feat: track notification read receipts per user
- New notification_reads table (migration 008) with unique (notification_id, user_id) - Notification model: markAsRead inserts into notification_reads; getForUser JOINs to show per-user read status; getUnreadCount checks NOT EXISTS in reads table - getAll() includes read_count subquery for admin view - Admin view shows 'X / Y' read count for broadcast notifications, 'Read'/'Unread' badge for user-targeted ones - Migrates existing read notifications into notification_reads - AGENTS.md updated with new conventions
This commit is contained in:
@@ -38,6 +38,7 @@ Repo-specific guidance for OpenCode sessions. Verified against code.
|
||||
- Admin group routes (`/admin/*`) already include `AuthMiddleware` + `RoleMiddleware`; individual routes add `CSRFMiddleware`.
|
||||
- Rate limiting on `POST /login` only (via `RateLimitMiddleware`)
|
||||
- Every credential access must be logged at `warning` level via `AuditService`
|
||||
- Notification read receipts tracked in `notification_reads` table: `(notification_id, user_id)` unique pair, with `read_at` timestamp
|
||||
|
||||
## Permission validation on server create/edit
|
||||
- When creating or editing a server, required SSH permissions can be specified and are validated via SSH before saving.
|
||||
@@ -49,7 +50,7 @@ Repo-specific guidance for OpenCode sessions. Verified against code.
|
||||
|
||||
## Database
|
||||
- Migrations run manually: `mysql servermanager < database/migrations/NNN_name.sql`
|
||||
- 7 migrations: `001_initial_schema`, `002_server_access`, `003_teams`, `004_soft_deletes`, `005_app_config_and_notifications`, `006_agent_tokens`, `007_server_permission_checks`
|
||||
- 8 migrations: `001_initial_schema`, `002_server_access`, `003_teams`, `004_soft_deletes`, `005_app_config_and_notifications`, `006_agent_tokens`, `007_server_permission_checks`, `008_notification_reads`
|
||||
- Users table has `role` ENUM: `super_admin`, `admin`, `operator`
|
||||
- `api_token` column on users for Bearer token auth
|
||||
- `server_permissions` table stores required SSH permissions per server (FK to `servers.id` CASCADE)
|
||||
|
||||
Reference in New Issue
Block a user