- Clicking any past day dot now opens a stats panel (read-only for days older than yesterday)
- Entry form and delete buttons hidden for non-editable days
- Backend silently restores locked offsets (< yesterday) on PATCH, preventing backdated edits
- Negative buffer no longer shows green: badge and progress bar are amber/red when buf < 0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Max 10 pending invites per user (400 if exceeded)
- List sorted: pending → used → expired
- Expired invites hidden after 30 days
- Frontend shows error toast from server message on invite creation failure
- Tests: testInviteMaxTenPending, testInviteListSortOrder, testInviteExpiredHiddenAfter30Days
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ADMIN_EMAIL env var controls who has admin access
- GET /api/admin/users returns all users (id, email, username, registered);
returns 403 for non-admins
- GET /api/me now includes is_admin flag
- Menu shows "Nutzer/Users/Użytkownicy" button for admins that opens a
table with name, email, and registration date for all users
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Registration failed visibly because the controller returned successfully
(user created, invite consumed) but the JS then called loadGoals() without
an authenticated session — causing a 401 that surfaced as an error to the user.
- Add Security::login() after user creation so the session is established
immediately, matching the documented "registers + auto-logs in" behavior
- Wrap user persist and invite consumption in a single DB transaction so
the invite token can never be consumed if user creation fails
- Add 12 integration tests covering auto-login, locale updates, logout,
partial goal updates, invite isolation, and various edge cases (110 assertions total)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- STRINGS object in app.js with all UI strings in de/en/pl
- tr() function, ldoc() locale-aware date formatting
- tpl() auto-translates data-t/data-ph/data-val attributes on clone
- app.html.twig: data-t attributes on all template static text, language picker in data menu
- locale CHAR(2) column on users table; GET /api/me returns locale; PATCH /api/me accepts locale
- setLocale() persists to API + localStorage; applyLocale() reads user.locale → localStorage → navigator.language
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Stopwatch between logo and menu: tap to start, tap to stop, tap to reset
- AppController passes md5-based version hash for app.js and style.css to prevent browser caching issues
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Creates rememberme_token table, drops legacy delight-im/auth tables,
aligns column types with Doctrine entity definitions. Adds UserReset
entity so users_resets is managed by Doctrine instead of raw SQL.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Symfony 8 SPA with Doctrine ORM, Symfony Security, vanilla JS frontend.
Migrated from plain PHP (delight-im/auth + raw SQL) to full Symfony stack.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
