mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-05-17 10:29:49 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
c46fb360cb70d56538d3a2e25dfcf1d342c7568d
TimeTracker/tests/test_utils
T
History
Dries Peeters 568933c3b9 fix(auth): scope client portal users to their assigned client 
Client-portal-enabled users (main app login, typically viewer) were not
included in get_allowed_client_ids(), so ProjectService and other callers
saw scope_client_ids=None and listed every project.

- Return [client_id] for is_client_portal_user in User.get_allowed_client_ids
- Derive get_allowed_project_ids from allowed client IDs for all non-admins
- Apply client/project scope and access checks from allowed IDs, not only
  subcontractor is_scope_restricted (fixes user_can_access_* for portal)

Fixes DRYTRIX/TimeTracker#592.

Tests: extend test_scope_filter with client_portal_scoped_user and API
isolation for GET /api/v1/projects.
2026-04-24 16:15:24 +02:00
..
test_api_auth_enhanced.py
test_cache.py
test_integration_sync_context.py
feat(integrations): Linear connector and shared HTTP/sync helpers
2026-04-05 08:39:18 +02:00
test_scope_filter.py
fix(auth): scope client portal users to their assigned client
2026-04-24 16:15:24 +02:00
test_version_compare.py
feat(admin): GitHub-based version update notification for admins
2026-04-15 09:39:32 +02:00
test_webhook_service.py