marketing-shibata50/tududi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tududi/backend
History
Ali 9edbe142b6
fix(tasks): prevent projectless task visibility leaks (#1066) 
Fixes task metrics queries that could show private projectless tasks in another user's Today/dashboard lists. The issue happened because dashboard-specific Op.or filters could overwrite the task visibility Op.or condition when query objects were combined with object spread.

This addresses issue #1063 where tasks created from Inbox, Telegram, or directly in the web app could appear for other users when they were not assigned to a shared project.

Changes:
- Combined task visibility filters with dashboard filters using Op.and
- Prevented metrics Op.or conditions from overwriting permission filters
- Preserved access for owned, directly shared, and shared-project tasks
- Added regression tests for tasks_in_progress and suggested_tasks leaks

Fixes #1063
2026-04-25 19:18:52 +03:00
..
cmd Fix isEmail validation failure on valid emails during Docker setup (#835) 2026-02-11 15:42:11 +02:00
config fix: restore password migration COALESCE and add trust proxy diagnostics (#1057) 2026-04-23 01:03:19 +03:00
docs/swagger Update swagger (#906) 2026-03-04 18:47:48 +02:00
middleware fix: add CSRF token support to frontend requests (#1025) 2026-04-14 15:06:56 +03:00
migrations fix(migration): resolve v1.0.0 password column migration causing login failures (#1059) 2026-04-23 17:53:55 +03:00
models fix: wire CalendarToken model into models/index.js to prevent MCP crashes (#1069) 2026-04-25 01:44:56 +03:00
modules fix(tasks): prevent projectless task visibility leaks (#1066) 2026-04-25 19:18:52 +03:00
scripts fix: restore password migration COALESCE and add trust proxy diagnostics (#1057) 2026-04-23 01:03:19 +03:00
seeders Fix bug 366 (#764) 2026-01-07 18:18:07 +02:00
services Fix bug 366 (#764) 2026-01-07 18:18:07 +02:00
shared fix: restore password migration COALESCE and add trust proxy diagnostics (#1057) 2026-04-23 01:03:19 +03:00
tests fix(tasks): prevent projectless task visibility leaks (#1066) 2026-04-25 19:18:52 +03:00
utils feat(caldav): Add CalDAV Synchronization Support (Issue #978) (#1030) 2026-04-17 17:40:39 +03:00
.env.example fix: use CALDAV_ENABLED for calendar feature flag (#1070) 2026-04-25 18:21:53 +03:00
.env.test fix: use CALDAV_ENABLED for calendar feature flag (#1070) 2026-04-25 18:21:53 +03:00
.prettierignore Add 'dist' paths to git & prettier ignore. 2025-07-22 11:45:14 +03:00
.prettierrc.json Linting cleanup (#99) 2025-07-01 11:40:09 +03:00
.sequelizerc Express migration (#80) 2025-06-16 21:50:44 +03:00
app.js fix(migration): resolve v1.0.0 password column migration causing login failures (#1059) 2026-04-23 17:53:55 +03:00
database.sqlite Fix bug 619 (#629) 2025-12-02 18:00:36 +02:00
eslint.config.js Sorting fixes (#174) 2025-07-17 17:43:56 +03:00
jest.config.js Fix E2E test breakage (#380) 2025-10-05 16:04:46 +03:00