shahondin1624/Mitgliederverwaltung
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 16 Wiki Activity
134 Commits 5 Branches 16 Tags
main
Commit Graph

134 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
shahondin1624 3fb75e3344 feat: add AuthorizationMiddleware for endpoint permission checks (Closes #166) (#179) 2026-04-10 16:18:35 +02:00
shahondin1624 7d3be60adb fix: throw exception instead of returning plaintext when encryption fails (Closes #165) (#178) 2026-04-10 16:15:31 +02:00
shahondin1624 53268f21d2 fix: read DSGVO export password from POST body only (Closes #164) (#177) 2026-04-10 16:14:32 +02:00
shahondin1624 0678fb12d9 fix: wire InputSanitizer into ApiControllerTrait.getRequestData() (Closes #163) (#176) 2026-04-10 16:13:09 +02:00
shahondin1624 c5704c3e74 security: comprehensive security audit with 13 findings 
Document findings from full codebase security review covering:
- 3 high-severity: unused InputSanitizer, password in query param, silent
  encryption fallback to plaintext
- 5 medium-severity: missing authorization enforcement, rate limit bypass,
  ZIP path traversal, temp file permissions, sync API bypass
- 5 low-severity: CSRF scope, error message leaks, missing CSP headers,
  CSV injection potential, date formatting

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-10 12:45:51 +02:00
shahondin1624 895f3d5960 refactor: extract ApiControllerTrait to DRY controller boilerplate 
- Create ApiControllerTrait with shared getRequestData() and handleAction()
- handleAction() maps exceptions to HTTP responses: ValidationException->400,
  DuplicateMemberException->409, DoesNotExistException->404, Exception->500
- Remove 10 identical private getRequestData() methods across controllers
- Refactor StufeController, FamilyController, InjuryController, FeeController,
  PermissionController, MilestoneController to use handleAction() wrapper
- Add trait to FileController, QueryController, LagerController,
  MemberController, ImportController (getRequestData consolidation)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-10 12:43:06 +02:00
shahondin1624 78174e6ad8 test: comprehensive test suite achieving 90.49% line coverage 
Add 1343 PHPUnit tests covering all services, controllers, entities,
mappers, middleware, background jobs, and validators. Key changes:

- Install PHPUnit 10, Nextcloud OCP stubs, doctrine/dbal, sabre/vobject
  as dev dependencies
- Add test bootstrap with OC\Hooks\Emitter stub
- Add TestInputStream stream wrapper for controller request body testing
- Fix ImportService to handle empty file input gracefully
- Fix existing test compatibility with PHPUnit 10 (withConsecutive removal)
- Exclude migration files from coverage (DB schema, not business logic)
- Coverage: 90.49% lines, 84.81% methods across 77 classes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-10 12:36:52 +02:00
shahondin1624 c35fa7b13e feat: inline error correction for imports, dark-mode warning boxes, German date formatting 
- Add inline editing UI for import validation errors: click error rows to
  expand and fix missing fields, then re-validate with "Erneut pruefen"
- Backend accepts corrections map in preview and execute endpoints
- Fix warning/error box contrast for dark theme (hardcoded dark backgrounds)
- Format all raw ISO dates with toLocaleDateString('de-DE') in MemberList,
  FeeOverview, and QueryBuilder views
- Fix Application.php crash: registerTimedJob() unavailable in NC28,
  moved background jobs to info.xml
- Bump version to 0.1.5

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 22:22:36 +02:00
shahondin1624 c37b2a970c docs: add cache-busting escalation path to CLAUDE.md 
Document the full escalation when changes don't show up: hard-refresh,
restart container, version bump (3 places), and full rebuild as nuclear
option.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 21:53:26 +02:00
shahondin1624 41bab34d04 fix: improve warning box contrast and add XLSX converter script 
Warning summary boxes in the import wizard had white text on a
light warning background, making them unreadable. Switch to a
light-yellow background with dark text instead.

Also adds convert_xlsx.py for converting the LvS member Excel
spreadsheet into CSV files for ZIP bundle import, and documents
the mandatory version bump rule in CLAUDE.md.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 21:52:42 +02:00
shahondin1624 bfda98e678 chore: sync uncommitted changes from previous sessions 
Version bump to 0.1.0, updated app icons, migration fixes, various
Vue component improvements, CLAUDE.md project instructions, gitignore
for test artifacts, and webpack/main.js configuration updates.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-09 20:54:41 +02:00
shahondin1624 bcb7bd7056 feat: content-based matching for cross-instance migration (Closes #153) (#159) 2026-04-09 20:43:58 +02:00
shahondin1624 454a7c23e1 feat: per-field conflict resolution UI for duplicate records (Closes #152) (#158) 2026-04-09 20:40:05 +02:00
shahondin1624 32a79d42d7 feat: ZIP bundle import with dependency-aware auto-ordering (Closes #151) (#157) 2026-04-09 20:35:25 +02:00
shahondin1624 ce76c22c20 feat: per-entity CSV import with German header auto-mapping (Closes #150) (#156) 2026-04-09 20:30:44 +02:00
shahondin1624 27cb708a5f feat: add full ZIP bundle export with sensitive data toggle (Closes #149) (#155) 2026-04-09 20:23:52 +02:00
shahondin1624 aee5040720 feat: per-entity CSV export for all data types (#148) (#154) 
feat: add per-entity CSV export for all data types (Closes #148) (#154)
 2026-04-09 20:18:22 +02:00
shahondin1624 821de4d8d0 feat: add Lagerhistorie and Verletzungsprotokoll reports (Closes #129) (#146) 2026-04-09 15:58:31 +02:00
shahondin1624 944c2c4da6 feat: seed default Stufen on fresh install (Closes #128) (#145) 2026-04-09 15:55:45 +02:00
shahondin1624 b99f84bca7 fix: various UX polish improvements (Closes #136) (#144) 2026-04-09 15:54:06 +02:00
shahondin1624 910a1794b9 fix: define appName/appVersion globals via webpack (Closes #130, #131) (#143) 2026-04-09 15:51:42 +02:00
shahondin1624 6a5e5de04e feat: add missing pages to sidebar navigation (Closes #135) (#142) 2026-04-09 15:49:33 +02:00
shahondin1624 9679348756 fix: resolve Stufe names in member list table (Closes #134) (#141) 2026-04-09 15:47:41 +02:00
shahondin1624 d59c6d9b99 fix: use Vue 3 model-value for inline member search (Closes #133) (#140) 2026-04-09 15:46:11 +02:00
shahondin1624 6b4332d21c fix: resolve member names in fee table (Closes #127) (#139) 2026-04-09 15:44:54 +02:00
shahondin1624 df4223dd40 fix: use Vue 3 modelValue bindings in MemberForm (Closes #125) (#138) 2026-04-09 15:43:19 +02:00
shahondin1624 b93b8a73d2 fix: wire AuditService into all CRUD operations (Closes #126) (#137) 2026-04-09 15:40:37 +02:00
shahondin1624 a714efb298 Add README 2026-04-07 21:48:26 +02:00
shahondin1624 7b582639e1 Commit possible fixes for build 2026-04-07 21:46:41 +02:00
shahondin1624 d36c1a59ca fix: use :to prop for sidebar navigation instead of @click handlers (Closes #124) 2026-04-07 21:43:47 +02:00
shahondin1624 79b8253fc6 feat: add app icon for Nextcloud navigation bar (Closes #115) 2026-04-07 17:15:26 +02:00
shahondin1624 306991da26 fix: improve button styling and prevent text overflow (Closes #116) 2026-04-07 17:13:50 +02:00
shahondin1624 f7243ff0b1 fix: replace ASCII Umlaut substitutes with proper German characters (Closes #117) 2026-04-07 17:10:40 +02:00
shahondin1624 f5e7441bfb fix: make sidebar navigation clickable (Closes #118) 2026-04-07 16:58:37 +02:00
shahondin1624 c4712b12bc feat: Import wizard with CSV parsing and duplicate detection (Closes #58) 2026-04-07 16:27:39 +02:00
shahondin1624 bbbc5fab0c feat: Visual query builder with AST-to-SQL engine (Closes #53) 2026-04-07 16:22:15 +02:00
shahondin1624 af2eaeffd7 feat: FileLinkService + FileExplorer component (Closes #52) 2026-04-07 16:16:25 +02:00
shahondin1624 f27860ec3b feat: add ContactsSyncService with VCard sync to address book (Closes #51) (#111) 2026-04-07 16:06:43 +02:00
shahondin1624 792fe62d3e feat: add CalendarSyncService with queue-based birthday sync (Closes #50) (#110) 2026-04-07 16:00:43 +02:00
shahondin1624 81c78974d9 test: add integration test suite for API endpoints (Closes #65) (#109) 2026-04-07 15:57:42 +02:00
shahondin1624 524c8690ca feat: add security hardening with rate limiting and pentest prep (Closes #64) (#108) 2026-04-07 15:54:14 +02:00
shahondin1624 ac74152a45 test: add comprehensive data validation tests (Closes #66) (#107) 2026-04-07 15:36:11 +02:00
shahondin1624 b3bc498091 feat: add injury tracking backend and frontend (Closes #57) (#106) 2026-04-07 15:33:23 +02:00
shahondin1624 25ab72dc69 feat: add DB migration for injuries tracking tables (Closes #56) (#105) 2026-04-07 15:28:06 +02:00
shahondin1624 1905e03c33 feat: add membership milestone detection (Jubilaeen) (Closes #59) 2026-04-07 15:21:18 +02:00
shahondin1624 4e1c88b036 feat: add Stufe change suggestions based on age ranges (Closes #63) 2026-04-07 15:18:18 +02:00
shahondin1624 5f337f7256 feat: add Lager (camp) system with DB, backend, and frontend (Closes #54, Closes #55) 2026-04-07 15:15:53 +02:00
shahondin1624 407bf04789 feat: add DSGVO data export and irreversible hard-delete (Closes #62) 2026-04-07 15:10:39 +02:00
shahondin1624 bc404609c3 feat: add soft deletion logic with sensitive data purge and archive (Closes #61) 2026-04-07 15:07:03 +02:00
shahondin1624 1861261a2f feat: add Reports UI with type selection, preview, and download (Closes #49) 2026-04-07 15:02:20 +02:00