MALIO-DEV/Lesstime
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 32 Wiki Activity
305 Commits 6 Branches 49 Tags
1219f3e73e4b57ac0af5c042f9f634d8414119aa
Commit Graph

4 Commits

Author SHA1 Message Date
Matthieu
e0dfcbdbf8 fix(security) : add role checks on Gitea API resources and all MCP tools 
- GiteaBranch, GiteaBranchName, GiteaPullRequest: require ROLE_USER
- All 22 MCP tools: require ROLE_USER (ROLE_ADMIN for users/clients listing)

Tickets: T-002, T-007

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-17 15:27:16 +01:00
Matthieu
d6399c20e1 fix : fix MCP create-task tool crashing on task creation 
CreateTaskTool called nonexistent findMaxNumberByProject instead of
findMaxNumberByProjectForUpdate. Also removed FOR UPDATE clause from the
query as PostgreSQL does not support it with aggregate functions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-16 09:26:36 +01:00
matthieu
e4fc34b90f refactor : simplify codebase and fix critical issues 
Backend:
- Add MCP Serializer to centralize entity-to-array conversion (~300 lines deduped)
- Fix race condition in task/ticket number generation (SELECT FOR UPDATE + transaction)
- Add unique constraint on task (project_id, number) with migration
- Fix MIME type validation: use server-detected finfo instead of client-supplied type
- Add allowlist of permitted MIME types for uploads
- Fix TaskDocumentDownloadController: allow ROLE_CLIENT access, add priority:1
- Fix notification sent even when ticket status unchanged
- Remove redundant exception constructors
- Simplify services (BookStackApi double fetch, TokenEncryptor, GiteaApi)
- Consolidate duplicate checks in processors

Frontend:
- Fix useApi isHandlingUnauthorized scope (module-level to prevent double 401 redirect)
- Fix client-tickets toast key copy-paste bug
- Merge duplicated tasks service methods (getByProject + getByProjectArchived)
- Extract shared uploadWithRelation helper in task-documents service
- Extract formatFileSize utility from duplicated component code
- Extract status transition logic into useClientTicketHelpers composable
- Remove dead code (unused router, handleLogout, empty script blocks)
- Merge duplicate watchers and onMounted calls
- Normalize arrow functions to function declarations per convention

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 22:09:16 +01:00
matthieu
3d1a510d82 feat : add 22 MCP tool classes for projects, tasks, and time tracking 
Tools: list-users, list-clients, list/get/create/update-project,
list/get/create/update/delete-task, list-statuses/priorities/efforts/tags,
list/create/update-group, list/create/update/delete-time-entry.

Attribute moved to class level for SDK discovery compatibility.
Install nyholm/psr7 for HTTP transport PSR-17 support.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 19:45:39 +01:00