familienarchiv

marcel/familienarchiv

Fork 0

Commit Graph

Author	SHA1	Message	Date
Marcel	daea748a20	feat(frontend): invite-based registration UI Some checks failed CI / Unit & Component Tests (push) Failing after 2m37s Details CI / OCR Service Tests (push) Successful in 32s Details CI / OCR Service Tests (pull_request) Successful in 30s Details CI / Backend Unit Tests (push) Failing after 2m47s Details CI / Unit & Component Tests (pull_request) Failing after 2m29s Details CI / Backend Unit Tests (pull_request) Failing after 2m46s Details - Add /register route with invite code prefill, password show/hide - Add /login?registered=1 success banner - Add /admin/invites page: list, create, revoke, copy link - Add Einladungen nav section to admin sidebar (ADMIN_USER perm) - Add invite error codes to errors.ts - Add 48 i18n keys across de/en/es - Update hooks.server.ts to allow public access to invite/register API Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-19 01:01:19 +02:00
Marcel	154f859efc	feat(korrespondenz): address PR #164 review – blockers and suggestions Some checks failed CI / Unit & Component Tests (push) Has been cancelled Details CI / Backend Unit Tests (push) Has been cancelled Details CI / E2E Tests (push) Has been cancelled Details CI / Unit & Component Tests (pull_request) Failing after 1m36s Details CI / Backend Unit Tests (pull_request) Failing after 2m36s Details CI / E2E Tests (pull_request) Failing after 1h49m0s Details Blockers (14): - B1: fix senderName/receiverName to use $derived instead of $state + sync $effect - B2: migrate all korrespondenz components from messages-extra shim to paraglide m.* - B3: i18n CorrespondenzEmptyState (heading, subtext, search placeholder) - B4: add response.ok checks to admin layout server load - B5: add response.ok checks to korrespondenz page server load - B6: add page.server.spec.ts with 5 test suites for korrespondenz load function - B7: add axe-core accessibility checks to all e2e korrespondenz tests - B8: add Testcontainers JPQL tests for findSinglePersonCorrespondence (DISTINCT + sender) - B9: hide auth reset-token endpoint from OpenAPI spec; remove from generated api.ts - B11: replace amber hardcoded hex colors in SinglePersonHintBar with brand tokens - B12: replace clipboard emoji with Heroicons SVG in SinglePersonHintBar - B13: create DateInput component (German dd.mm.yyyy); use it in CorrespondenzFilterControls - B14: add Paraglide compile step to CI workflow before lint/test Suggestions (11): - S1: make CorrespondentSuggestionsDropdown a pure display component; lift fetch to PersonBar - S2: fix leftover messages-extra import in ConversationTimeline; use brand tokens for status dots - S3: add intent comment to EntityNav openFlyout behavior - S4: rename canManageGroups → canManagePermissions throughout admin - S6: remove domFlush helper from DateInput spec; use expect.poll instead - S7: replace test.skip with throw new Error in bilateral e2e tests - S8: add inverse aria-disabled test for filter strip - S9: remove sm:min-h-0 from sort button to preserve 44px touch target - S10: add title attributes to tablet trigger buttons in EntityNav - S11: delete messages-extra.ts shim entirely Also: fix admin pages revealing blank strip at bottom (-mb-6 on admin layout) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-30 19:57:48 +02:00
Marcel	8fc360a596	fix(admin): guard GET /api/users/{id} with @RequirePermission(ADMIN_USER) Fixes IDOR: the endpoint was publicly accessible to any authenticated user. Now requires ADMIN_USER permission, matching all other user management endpoints. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-30 01:09:40 +02:00

Author

SHA1

Message

Date

Marcel

daea748a20

feat(frontend): invite-based registration UI

CI / Unit & Component Tests (push) Failing after 2m37s

Details

CI / OCR Service Tests (push) Successful in 32s

Details

CI / OCR Service Tests (pull_request) Successful in 30s

Details

CI / Backend Unit Tests (push) Failing after 2m47s

Details

CI / Unit & Component Tests (pull_request) Failing after 2m29s

Details

CI / Backend Unit Tests (pull_request) Failing after 2m46s

Details

- Add /register route with invite code prefill, password show/hide
- Add /login?registered=1 success banner
- Add /admin/invites page: list, create, revoke, copy link
- Add Einladungen nav section to admin sidebar (ADMIN_USER perm)
- Add invite error codes to errors.ts
- Add 48 i18n keys across de/en/es
- Update hooks.server.ts to allow public access to invite/register API

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-19 01:01:19 +02:00

Marcel

154f859efc

feat(korrespondenz): address PR #164 review – blockers and suggestions

CI / Unit & Component Tests (push) Has been cancelled

Details

CI / Backend Unit Tests (push) Has been cancelled

Details

CI / E2E Tests (push) Has been cancelled

Details

CI / Unit & Component Tests (pull_request) Failing after 1m36s

Details

CI / Backend Unit Tests (pull_request) Failing after 2m36s

Details

CI / E2E Tests (pull_request) Failing after 1h49m0s

Details

Blockers (14):
- B1: fix senderName/receiverName to use $derived instead of $state + sync $effect
- B2: migrate all korrespondenz components from messages-extra shim to paraglide m.*
- B3: i18n CorrespondenzEmptyState (heading, subtext, search placeholder)
- B4: add response.ok checks to admin layout server load
- B5: add response.ok checks to korrespondenz page server load
- B6: add page.server.spec.ts with 5 test suites for korrespondenz load function
- B7: add axe-core accessibility checks to all e2e korrespondenz tests
- B8: add Testcontainers JPQL tests for findSinglePersonCorrespondence (DISTINCT + sender)
- B9: hide auth reset-token endpoint from OpenAPI spec; remove from generated api.ts
- B11: replace amber hardcoded hex colors in SinglePersonHintBar with brand tokens
- B12: replace clipboard emoji with Heroicons SVG in SinglePersonHintBar
- B13: create DateInput component (German dd.mm.yyyy); use it in CorrespondenzFilterControls
- B14: add Paraglide compile step to CI workflow before lint/test

Suggestions (11):
- S1: make CorrespondentSuggestionsDropdown a pure display component; lift fetch to PersonBar
- S2: fix leftover messages-extra import in ConversationTimeline; use brand tokens for status dots
- S3: add intent comment to EntityNav openFlyout behavior
- S4: rename canManageGroups → canManagePermissions throughout admin
- S6: remove domFlush helper from DateInput spec; use expect.poll instead
- S7: replace test.skip with throw new Error in bilateral e2e tests
- S8: add inverse aria-disabled test for filter strip
- S9: remove sm:min-h-0 from sort button to preserve 44px touch target
- S10: add title attributes to tablet trigger buttons in EntityNav
- S11: delete messages-extra.ts shim entirely

Also: fix admin pages revealing blank strip at bottom (-mb-6 on admin layout)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-30 19:57:48 +02:00

Marcel

8fc360a596

fix(admin): guard GET /api/users/{id} with @RequirePermission(ADMIN_USER)

Fixes IDOR: the endpoint was publicly accessible to any authenticated user.
Now requires ADMIN_USER permission, matching all other user management endpoints.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-30 01:09:40 +02:00

3 Commits