9edbe142b6
Fixes task metrics queries that could show private projectless tasks in another user's Today/dashboard lists. The issue happened because dashboard-specific Op.or filters could overwrite the task visibility Op.or condition when query objects were combined with object spread. This addresses issue #1063 where tasks created from Inbox, Telegram, or directly in the web app could appear for other users when they were not assigned to a shared project. Changes: - Combined task visibility filters with dashboard filters using Op.and - Prevented metrics Op.or conditions from overwriting permission filters - Preserved access for owned, directly shared, and shared-project tasks - Added regression tests for tasks_in_progress and suggested_tasks leaks Fixes #1063 |
||
|---|---|---|
| .. | ||
| helpers | ||
| integration | ||
| mocks | ||
| unit | ||