- Introduced `email_verified` and `account_state` attributes in the `TenantContext` to improve user state management.
- Updated the `resolve_tenant_context` function to dynamically fetch `email_verified` status from the database and determine `account_state` based on user roles and memberships.
- Implemented `assert_min_account_state` checks across various endpoints to enforce access control based on user account status.
- Incremented version to 1.1.0 in version.py to reflect these enhancements in tenant context management and access control.
- Introduced `training_planning_prefs` field in the ProfileUpdate model to store user-specific UI options for training planning.
- Updated the backend to handle the new preferences during profile updates, ensuring proper validation and storage.
- Enhanced the frontend to allow users to select their preferred display mode for training modules in the Account Settings page.
- Updated version to 0.8.98 and adjusted database schema version accordingly, reflecting the new feature integration.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Introduced a new utility function to filter and return only active club memberships, improving role management and access control.
- Updated various components and pages to utilize the new active club memberships function, ensuring only relevant memberships are considered.
- Enhanced user interface elements to reflect the status of club memberships, including visual indicators for inactive memberships.
- Improved backend logic for resolving tenant contexts and managing club roles based on active memberships.
- Integrated a new password reset mechanism for user accounts, allowing admins to send reset links via email.
- Updated the management password reset functionality to differentiate between direct password setting and email link requests.
- Added validation to ensure at least one active club admin remains when modifying club member roles.
- Improved the user interface for password management in the admin panel, providing clearer feedback and options for password resets.
- Added a new endpoint for superadmins and platform admins to reset passwords for other profiles.
- Introduced a management password reset feature in the admin user management page, allowing for secure password updates.
- Enhanced user interface to support password reset actions, including validation and feedback for successful updates.
- Updated API utility functions to handle the new password reset request.
- Added functions to determine production environment and OpenAPI exposure settings, improving API documentation control.
- Updated FastAPI initialization to conditionally set OpenAPI and documentation URLs based on environment variables.
- Refactored health check response to limit detail exposure in production environments, enhancing security.
- Streamlined profile management by removing legacy ID retrieval and ensuring session-based profile access for security improvements.
- Introduced new function `club_admin_shares_club_with_creator` to check club admin permissions for shared clubs.
- Updated `can_manage_club_org` to incorporate new role checks.
- Enhanced exercise deletion logic to include checks for club admin roles and shared club memberships.
- Added new filters for exercise visibility and status in the ExercisesListPage, allowing users to exclude specific criteria.
- Implemented functionality to save user-specific exercise list preferences, improving user experience.
- Updated API interactions to support new filtering options and preferences for exercise management.
- Bumped application version to 0.8.36 in both backend and frontend files.
- Updated the ProfileCreate model to require name and email fields, ensuring schema compliance.
- Implemented a new POST /api/profiles endpoint restricted to platform admins, utilizing a random PIN for user setup.
- Added integration tests for profile creation, including checks for unauthorized access and duplicate email handling.
- Enhanced changelog to reflect the new version and changes made in this release.
- Bumped application version to 0.8.35 in both backend and frontend files.
- Updated profile retrieval and deletion endpoints to restrict access to the profile owner or platform admins, returning a 403 status for unauthorized access.
- Added integration tests to verify access control for profile retrieval.
- Enhanced changelog to reflect the new version and changes made in this release.
- Refactored club join requests, memberships, and clubs routers to utilize TenantContext for authentication and authorization, enhancing security and consistency.
- Updated session handling to replace direct session dictionary access with TenantContext, improving code clarity and maintainability.
- Ensured proper role and profile ID retrieval from TenantContext in various endpoints, streamlining access control for club management functionalities.
- Introduced tenant context resolution in the profiles API, allowing for effective club identification based on user memberships.
- Updated the `GET /profiles/me` endpoint to return `effective_club_id` and removed reliance on the deprecated `X-Active-Club-Id` header.
- Bumped application version to 0.8.22 in both backend and frontend files.
- Enhanced changelog to document the new version and changes made in this release.
- Added role and tier fields to the ProfileUpdate model, allowing for better user role management.
- Implemented new API endpoint for listing admin users, accessible only to portal admins.
- Updated profile retrieval and update logic to handle role and tier changes, enforcing permissions for modifications.
- Enhanced frontend navigation and routing to include the new admin users page, improving admin interface usability.
- Bumped application version to 0.8.19 and updated changelog to reflect these changes.
- Updated the backend to include a new `requested_club_id` field in the registration request model.
- Replaced the club memberships router with a new club join requests router for better management of membership applications.
- Added API endpoints for listing public clubs and managing club join requests, improving user experience during registration and membership processes.
- Enhanced the ClubsPage in the frontend to support member management and join requests, including new modals for adding members and handling requests.
- Updated API utility functions to accommodate new endpoints for club join requests and public club listings.
- Enhanced login response to include additional user information such as email, tier, and role.
- Updated profile update logic to restrict access based on user roles and ensure only authorized users can modify profiles.
- Replaced ProfilePage with AccountSettingsPage in routing and updated related components to reflect this change.
- Added new API functions for updating profiles and changing passwords to improve user account management.
- AuthContext checks /profiles/me on mount to restore session
- Without this endpoint, users had to re-login on every refresh
- Returns current user's profile based on auth token
Issue: Session persistence broken
Backend:
- Auth router (login, register, logout)
- Profiles router (get current profile)
- Registered in main.py
Frontend:
- LoginPage with login/register tabs
- Dashboard with welcome screen
- Simplified AuthContext for Shinkan
- Protected routes in App.jsx
- Public routes redirect when logged in
Ready for testing!
version: 0.1.0
