* feat: set default owner for cycle creation if not provided
* Updated CycleListCreateAPIEndpoint to assign the current user as the owner when the 'owned_by' field is not included in the request data.
* Enhanced the CycleCreateSerializer initialization to ensure proper ownership assignment during cycle creation.
* feat: add comprehensive tests for Cycle API endpoints
* Introduced a new test suite for Cycle API endpoints, covering creation, retrieval, updating, and deletion of cycles.
* Implemented tests for various scenarios including successful operations, invalid data handling, and conflict resolution with external IDs.
* Enhanced test coverage for listing cycles with different view filters and verifying cycle metrics annotations.
* feat: enhance CycleCreateSerializer to include ownership assignment
* Added 'owned_by' field to CycleCreateSerializer to specify the user who owns the cycle.
* Updated CycleListCreateAPIEndpoint to remove redundant ownership assignment logic, relying on the serializer to handle default ownership.
* Ensured that if 'owned_by' is not provided, it defaults to the current user during cycle creation.
* fix: correct assertion syntax in CycleListCreateAPIEndpoint tests
* Updated the assertion in the test for successful cycle creation to use the correct syntax for checking the response status code.
* Ensured that the test accurately verifies the expected behavior of the API endpoint.
* refactor: enhance ComplexFilterBackend and BaseFilterSet for Q object filtering
- Introduced BaseFilterSet to support Q object construction for complex filtering.
- Updated ComplexFilterBackend to utilize Q objects for building querysets.
- Improved error handling and validation in filter methods.
- Refactored filter evaluation logic to streamline query construction.
* fix: improve filter processing in BaseFilterSet to handle empty cleaned_data and optimize filter evaluation
- Added handling for cases where cleaned_data is None or empty, returning an empty Q object.
- Optimized filter evaluation by only processing filters that are provided in the request data.
* update ComplexFilterBackend to pass queryset in filter evaluation
* chore: update psycopg dependencies to version 3.2.9 in base requirements
* refactor: clean up unused imports across multiple files
* chore: update lxml dependency to version 6.0.0 in base requirements
* style: improve code readability by breaking long lines into multiple lines across several files
* style: enhance readability by breaking long lines in ModuleSerializer docstring
* fix: permission check on viewset
* chore: check workspace admin
* chore: initiative is_workspace_admin before if condition
* chore: project member check
* fix: if conditions
* chore: add condition for guests to only edit description and name
* fix: use ROLE enum instead of magic numbers
* chore: remove if condition
* fix: next path url redirection
* fix: enhance URL redirection safety in authentication views
Updated SignInAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, and GoogleCallbackSpaceEndpoint to include checks for allowed hosts and schemes before redirecting. This improves the security of URL redirection by ensuring only valid URLs are used.
* chore: updated uitl to handle double /
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
Co-authored-by: Nikhil <118773738+pablohashescobar@users.noreply.github.com>
* refactor: enhance URL validation and redirection logic in authentication views
* Updated authentication views (SignInAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, GoogleCallbackSpaceEndpoint, and MagicSignInSpaceEndpoint) to include url_has_allowed_host_and_scheme checks for safer redirection.
* Improved URL construction by ensuring proper formatting and fallback to base host when necessary.
* Added get_allowed_hosts function to path_validator.py for better host validation.
* refactor: improve comments and clean up code in path_validator.py
* Updated comments for clarity in the get_safe_redirect_url function.
* Removed unnecessary blank line to enhance
* feat: enhance path validation and URL safety in path_validator.py
* Added get_allowed_hosts function to retrieve allowed hosts from settings.
* Updated get_safe_redirect_url to validate URLs against allowed hosts.
* Improved URL construction logic for safer redirection handling.
* feat: enhance URL validation in authentication views
* Added url_has_allowed_host_and_scheme checks in SignUpAuthSpaceEndpoint and MagicSignInSpaceEndpoint for safer redirection.
* Updated redirect logic to fallback to base host if the constructed URL is not allowed.
* Improved overall URL safety and handling in authentication flows.
* fix: improve host extraction in get_allowed_hosts function
* Updated get_allowed_hosts to extract only the host from ADMIN_BASE_URL and SPACE_BASE_URL settings for better URL validation.
* Enhanced overall safety and clarity in allowed hosts retrieval.
* refactor: streamline URL construction in authentication views
* Updated MagicSignInSpaceEndpoint and MagicSignUpSpaceEndpoint to directly construct redirect URLs using formatted strings instead of the get_safe_redirect_url function.
* Enhanced get_safe_redirect_url to use quote for safer URL encoding of parameters.
* refactor: enhance URL validation and redirection in authentication views
* Added validate_next_path function to improve the safety of redirect URLs in MagicSignInSpaceEndpoint and MagicSignUpSpaceEndpoint.
* Updated URL construction to ensure proper handling of next_path and base_url.
* Streamlined the get_safe_redirect_url function for better parameter encoding.
* refactor: unify URL redirection logic across authentication views
* Introduced validate_next_path function to enhance URL safety in SignInAuthSpaceEndpoint, SignUpAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, and GoogleCallbackSpaceEndpoint.
* Updated URL construction to directly format the redirect URL, improving clarity and consistency across multiple authentication views.
* refactor: remove base_host retrieval from authentication views
* Removed unnecessary base_host retrieval from GitHub, GitLab, and Google callback endpoints.
* Updated MagicSignUpEndpoint to use get_safe_redirect_url for URL construction.
* Refactored MagicSignInSpaceEndpoint to streamline URL redirection logic.
* refactor: streamline URL redirection in MagicSignInSpaceEndpoint
* Removed redundant base_url retrieval from the exception handling in MagicSignInSpaceEndpoint.
* Enhanced the clarity of URL construction by directly using get_safe_redirect_url.
* refactor: replace validate_next_path with get_safe_redirect_url for safer URL redirection across authentication views
* refactor: use get_safe_redirect_url for improved URL redirection in SignInAuthSpaceEndpoint and SignUpAuthSpaceEndpoint
* fix: redirect paths
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* chore: added issue relation and page sort order
* feat: add ProjectWebhook model to manage webhooks associated with projects
* chore: updated the migration file
* chore: added migration
* chore: reverted the page base code
* chore: added a variable for sort order in pages
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* fix: disbale project features on project create
* Implement migration 0105 to alter project cycle view fields to Boolean with default values
* Add project view settings in workspace seed task
* Add is_current_version_deprecated field to Instance model
Index user_id field in Session model
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* dev: handled indexing for the notification fields
* dev: removing indexing related to workspaces
* dev: handled indexing for file asset, user favorite, and page log
* dev: indexing concurrently
* feat: added support for expanding `updated_by` and `type` in work item
* fix: moved type to dictionary for expansion
* fix: refactored unnecessary fields
