vikunja/pkg
Tink bot fb6f16adde fix: respect allow_icon_changes config on web and desktop
The `service.allowiconchanges` config option was ignored. On the web ui the
value injected into index.html by the api was immediately overwritten by a
hardcoded `window.ALLOW_ICON_CHANGES = true` in a later inline script, so the
configured value never took effect. The desktop app never received the
injected value at all, since it serves the bundled frontend from its own local
server and only talks to the api for data.

Expose the option via the /info endpoint and read it from the config store,
which is the only channel that reaches both the web ui and the desktop app.
The brittle window injection and its hardcoded default are removed in favor of
this single source of truth.

https://claude.ai/code/session_01HAXTJNsDcfsB4hwDNKTECb
2026-06-01 09:40:37 +00:00
..
caldav fix(caldav): escape user-controlled strings per RFC 5545 in VCALENDAR output 2026-04-09 15:44:04 +00:00
caldavtests fix(caldav): skip tests for known CalDAV bugs and fix timing issues 2026-04-02 11:34:55 +00:00
cmd fix(cli): guard last admin on scheduled CLI deletion path 2026-04-20 18:55:06 +00:00
config feat: always enable bot users 2026-05-04 10:38:53 +00:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db feat(comments): treat quoted comment authors as implicit mentions 2026-05-20 21:02:14 +00:00
doctor feat(auth): enforce OpenID Connect issuer uniqueness across providers 2026-03-30 22:41:50 +00:00
e2etests test(webhook): assert bad webhook is retried in no-duplicate test 2026-04-09 09:26:04 +00:00
events feat: add InitEventsForTesting and Unfake for real event dispatch in tests 2026-03-05 12:49:27 +01:00
files refactor(metrics): drop inline file count tracking 2026-05-30 13:48:01 +00:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-05-27 02:31:52 +00:00
initialize refactor(user): remove the now-empty listeners file 2026-05-30 13:48:01 +00:00
license fix(license): degrade to free when servers unreachable or key rejected 2026-04-20 18:55:06 +00:00
log fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests 2026-04-03 18:30:39 +00:00
mail feat: add Atom feed for user notifications with API token auth (#2758) 2026-05-15 17:25:09 +02:00
metrics refactor(metrics): count entities on demand with a TTL cache 2026-05-30 13:48:01 +00:00
migration feat(projects): always store identifiers as uppercase (#2775) 2026-05-19 10:35:43 +02:00
models docs(api/v2): mark server-controlled label and user fields read-only 2026-05-31 15:27:44 +02:00
modules feat(auth): add GetAuthFromContext for Huma handlers 2026-05-31 12:56:57 +00:00
notifications fix(notifications): skip logo attachment for conversational mails 2026-05-18 19:06:49 +00:00
plugins test(plugins): add yaegi plugin integration tests 2026-03-30 20:44:46 +00:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes fix: respect allow_icon_changes config on web and desktop 2026-06-01 09:40:37 +00:00
swagger [skip ci] Updated swagger docs 2026-05-19 09:43:17 +00:00
user docs(api/v2): mark server-controlled label and user fields read-only 2026-05-31 15:27:44 +02:00
utils fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web refactor(handler): return domain error for forbidden instead of echo.HTTPError 2026-04-21 09:23:13 +00:00
websocket feat(websocket): add notification event with XORM AfterInsert dispatch 2026-04-02 16:30:23 +00:00
webtests test(api/v2): Label round-trip, ETag, PATCH, error shapes 2026-05-31 12:56:57 +00:00
yaegi_symbols refactor(user): remove the now-empty listeners file 2026-05-30 13:48:01 +00:00