Client-portal-enabled users (main app login, typically viewer) were not
included in get_allowed_client_ids(), so ProjectService and other callers
saw scope_client_ids=None and listed every project.
- Return [client_id] for is_client_portal_user in User.get_allowed_client_ids
- Derive get_allowed_project_ids from allowed client IDs for all non-admins
- Apply client/project scope and access checks from allowed IDs, not only
subcontractor is_scope_restricted (fixes user_can_access_* for portal)
FixesDRYTRIX/TimeTracker#592.
Tests: extend test_scope_filter with client_portal_scoped_user and API
isolation for GET /api/v1/projects.
Smart notifications (opt-in under user settings): NotificationService builds candidates from the user's local day and active timers; GET /api/notifications and POST /api/notifications/dismiss; migration 150 adds user columns and user_smart_notification_dismissals. /api/summary/today uses the same local-day totals. Client polls from smart-notifications.js; toastManager.show gains onDismiss for server dismiss sync. Config and env.example document SMART_NOTIFY_* variables.
Value dashboard: StatsService with Redis-backed caching, GET /api/stats/value-dashboard, dashboard template and dashboard-enhancements polling alongside existing widgets.
API v1 token search now uses apply_project_scope and apply_client_scope on queries; scope_filter adds apply_project_scope; tests extended for the new helper.
Add VersionService to fetch and cache the latest GitHub release, compare it to the installed semver (APP_VERSION when valid, else setup.py), and expose admin-only GET /api/version/check and POST /api/version/dismiss on the legacy /api blueprint (session or Bearer token).
Persist per-user dismissal in users.dismissed_release_version (Alembic 148) and show a non-blocking update card in base.html for administrators. Add packaging for semver parsing and tests for comparison, service, and routes.
Document configuration in docs/admin/deployment/VERSION_MANAGEMENT.md and endpoints in docs/api/REST_API.md and docs/API.md.
- Add Linear import (GraphQL, personal API key, optional team key filter).
- Centralize integration HTTP via integration_session and session_request.
- Add integration_sync_context for project/task refs and custom_fields metadata.
- Refactor Asana, GitHub, GitLab, Jira, Trello, ActivityWatch, and QuickBooks to use helpers.
- Extend integration UI, settings, and scheduled sync behavior as needed.
Major refactoring to improve code organization and maintainability:
- Refactor API routes (api_v1.py) to delegate business logic to service layer
- Add new QuoteService for quote management operations
- Enhance existing services: ExpenseService, InvoiceService, PaymentService, ProjectService, TimeTrackingService
- Improve caching utilities with enhanced cache management
- Enhance API authentication utilities
- Add comprehensive test suite covering routes, services, and utilities
- Update routes to use service layer pattern (kiosk, main, projects, quotes, timer, time_entry_templates)
- Update time entry template model with additional functionality
- Update Docker configuration and startup scripts
- Update dependencies and setup configuration
This refactoring improves separation of concerns, testability, and code maintainability while preserving existing functionality.
- Normalize line endings from CRLF to LF across all files to match .editorconfig
- Standardize quote style from single quotes to double quotes
- Normalize whitespace and formatting throughout codebase
- Apply consistent code style across 372 files including:
* Application code (models, routes, services, utils)
* Test files
* Configuration files
* CI/CD workflows
This ensures consistency with the project's .editorconfig settings and
improves code maintainability.
Implement comprehensive webhook system supporting 40+ event types with automatic retries, HMAC signatures, delivery tracking, REST API, and admin UI. Integrates with Activity logging for automatic event triggering.
- Database: Add webhooks and webhook_deliveries tables (migration 046)
- API: Full CRUD endpoints with read:webhooks/write:webhooks scopes
- UI: Admin interface for webhook management and testing
- Service: Automatic retry with exponential backoff every 5 minutes
- Security: HMAC-SHA256 signature verification
- Tests: Model and service tests included
- Docs: Complete integration guide with examples
Dries Peeters