This commit addresses multiple incomplete implementations identified in the
codebase analysis, focusing on security, functionality, and error handling.
Backend Fixes:
- Issues module: Implement proper permission filtering for non-admin users
- Users can only see issues for projects they have access to
- Added permission checks to view_issue and edit_issue routes
- Statistics now respect user permissions
- Push notifications: Implement proper subscription storage
- Created PushSubscription model for browser push notification subscriptions
- Updated routes to use new model with proper CRUD operations
- Added support for multiple subscriptions per user
- Added endpoint to list user subscriptions
Integration Improvements:
- GitHub: Implement webhook signature verification
- Added HMAC SHA-256 signature verification using webhook secret
- Uses constant-time comparison to prevent timing attacks
- Added webhook_secret field to config schema
- QuickBooks: Implement customer and account mapping
- Added support for customer mappings (client → QuickBooks customer)
- Added support for item mappings (invoice items → QuickBooks items)
- Added support for account mappings (expense categories → accounts)
- Added default expense account configuration
- Improved error handling and logging
- Xero: Add customer and account mapping support
- Added contact mappings (client → Xero Contact ID)
- Added item mappings (invoice items → Xero item codes)
- Added account mappings (expense categories → Xero account codes)
- Added default expense account configuration
- CalDAV: Implement bidirectional sync
- Added TimeTracker to Calendar sync direction
- Implemented iCalendar event generation from time entries
- Added create_or_update_event method to CalDAVClient
- Supports bidirectional sync (both directions simultaneously)
- Improved error handling for event creation/updates
- Trello: Implement bidirectional sync
- Added TimeTracker to Trello sync direction
- Implemented task to card creation and updates
- Automatic board creation for projects if needed
- Maps task status to Trello lists
- Supports bidirectional sync
- Exception handling: Improve error logging in integrations
- Replaced silent pass statements with proper error logging
- Added debug logging for non-critical failures (user info fetch)
- Improved error visibility for debugging
- Affected: Google Calendar, Outlook Calendar, Microsoft Teams, Asana, GitLab
All changes include proper error handling, logging, and follow existing code
patterns. Database migration required for push_subscriptions table.
Dries Peeters