Skip to content

v0.18.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 28 Jan 21:30
· 2214 commits to main since this release
v0.18.0
fe44847

The security update

This update has some pretty massive database migrations and changes to the docker-compose.yml file, please backup your database and read the change notes before upgrading.

Added

  • Platform admin blocker resolution for user deletion
    • New admin endpoints to delete guilds, promote guild members, and promote initiative members
    • Enhanced deletion eligibility response includes detailed blocker info with promotable members
    • Delete user dialog now shows "Resolve Blockers" step with inline actions
    • Admins can promote another member to guild admin or delete the guild entirely
    • Admins can promote another member to project manager for initiatives
    • Auto-advances to next step when all blockers are resolved
  • PostgreSQL Row Level Security (RLS) for guild data isolation
    • Database-level access control ensures users can only access data within their current guild
    • Defense-in-depth protection in addition to application-level access controls
    • Denormalized guild_id columns added to all tier 2/3 tables for efficient policy evaluation
    • Automatic triggers maintain guild_id consistency when parent relationships change
    • New RLSSessionDep dependency for routes that need database-level access control
    • Admin bypass role (app_admin) for migrations and background jobs
  • Role-based platform admin system with promote/demote functionality
    • Multiple users can now be platform admins (no longer limited to user ID 1)
    • Platform admins can promote/demote other users via Platform Users settings page
    • Protection against demoting the last platform admin
    • Platform roles and guild roles are now completely independent
    • Guild Users page now manages guild roles separately from platform roles
  • ENABLE_PUBLIC_REGISTRATION environment variable to control public registration
    • When set to false, all new users must register via an invite link
    • Bootstrap (first user) registration is always allowed regardless of setting
    • Landing page and register page adapt UI based on this setting
  • Platform admins can now create guilds when DISABLE_GUILD_CREATION=true
    • Regular users are still blocked from creating guilds when this flag is enabled
    • The can_create_guilds field in user responses now reflects platform admin status

Changed

  • Docker users: DATABASE_URL_ADMIN environment variable is now required for RLS migrations
    • RLS migrations need superuser privileges to create the app_admin role with BYPASSRLS
    • Add to your docker-compose: DATABASE_URL_ADMIN: postgresql+asyncpg://postgres:${POSTGRES_PASSWORD:-initiative}@db:5432/initiative
    • This URL uses the postgres superuser; the regular DATABASE_URL continues using the restricted initiative user
  • Destructive actions now use confirmation dialogs instead of browser alerts

Downloads

Android App

Download the APK from the assets below and install on your Android device.

Docker Image

docker pull morelitea/initiative:0.18.0

Or use latest tag. View on Docker Hub.

Assets 3
Loading