agnes-the-ai-analyst

History

ZdenekSrotyr 0c963b55ef fix(rbac+auth): system-group PATCH accepts description; Google sync preserves memberships on empty Two Devin-flagged regressions on the squashed PR #106 head: 1) PATCH /api/admin/groups/{id} blanket-rejected on system groups. The repository guard at src/repositories/user_groups.py was already narrowed to "rename only" by `7147bac` (PR #110 follow-up), but the endpoint at app/api/access.py:331-343 still short-circuited with 409 "System groups are immutable" for any mutation. A description-only payload like {"description": "..."} returned 409 instead of 200 even though the repo would have accepted it. CHANGELOG entry promised the fix but the code didn't match. Endpoint now mirrors the repo contract: 409 only when payload.name is set AND differs from existing name. Same-name no-op renames are dropped before the repo call. Description-only updates flow through. 2) Google OAuth callback wiped google_sync memberships on transient API failure. fetch_user_groups is fail-soft and returns [] for both "user has no groups" and "Cloud Identity API error". The callback fed that empty list into replace_google_sync_groups, which DELETEs all rows with source='google_sync' for the user then INSERTs zero — silently wiping every Workspace-synced membership on a hiccup. Callback now skips replace_google_sync_groups when group_names is empty and logs "preserving existing memberships". Trade-off: a user whose Workspace groups were genuinely cleared keeps stale memberships until the next non-empty sync. Admin-added rows (source='admin') were already protected by source-scope and are unaffected. The previous guard against this exact regression was test_callback_empty_groups_ does_not_overwrite_existing in tests/test_auth_providers.py — that test class has been skipped since v12 (asserts users.groups JSON, needs rewrite for user_group_members).		2026-04-28 14:40:27 +02:00
..
__init__.py	feat: add FastAPI server with auth, RBAC, and all API endpoints	2026-03-27 15:19:18 +01:00
access.py	fix(rbac+auth): system-group PATCH accepts description; Google sync preserves memberships on empty	2026-04-28 14:40:27 +02:00
access_requests.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
admin.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
catalog.py	feat: add Metrics API endpoints (GET/POST/DELETE) with admin auth	2026-04-10 19:32:13 +02:00
cli_artifacts.py	release(2.1.0): durable sync, CLI auto-update, versioned wheel URL, version unification (#43 )	2026-04-22 21:18:18 +02:00
data.py	feat: add graceful shutdown handler	2026-04-09 07:03:45 +02:00
health.py	feat(ui): version badge in footer + /api/version endpoint	2026-04-21 20:19:40 +02:00
jira_webhooks.py	fix(security): close Jira webhook fail-open + path traversal (#83 ) (#93 )	2026-04-27 19:53:55 +02:00
marketplaces.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
memory.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
metadata.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
metrics.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
permissions.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
query.py	fix: block DuckDB metadata functions and relative paths in query endpoint	2026-04-09 16:29:11 +02:00
query_hybrid.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
scripts.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
settings.py	feat: add dataset permissions, script execution, Kamal config, CI/CD	2026-03-27 15:40:11 +01:00
sync.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
telegram.py	feat: complete system — web UI, all API endpoints, governance, admin, CLI commands	2026-03-27 16:52:22 +01:00
tokens.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
upload.py	fix: remove duplicate Path alias in upload.py, replace _Path with Path	2026-04-09 18:42:48 +02:00
users.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00