* fix: permission check on viewset
* chore: check workspace admin
* chore: initiative is_workspace_admin before if condition
* chore: project member check
* fix: if conditions
* chore: add condition for guests to only edit description and name
* fix: use ROLE enum instead of magic numbers
* chore: remove if condition
* fix: next path url redirection
* fix: enhance URL redirection safety in authentication views
Updated SignInAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, and GoogleCallbackSpaceEndpoint to include checks for allowed hosts and schemes before redirecting. This improves the security of URL redirection by ensuring only valid URLs are used.
* chore: updated uitl to handle double /
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
Co-authored-by: Nikhil <118773738+pablohashescobar@users.noreply.github.com>
* refactor: enhance URL validation and redirection logic in authentication views
* Updated authentication views (SignInAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, GoogleCallbackSpaceEndpoint, and MagicSignInSpaceEndpoint) to include url_has_allowed_host_and_scheme checks for safer redirection.
* Improved URL construction by ensuring proper formatting and fallback to base host when necessary.
* Added get_allowed_hosts function to path_validator.py for better host validation.
* refactor: improve comments and clean up code in path_validator.py
* Updated comments for clarity in the get_safe_redirect_url function.
* Removed unnecessary blank line to enhance
* feat: enhance path validation and URL safety in path_validator.py
* Added get_allowed_hosts function to retrieve allowed hosts from settings.
* Updated get_safe_redirect_url to validate URLs against allowed hosts.
* Improved URL construction logic for safer redirection handling.
* feat: enhance URL validation in authentication views
* Added url_has_allowed_host_and_scheme checks in SignUpAuthSpaceEndpoint and MagicSignInSpaceEndpoint for safer redirection.
* Updated redirect logic to fallback to base host if the constructed URL is not allowed.
* Improved overall URL safety and handling in authentication flows.
* fix: improve host extraction in get_allowed_hosts function
* Updated get_allowed_hosts to extract only the host from ADMIN_BASE_URL and SPACE_BASE_URL settings for better URL validation.
* Enhanced overall safety and clarity in allowed hosts retrieval.
* refactor: streamline URL construction in authentication views
* Updated MagicSignInSpaceEndpoint and MagicSignUpSpaceEndpoint to directly construct redirect URLs using formatted strings instead of the get_safe_redirect_url function.
* Enhanced get_safe_redirect_url to use quote for safer URL encoding of parameters.
* refactor: enhance URL validation and redirection in authentication views
* Added validate_next_path function to improve the safety of redirect URLs in MagicSignInSpaceEndpoint and MagicSignUpSpaceEndpoint.
* Updated URL construction to ensure proper handling of next_path and base_url.
* Streamlined the get_safe_redirect_url function for better parameter encoding.
* refactor: unify URL redirection logic across authentication views
* Introduced validate_next_path function to enhance URL safety in SignInAuthSpaceEndpoint, SignUpAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, and GoogleCallbackSpaceEndpoint.
* Updated URL construction to directly format the redirect URL, improving clarity and consistency across multiple authentication views.
* refactor: remove base_host retrieval from authentication views
* Removed unnecessary base_host retrieval from GitHub, GitLab, and Google callback endpoints.
* Updated MagicSignUpEndpoint to use get_safe_redirect_url for URL construction.
* Refactored MagicSignInSpaceEndpoint to streamline URL redirection logic.
* refactor: streamline URL redirection in MagicSignInSpaceEndpoint
* Removed redundant base_url retrieval from the exception handling in MagicSignInSpaceEndpoint.
* Enhanced the clarity of URL construction by directly using get_safe_redirect_url.
* refactor: replace validate_next_path with get_safe_redirect_url for safer URL redirection across authentication views
* refactor: use get_safe_redirect_url for improved URL redirection in SignInAuthSpaceEndpoint and SignUpAuthSpaceEndpoint
* fix: redirect paths
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* chore: added issue relation and page sort order
* feat: add ProjectWebhook model to manage webhooks associated with projects
* chore: updated the migration file
* chore: added migration
* chore: reverted the page base code
* chore: added a variable for sort order in pages
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* fix: disbale project features on project create
* Implement migration 0105 to alter project cycle view fields to Boolean with default values
* Add project view settings in workspace seed task
* Add is_current_version_deprecated field to Instance model
Index user_id field in Session model
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* dev: handled indexing for the notification fields
* dev: removing indexing related to workspaces
* dev: handled indexing for file asset, user favorite, and page log
* dev: indexing concurrently
* feat: added support for expanding `updated_by` and `type` in work item
* fix: moved type to dictionary for expansion
* fix: refactored unnecessary fields
* Refactor and extend cleanup tasks for logs and versions
- Consolidate API log deletion into cleanup_task.py - Add tasks to
delete old email logs, page versions, and issue description versions -
Update Celery schedule and imports for new tasks
* chore: update cleanup task with mongo changes
* fix: update log deletion task name for clarity
* fix: enhance MongoDB archival error handling in cleanup task
- Added a parameter to check MongoDB availability in the flush_to_mongo_and_delete function.
- Implemented error logging for MongoDB archival failures.
- Updated calls to flush_to_mongo_and_delete to include the new parameter.
* fix: correct parameter name in cleanup task function call
- Updated the parameter name from 'mode' to 'model' in the process_cleanup_task function to ensure consistency and clarity in the code.
* fix: improve MongoDB connection parameter handling in MongoConnection class
- Replaced direct access to settings with getattr for MONGO_DB_URL and MONGO_DB_DATABASE to enhance robustness.
- Added warning logging for missing MongoDB connection parameters.
* add missing fields and methods in endpoints
* add POST method for project members
* make project_id as uuid in url pattern
* remove post method
* fix method reordering
* fix: wrong WI count while scrolling
* chore: optimize issue queryset
* fix: use separate query for total_count_queryset
* fix: guest visibility constraint
* fix: use separate query for total_count_queryset in external api
* fix: use queryset.count()
