Marcel 99111273e5 refactor(document): rename getSummaryById to findSummaryByIdInternal to signal scope-check bypass ...

The method intentionally skips permission checks and tag-colour resolution.
Renaming it to findSummaryByIdInternal makes the internal-only contract
visible at every call site, closing the latent CWE-284 risk flagged in
the PR review.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-08 21:13:35 +02:00

..

.mvn/wrapper

build: add mvn properties

2026-03-17 13:33:02 +00:00

api_tests

docs(document): ADR-031 + glossary/c4/api_tests for auto-title sync (#726)

2026-06-04 16:44:56 +02:00

src

refactor(document): rename getSummaryById to findSummaryByIdInternal to signal scope-check bypass

2026-06-08 21:13:35 +02:00

.dockerignore

devops(backend): add .dockerignore to exclude target/ from build context

2026-04-15 11:33:03 +02:00

.gitignore

restructure: flatten workspace nesting, move devcontainer to root

2026-03-15 11:47:58 +01:00

CLAUDE.md

docs(backend): add JourneyItemService and GeschichteQueryService to CLAUDE.md package table

2026-06-08 18:58:20 +02:00

Dockerfile

devops(backend): pin eclipse-temurin tags, skip test compilation, document jar glob

2026-04-15 11:33:03 +02:00

HELP.md

restructure: flatten workspace nesting, move devcontainer to root

2026-03-15 11:47:58 +01:00

lombok.config

refactor(thumbnail): route document access through DocumentService

2026-05-05 07:20:01 +02:00

mvnw

restructure: flatten workspace nesting, move devcontainer to root

2026-03-15 11:47:58 +01:00

mvnw.cmd

build: add mvn properties

2026-03-17 13:33:02 +00:00

pom.xml

feat(journeyitem): add CRUD endpoints for JourneyItems on GeschichteController

2026-06-08 17:02:12 +02:00