Skip to content

v0.12.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 08 May 19:58
v0.12.0
0d7457b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

0.12.0 (2026-05-08)

Features

  • authz: add account read-scope helpers (6fdff66)
  • authz: add account write-scope assertion helper (fb4b8f6)
  • authz: add account/lead/opportunity id-filter helpers (similarity post-filter) (98b32f1)
  • authz: add activity-for-entity scope dispatch helper (db08f51)
  • authz: add AuthenticationError and AuthorizationError (47e4980)
  • authz: add barrel export (48a2a5e)
  • authz: add board and task read/write scope helpers (380e6a5)
  • authz: add bulk-id authorization filters for contacts and targets (388d29d)
  • authz: add campaign and template read/write scope helpers (6af7af0)
  • authz: add canonical AppRole type and legacy role mapper (1350ed3)
  • authz: add document read/write scope helpers (linked-entity aware) (f2122a2)
  • authz: add enrichment cancel permission helpers (6acbfec)
  • authz: add lead/contact/opportunity/contract read-scope helpers (linked-account aware) (bfaef87)
  • authz: add read/write assertion helpers for contacts and targets (e0fff6b)
  • authz: add ReportScope builder for per-role report data filtering (0035bf0)
  • authz: add requireAuthenticated, requireRole, role predicates (30c3472)
  • authz: add route response helpers (401/403/404) (7ad29ae)
  • authz: add scoped contact and target update helpers (071cb2c)
  • authz: add target and target-list read-scope helpers (45b82a8)
  • authz: align UI/action callers to canonical role names (1dc5618)
  • authz: switch Users.role to Prisma enum AppRole (d598305)
  • authz: validate setUserRole against canonical AppRole (77241b7)
  • db: backfill canonical roles (admin/manager/user) and sync is_admin (f7475f5)
  • reports: per-category functions accept ReportScope to filter data by role (87d73e0)
  • security: permission-driven authorization migration (Phases A → F.1) (e06478f)

Bug Fixes

  • account-products: require account read scope on get-account-products (36f2d0d)
  • account-products: require account write scope on assignment mutations (dfa1850)
  • admin: require admin role on activate/deactivate user (close audit gap) (8215af2)
  • admin: require admin role on CRM-settings server actions (be27db7)
  • admin: require admin role on currency server actions (8dfc9ad)
  • api: filter contact bulk enrichment ids by user scope (5014d9a)
  • api: filter target bulk enrichment ids by user scope (4af94fe)
  • api: require contact write scope on enrich POST/DELETE (b1530c0)
  • api: require invoice read scope on PDF route (a35d7d0)
  • api: require parent target write scope on target-contact create (28912b4)
  • api: require target write scope and contact linkage on per-target-contact enrich (80f9ee4)
  • api: require target write scope on enrich POST/DELETE (auto-fixes campaign re-export) (18a0b56)
  • api: require target write scope on per-target enrich (auto-fixes campaign re-export) (85cfe72)
  • api: scope reports/export by role; gate users-directory report (571fbf3)
  • api: scoped contact PATCH closes BOLA/IDOR (GHSA-mg5f-m89f-4gmc) (c80d3ec)
  • api: scoped target PATCH closes BOLA/IDOR (auto-fixes campaign re-export) (cd0ed0a)
  • auth: align auth-client roles with renamed manager/user (66e0e84)
  • authz: drop readonly tuple from accountUserScopeOR for Prisma compat (39bcebe)
  • authz: include deletedAt:null in target read scope (crm_Targets has soft-delete) (7a8fc2e)
  • authz: replace is_admin checks with requireRole on admin invoice routes (a54ed98)
  • authz: use lowercase prismadb.documents accessor (a816361)
  • campaign-templates: scope template reads/mutations by role and ownership (417ae5a)
  • campaigns: narrow createCampaign result before using campaign.id (1794a88)
  • campaigns: require auth + ownership on create/update/delete/pause (6f2b02e)
  • campaigns: require manager/admin role on schedule and send-now (7361442)
  • campaigns: scope campaign reads by role (146d5b4)
  • crm: require account read scope on getAccountById (edb9b9b)
  • crm: require entity-scoped read access on activity feed (568a7cc)
  • crm: scope account list by user/manager/admin role (a9f9a6f)
  • crm: scope account search by user/manager/admin role (3fd6673)
  • crm: scope audit-log-by-entity and normalize audit-log-admin to canonical helper (ea45503)
  • crm: scope contact reads by role and linked-account/opportunity access (be7e186)
  • crm: scope contract reads by role and linked-account access (9b39448)
  • crm: scope lead reads by role and linked-account access (b5d088b)
  • crm: scope opportunity reads by role; cache key respects user scope (16c64fb)
  • crm: scope pgvector similarity results by user/manager/admin (a1fb3a8)
  • crm: scope remaining opportunity read actions (by-account, by-contact, user-opps) (e8bcfc9)
  • crm: scope target and target-list reads by role (9e326eb)
  • documents: filter bulk document operations by user scope (fail-closed) (61132fe)
  • documents: require ownership/account scope on document mutations (5bb9035)
  • documents: scope document reads by role and linked-entity access (220cf23)
  • invoices: require account read scope on get-invoices-by-accountId (c8cbf66)
  • invoices: require account write scope on create and on accountId reassignment (f8282e5)
  • invoices: require read scope on source and write scope on accountId for duplicateInvoice (eb792a7)
  • migration: scrub orphan creator FK refs before adding new FK constraint (7fa5196)
  • products: require authentication on product read actions (b2a860f)
  • products: require manager/admin role on product mutations (61ed918)
  • projects: require board write/read scope on board mutations (522ca13)
  • projects: require parent board write scope on section mutations (65e208f)
  • projects: scope project read actions by board access (5ddaa97)
  • projects: scope task mutations (board strict + assignee soft) (27f0cf8)
  • reports: gate users-directory report behind manager/admin (20aeeaf)
  • reports: scope config and schedule reads/mutations by role and ownership (932de36)
  • reports: scope dashboard tasks count and unified search by role (d17a880)
  • reports: scope scheduled-report data by schedule owner role (7f7c7b6)
  • security: admin server action lockdown (Phase C) (5a555fe)
  • security: authz cleanup — drop is_admin, role enum (Phase F) (c22bf83)
  • security: close enrichment BOLA/IDOR (Phase B1) (726be4c)
  • security: close GHSA-mg5f-m89f-4gmc + permission-driven authz foundation (e6987aa)
  • security: close invoice IDOR (Phase B2) (88d488b)
  • security: scope campaigns + templates (Phase E2) (99effa9)
  • security: scope CRM account reads by role (Phase D1) (cbc3a30)
  • security: scope CRM accounts list by user authz read scope (08c0ec7)
  • security: scope CRM accounts list by user authz read scope (8e86e03)
  • security: scope CRM lead/contact/opportunity/contract reads by role (Phase D2) (d795b00)
  • security: scope documents + bulk ops (Phase E3) (12ac3df)
  • security: scope products + account-products + invoice list (Phase E1) (4ecfc56)
  • security: scope projects (boards/sections/tasks) (Phase E4) (bc2a72a)
  • security: scope reports + dashboard + unified search by role (Phase B3) (477dcf6)
  • security: scope targets, activities, audit log, similarity (Phase D3) (07a03f9)
  • tests: merge duplicate prismadb.documents mock keys after lowercase fix (3446bc9)
Assets 2
Loading