* refactor: enhance ComplexFilterBackend and BaseFilterSet for Q object filtering
- Introduced BaseFilterSet to support Q object construction for complex filtering.
- Updated ComplexFilterBackend to utilize Q objects for building querysets.
- Improved error handling and validation in filter methods.
- Refactored filter evaluation logic to streamline query construction.
* fix: improve filter processing in BaseFilterSet to handle empty cleaned_data and optimize filter evaluation
- Added handling for cases where cleaned_data is None or empty, returning an empty Q object.
- Optimized filter evaluation by only processing filters that are provided in the request data.
* update ComplexFilterBackend to pass queryset in filter evaluation
* chore: update psycopg dependencies to version 3.2.9 in base requirements
* refactor: clean up unused imports across multiple files
* chore: update lxml dependency to version 6.0.0 in base requirements
* style: improve code readability by breaking long lines into multiple lines across several files
* style: enhance readability by breaking long lines in ModuleSerializer docstring
* fix: permission check on viewset
* chore: check workspace admin
* chore: initiative is_workspace_admin before if condition
* chore: project member check
* fix: if conditions
* chore: add condition for guests to only edit description and name
* fix: use ROLE enum instead of magic numbers
* chore: remove if condition
* fix: next path url redirection
* fix: enhance URL redirection safety in authentication views
Updated SignInAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, and GoogleCallbackSpaceEndpoint to include checks for allowed hosts and schemes before redirecting. This improves the security of URL redirection by ensuring only valid URLs are used.
* chore: updated uitl to handle double /
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
Co-authored-by: Nikhil <118773738+pablohashescobar@users.noreply.github.com>
* refactor: enhance URL validation and redirection logic in authentication views
* Updated authentication views (SignInAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, GoogleCallbackSpaceEndpoint, and MagicSignInSpaceEndpoint) to include url_has_allowed_host_and_scheme checks for safer redirection.
* Improved URL construction by ensuring proper formatting and fallback to base host when necessary.
* Added get_allowed_hosts function to path_validator.py for better host validation.
* refactor: improve comments and clean up code in path_validator.py
* Updated comments for clarity in the get_safe_redirect_url function.
* Removed unnecessary blank line to enhance
* feat: enhance path validation and URL safety in path_validator.py
* Added get_allowed_hosts function to retrieve allowed hosts from settings.
* Updated get_safe_redirect_url to validate URLs against allowed hosts.
* Improved URL construction logic for safer redirection handling.
* feat: enhance URL validation in authentication views
* Added url_has_allowed_host_and_scheme checks in SignUpAuthSpaceEndpoint and MagicSignInSpaceEndpoint for safer redirection.
* Updated redirect logic to fallback to base host if the constructed URL is not allowed.
* Improved overall URL safety and handling in authentication flows.
* fix: improve host extraction in get_allowed_hosts function
* Updated get_allowed_hosts to extract only the host from ADMIN_BASE_URL and SPACE_BASE_URL settings for better URL validation.
* Enhanced overall safety and clarity in allowed hosts retrieval.
