:04 +00:00
events fix(notifications): use full user so notifications show display name 2026-06-18 20:57:05 +00:00
files docs(api/v2): tag task attachment fields for the v2 schema 2026-06-10 10:22:39 +00:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-05-27 02:31:52 +00:00
initialize feat(audit): wire request-meta middleware and writer initialization 2026-06-12 08:56:08 +00:00
license fix(license): degrade to free when servers unreachable or key rejected 2026-04-20 18:55:06 +00:00
log fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests 2026-04-03 18:30:39 +00:00
mail feat: add Atom feed for user notifications with API token auth (#2758) 2026-05-15 17:25:09 +02:00
metrics refactor(metrics): count entities on demand with a TTL cache 2026-05-30 13:48:01 +00:00
migration fix(auth): build OIDC end-session URL with RP-Initiated Logout params (#2943) 2026-06-19 18:27:33 +02:00
models fix(api): export api-token permission groups in snake_case 2026-06-27 15:01:54 +00:00
modules feat(migration): import recurring tasks from todoist 2026-06-26 13:32:08 +00:00
notifications fix(notifications): strip remote images from notification emails 2026-06-11 06:53:37 +00:00
plugins test(plugins): add yaegi plugin integration tests 2026-03-30 20:44:46 +00:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes feat(api/v2): add kanban bucket CRUD endpoints 2026-06-26 08:56:15 +00:00
swagger [skip ci] Updated swagger docs 2026-06-19 16:52:13 +00:00
user feat(api/v2): add totp qr code endpoint 2026-06-17 18:39:38 +00:00
utils fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web fix(files): never cache file downloads in v1 or v2 2026-06-17 18:39:38 +00:00
websocket feat(time-tracking): let clients subscribe to timer events 2026-06-08 13:54:09 +00:00
webtests feat(api/v2): add kanban bucket CRUD endpoints 2026-06-26 08:56:15 +00:00
yaegi_symbols feat(filters): generate open task saved filter on user creation 2026-06-27 13:35:50 +00:00