Restrict role modification in ProjectMemberViewSet.partial_update to
Admins only and enforce that requesters cannot modify or assign roles
equal to or higher than their own. Previously, Guests could demote
Admins by exploiting a missing lower-bound check on role changes.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename IssueUserProperty to ProjectUserProperty and update related references across the codebase
* migrate: move issue user properties to project user properties and update related fields and constraints
* refactor: rename IssueUserPropertySerializer and IssueUserDisplayPropertyEndpoint to ProjectUserPropertySerializer and ProjectUserDisplayPropertyEndpoint, updating all related references
* fix: enhance ProjectUserDisplayPropertyEndpoint to handle missing properties by creating new entries and improve response handling
* fix: correct formatting in migration for ProjectUserProperty model options
* migrate: add migration to update existing non-service API tokens to remove workspace association
* migrate: refine migration to update existing non-service API tokens by excluding bot users from workspace removal
* chore: changed the project sort order in project user property
* chore: remove allowed_rate_limit from APIToken
* chore: updated user-properties endpoint for frontend
* chore: removed the extra projectuserproperty
* chore: updated the migration file
* chore: code refactor
* fix: type error
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
Co-authored-by: sangeethailango <sangeethailango21@gmail.com>
Co-authored-by: vamsikrishnamathala <matalav55@gmail.com>
Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so>
* fix: separate retrieve method in WorkspaceMemberViewSet
* fix: non project members accessing member detail:
* chore: error handle
* fix: role based response
* fix: use Enum
* chore: update navigation_project_limit and navigation_control_preference
* chore: set default true for user specific widgets
* chore: use serializer in ProjectMemberPreferenceEndpoint
chore: use serializer in WorkspaceUserPropertiesEndpoint
"
* fix: validate preferences
* fix: status code
* fix: remove saving from validate
* fix: simply validate_preferences
* chore: create WorkspaceUserProperties if it doesn't exist
* fix: create WorksapceUserProperties it not exist
* fix: copy the instance
* Revert "fix: copy the instance"
This reverts commit ddb0384b6dfa0dc52929972c4e2cd7ce85c69667.
* chore: migrate WorkspaceUserPreference to set defaults
* fix: migration file name
* Revert "fix: migration file name"
This reverts commit 80a21dedf1a1245f22e45bfeaf20e8e9f91a1cbf.
* Revert "chore: migrate WorkspaceUserPreference to set defaults"
This reverts commit 25bc583a081ce79d52ec721f69cf8e61de3e8fb3.
