familienarchiv

Go to file

Marcel 8fc360a596 fix(admin): guard GET /api/users/{id} with @RequirePermission(ADMIN_USER)

Fixes IDOR: the endpoint was publicly accessible to any authenticated user.
Now requires ADMIN_USER permission, matching all other user management endpoints.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-30 01:09:40 +02:00

.devcontainer

fix: correct devcontainer workspace path mismatch

2026-03-15 13:44:06 +01:00

.gitea/workflows

feat(frontend): add forgot-password and reset-password pages

2026-03-23 07:26:35 +01:00

.husky

chore(hooks): remove pre-push E2E hook

2026-03-22 22:15:00 +01:00

.vscode

fix: activate dev Spring profile in VS Code launch config

2026-03-15 14:17:07 +01:00

backend

fix(admin): guard GET /api/users/{id} with @RequirePermission(ADMIN_USER)

2026-03-30 01:09:40 +02:00

docs

docs: add conversations page Narrow Column redesign spec

2026-03-29 18:28:22 +02:00

frontend

fix(admin): guard GET /api/users/{id} with @RequirePermission(ADMIN_USER)

2026-03-30 01:09:40 +02:00

proofshot-artifacts

chore(screenshots): retake proofshots after bg-canvas fix

2026-03-29 19:12:14 +02:00

scripts

devops: add rebuild-frontend.sh script

2026-03-23 22:39:53 +01:00

.gitignore

chore: update ignore file

2026-03-17 13:35:32 +00:00

CLAUDE.md

docs: add CODESTYLE.md with Clean Code, DRY/KISS, and SOLID principles

2026-03-20 11:36:34 +01:00

CODESTYLE.md

docs(codestyle): add Svelte 5 specific rules with examples

2026-03-20 15:58:40 +01:00

COLLABORATING.md

docs(collab): add user journey and E2E scenario requirements

2026-03-22 19:44:18 +01:00

docker-compose.ci.yml

ci: set up CI pipeline with unit, backend, and E2E test jobs

2026-03-19 12:03:37 +01:00

docker-compose.yml

fix(e2e): activate e2e profile in dev mode and create reader user idempotently

2026-03-24 08:25:54 +01:00

Languages

Python 73.2%

TypeScript 11.5%

Java 10.8%

Svelte 4.2%

Shell 0.1%