MALIO-DEV/Lesstime
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 32 Wiki Activity
630 Commits 5 Branches 79 Tags
v0.4.29
Commit Graph

189 Commits

Author SHA1 Message Date
Matthieu e0dfcbdbf8 fix(security) : add role checks on Gitea API resources and all MCP tools 
- GiteaBranch, GiteaBranchName, GiteaPullRequest: require ROLE_USER
- All 22 MCP tools: require ROLE_USER (ROLE_ADMIN for users/clients listing)

Tickets: T-002, T-007

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-17 15:27:16 +01:00
Matthieu 1c6f473dff feat(mcp) : add clientTicket relation to time entries 
Add ManyToOne relation from TimeEntry to ClientTicket entity.
MCP tools create-time-entry, update-time-entry, and list-time-entries
now support clientTicketId parameter for linking tickets to time entries.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 14:28:31 +01:00
Matthieu d6399c20e1 fix : fix MCP create-task tool crashing on task creation 
CreateTaskTool called nonexistent findMaxNumberByProject instead of
findMaxNumberByProjectForUpdate. Also removed FOR UPDATE clause from the
query as PostgreSQL does not support it with aggregate functions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-16 09:26:36 +01:00
matthieu e4fc34b90f refactor : simplify codebase and fix critical issues 
Backend:
- Add MCP Serializer to centralize entity-to-array conversion (~300 lines deduped)
- Fix race condition in task/ticket number generation (SELECT FOR UPDATE + transaction)
- Add unique constraint on task (project_id, number) with migration
- Fix MIME type validation: use server-detected finfo instead of client-supplied type
- Add allowlist of permitted MIME types for uploads
- Fix TaskDocumentDownloadController: allow ROLE_CLIENT access, add priority:1
- Fix notification sent even when ticket status unchanged
- Remove redundant exception constructors
- Simplify services (BookStackApi double fetch, TokenEncryptor, GiteaApi)
- Consolidate duplicate checks in processors

Frontend:
- Fix useApi isHandlingUnauthorized scope (module-level to prevent double 401 redirect)
- Fix client-tickets toast key copy-paste bug
- Merge duplicated tasks service methods (getByProject + getByProjectArchived)
- Extract shared uploadWithRelation helper in task-documents service
- Extract formatFileSize utility from duplicated component code
- Extract status transition logic into useClientTicketHelpers composable
- Remove dead code (unused router, handleLogout, empty script blocks)
- Merge duplicate watchers and onMounted calls
- Normalize arrow functions to function declarations per convention

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 22:09:16 +01:00
matthieu a5144443a4 fix(avatar) : address review findings — security and UX fixes 
- Use getMimeType() instead of getClientMimeType() to prevent MIME spoofing
- Change IsGranted to IS_AUTHENTICATED_FULLY so ROLE_CLIENT can access avatars
- Remove Groups from avatarFileName (only avatarUrl needed by frontend)
- Disable aggressive caching to prevent stale avatar images
- Add error handling to avatar upload in profile page
- Use i18n for "Mon profil" button text

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 22:02:27 +01:00
matthieu 4d0aa65920 feat(avatar) : add avatar upload/serve/delete controller 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 21:54:23 +01:00
matthieu 63315c0a15 feat(avatar) : add avatarFileName field to User entity 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 21:53:43 +01:00
matthieu cd8cea45c1 fix(security) : allow ROLE_CLIENT to read projects 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 21:39:41 +01:00
matthieu 1f31a3a33f fix(portal) : embed project id/name in /me response for client users 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 21:37:18 +01:00
matthieu 2a874046d3 feat : allow client to edit own tickets and protect status fields 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 20:35:11 +01:00
matthieu 046ee396d3 feat(fixtures) : add users alice/bob/charlie and distribute task assignees 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 20:25:14 +01:00
matthieu 0ba487cfa9 feat(fixtures) : add client users, client tickets, and ticket-task link 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 20:20:27 +01:00
matthieu 6c910e7fcc fix : use native SQL for JSON roles query in PostgreSQL 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 20:11:54 +01:00
matthieu 6d7e6f5f48 fix : allow admin users to create client tickets on any project 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 20:07:19 +01:00
matthieu 2c28a4ad1d fix(notification) : add route priority to prevent API Platform conflict 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 19:59:47 +01:00
matthieu 59b11f1225 feat(notification) : hook NotificationService into ticket processors 2026-03-15 19:47:06 +01:00
matthieu 4094048aba feat(notification) : add NotificationService and UserRepository::findByRole 2026-03-15 19:46:37 +01:00
matthieu ce2eaa03e1 feat(notification) : add unread-count and mark-all-read custom controllers 2026-03-15 19:46:10 +01:00
matthieu d932359024 feat(notification) : add NotificationProvider filtered by current user 2026-03-15 19:45:58 +01:00
matthieu 669c36cea1 feat(notification) : add Notification entity, repository, and migration 2026-03-15 19:45:47 +01:00
matthieu 3d1a510d82 feat : add 22 MCP tool classes for projects, tasks, and time tracking 
Tools: list-users, list-clients, list/get/create/update-project,
list/get/create/update/delete-task, list-statuses/priorities/efforts/tags,
list/create/update-group, list/create/update/delete-time-entry.

Attribute moved to class level for SDK discovery compatibility.
Install nyholm/psr7 for HTTP transport PSR-17 support.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 19:45:39 +01:00
matthieu e16fd2053e feat : MCP server infrastructure setup 
Install symfony/mcp-bundle, add STDIO + HTTP transport config,
API token auth on User entity with custom authenticator and firewall,
generate-api-token console command, Nginx /_mcp location, fixture token.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 19:33:52 +01:00
matthieu 851953df1e feat : generalize TaskDocumentProcessor for client tickets 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:28:04 +01:00
matthieu b6cfe9d7d4 feat : add ClientTicketProvider with filtering 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:27:24 +01:00
matthieu f33f2f95ec feat : add ClientTicketStatusProcessor 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:27:10 +01:00
matthieu f27297517c feat : add ClientTicketNumberProcessor 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:27:00 +01:00
matthieu d2e27a04ce feat : add ClientTicketRepository 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:25:45 +01:00
matthieu 926d6d54c5 feat : generalize TaskDocument for client tickets 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:25:02 +01:00
matthieu a538bb3601 feat : add clientTicket relation to Task entity 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:23:50 +01:00
matthieu 97dcff8542 feat : add ClientTicket entity 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:23:36 +01:00
matthieu 87ab281099 feat : extend User entity with client and allowedProjects 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:23:10 +01:00
matthieu 63febbea45 fix(security) : add ROLE_USER security on all read endpoints 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:21:19 +01:00
matthieu edc441f363 fix(security) : exclude ROLE_USER for ROLE_CLIENT users 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 19:20:46 +01:00
matthieu 4c19b68156 fix(gitea) : propagate API errors instead of silently returning empty results 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 18:58:55 +01:00
matthieu 06771c17e0 fix(bookstack) : add uriVariables to BookStackLink and BookStackSearchResult 
API Platform 4 requires explicit uriVariables declaration for
URI template parameters on DTO resources.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 18:27:57 +01:00
matthieu 9e638c32b8 feat(bookstack) : add BookStackSearchResult API resource for shelf-scoped search 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 18:10:47 +01:00
matthieu bc331982d5 feat(bookstack) : add BookStackLink API resource with CRUD operations 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 18:10:24 +01:00
matthieu 1e311242a9 feat(bookstack) : add BookStackShelf API resource for listing shelves 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 18:09:51 +01:00
matthieu 97c6ef6a52 feat(bookstack) : add BookStackTestConnection API resource 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 18:09:36 +01:00
matthieu 28fbc73248 feat(bookstack) : add BookStackSettings API resource with provider and processor 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 18:09:20 +01:00
matthieu df00b27a64 feat(bookstack) : add BookStackApiService 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 18:08:51 +01:00
matthieu ee38f99022 feat(bookstack) : add BookStackApiException 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-15 18:08:15 +01:00
matthieu 06832c24e1 feat : add document upload processor, download controller and cleanup listener 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 18:05:58 +01:00
matthieu 8fbafc1f8a feat(bookstack) : add bookstackShelfId and bookstackShelfName to Project 2026-03-15 18:05:13 +01:00
matthieu 585cc3368f feat(bookstack) : add TaskBookStackLink entity and repository 2026-03-15 18:05:09 +01:00
matthieu 043826075d feat(bookstack) : add BookStackConfiguration entity and repository 2026-03-15 18:05:07 +01:00
matthieu 8ec98a593a feat : add task_document migration 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 18:04:14 +01:00
matthieu 3dd2d39222 refactor : rename GITEA_ENCRYPTION_KEY to ENCRYPTION_KEY 
Generic encryption key name for shared use across Gitea and BookStack
token encryption.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 18:03:52 +01:00
matthieu cfaa6c42ec feat : add TaskDocument entity with Task relation 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-15 18:03:20 +01:00
matthieu 445f51b473 fix(gitea) : fetch only branch-specific commits using compare API 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-15 08:16:55 +01:00