mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-01-24 21:48:38 -06:00
92893b188d
This commit addresses multiple incomplete implementations identified in the codebase analysis, focusing on security, functionality, and error handling. Backend Fixes: - Issues module: Implement proper permission filtering for non-admin users - Users can only see issues for projects they have access to - Added permission checks to view_issue and edit_issue routes - Statistics now respect user permissions - Push notifications: Implement proper subscription storage - Created PushSubscription model for browser push notification subscriptions - Updated routes to use new model with proper CRUD operations - Added support for multiple subscriptions per user - Added endpoint to list user subscriptions Integration Improvements: - GitHub: Implement webhook signature verification - Added HMAC SHA-256 signature verification using webhook secret - Uses constant-time comparison to prevent timing attacks - Added webhook_secret field to config schema - QuickBooks: Implement customer and account mapping - Added support for customer mappings (client → QuickBooks customer) - Added support for item mappings (invoice items → QuickBooks items) - Added support for account mappings (expense categories → accounts) - Added default expense account configuration - Improved error handling and logging - Xero: Add customer and account mapping support - Added contact mappings (client → Xero Contact ID) - Added item mappings (invoice items → Xero item codes) - Added account mappings (expense categories → Xero account codes) - Added default expense account configuration - CalDAV: Implement bidirectional sync - Added TimeTracker to Calendar sync direction - Implemented iCalendar event generation from time entries - Added create_or_update_event method to CalDAVClient - Supports bidirectional sync (both directions simultaneously) - Improved error handling for event creation/updates - Trello: Implement bidirectional sync - Added TimeTracker to Trello sync direction - Implemented task to card creation and updates - Automatic board creation for projects if needed - Maps task status to Trello lists - Supports bidirectional sync - Exception handling: Improve error logging in integrations - Replaced silent pass statements with proper error logging - Added debug logging for non-critical failures (user info fetch) - Improved error visibility for debugging - Affected: Google Calendar, Outlook Calendar, Microsoft Teams, Asana, GitLab All changes include proper error handling, logging, and follow existing code patterns. Database migration required for push_subscriptions table.