diff --git a/CHANGELOG.md b/CHANGELOG.md
index b86eebde..5eb7b159 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,33 @@
The complete changelog for the Costs to Expect REST API, our changelog follows the format defined at https://keepachangelog.com/en/1.0.0/
+## [v2.23.0] - 2022-04-12
+## Added
+- We have updated the `/auth/user` route, the route will now show any active created tokens.
+- We have added `device_name` as an optional field on sign-in, if set, the generated token will be prefixed with the device name.
+- We have added an `include-permitted-users` parameter when requesting a resource type, you will be able to see all the permitted users without having to go down the tree.
+- If an API response includes a related object, the first field should be the URI to the relevant collection or resource, we have started updating responses.
+- We have added a `auth/user/tokens` route to show the active tokens, you can view an individual token as well as delete a token.
+- We have added a notification for failed jobs, if the `ClearCache` job fails we will get an email, luckily, it doesn't ever fail :)
+- We have added the ability to assign permitted users, if you have access to a resource type you can assign a known user to the resource type.
+- We have added a view permitted user endpoint.
+- We have added the ability to delete a permitted user, you can delete any permitted user with access to the resource type, including yourself.
+- We have added initial tests for the permitted user routes.
+
+## Changed
+- We have updated sign-in to clear tokens that have not been used for a year.
+- We have added additional validation to `/auth/login` to match the create password routes.
+- We have removed additional references to our `item-type` entity class, keep code in the individual item type namespaces.
+- We have converted out `Mailables` to `Notifications` and they get send via the queue.
+- We have updated the `partial-transfers` route to use methods per item types, this way we can correctly return a 405 when an item doesn't support partial transfers.
+- We have updated the `transfers` route to use methods per item types, this was we can correctly return a 405 when an item doesn't support transfers.
+- We have localised all response messages in the Authentication controller to match the rest of the API.
+
+## Fixed
+- We have fixed our Authentication tests, we no longer overwrite the initial user, additionally, we have updated three tests to return success on a 422, not a 401.
+- We have corrected a couple of parameter conversions, two parameters not correctly being converted to Booleans.
+- Unable to delete an `allocated-expense`, need to clear the partial transfers table.
+
## [v2.22.0] - 2022-01-26
After being away from the code for a while I've made some changes. I've reduced the complexity around different items types because things had started to get a little complex and I know what is coming next so want to clear out as much unnecessary code as possible. This is just a first pass, I'm sure there will be more but I have many other planned tickets to get on with.
diff --git a/config/api/app/version.php b/config/api/app/version.php
index f7f2486f..3dc6ef86 100644
--- a/config/api/app/version.php
+++ b/config/api/app/version.php
@@ -3,9 +3,9 @@
declare(strict_types=1);
return [
- 'version'=> 'v2.22.0',
+ 'version'=> 'v2.23.0',
'prefix' => 'v2',
- 'release_date' => '2022-01-26',
+ 'release_date' => '2022-04-12',
'changelog' => [
'api' => '/v2/changelog',
'markdown' => 'https://github.com/costs-to-expect/api/blob/master/CHANGELOG.md'
diff --git a/resources/views/welcome.blade.php b/resources/views/welcome.blade.php
index d250825f..b90a4570 100644
--- a/resources/views/welcome.blade.php
+++ b/resources/views/welcome.blade.php
@@ -229,49 +229,36 @@ function gtag(){dataLayer.push(arguments);}
Added
- - We have added additional tests for the `ResourceManage` controller
- - We have added tests for the `ResourceTypeView` controller
- - We have added a logout route
- - We have added an OPTIONS request for `/auth/create-new-password`
- - We have added an OPTIONS request for `/auth/create-password`
- - We have added an OPTIONS request for `/auth/forgot-password`
- - We have added an OPTIONS request for `/auth/login`
- - We have added an OPTIONS request for `/auth/register`
- - We have added an OPTIONS request for `/auth/update-password`
- - We have added an OPTIONS request for `/auth/update-profile`
- - We have added an OPTIONS request for `/auth/user`
- - We have added an OPTIONS request for `/auth/check`
+ - We have updated the `/auth/user` route, the route will now show any active created tokens
+ - We have added `device_name` as an optional field on sign-in, if set, the generated token will be prefixed with the device name
+ - We have added an `include-permitted-users` parameter when requesting a resource type, you will be able to see all the permitted users without having to go down the tree
+ - If an API response includes a related object, the first field should be the URI to the relevant collection or resource, we have started updating responses
+ - We have added a `auth/user/tokens` route to show the active tokens, you can view an individual token as well as delete a token
+ - We have added a notification for failed jobs, if the `ClearCache` job fails we will get an email, luckily, it doesn't ever fail :)
+ - We have added the ability to assign permitted users, if you have access to a resource type you can assign a known user to the resource type
+ - We have added a view permitted user endpoint
+ - We have added the ability to delete a permitted user, you can delete any permitted user with access to the resource type, including yourself
+ - We have added initial tests for the permitted user routes
Changed
- - We have made a couple of minor changes to the Docker setup
- - We have updated the README because of minor Docker changes and corrected the table layouts in the README file
- - We have updated all front-end and back-end dependencies
- - We have updated the copyright, we are now in 2022
- - We have added additional feature tests and removed some duplication in the tests, the README details the current test status
- - General refactoring, switched to method injection and logging exception messages
- - We are switching to named routes and have updated some of the route files, more will be updated as additional tests are created
- - We have done a quick review of each of the model classes and fixed a few tiny issues
- - We have reviewed all the `ItemType` classes, improved organisation with additional namespaces, renamed classes and methods, all with the goal being to try and make everything clearer
- - We have reviewed all item based controllers and switched to methods per item type rather than hiding all the logic in larger item classes. There is slightly more duplication but this will allow us to more easily customise each item type as new ones are added, I'm looking at you forecasting
- - We have updated the item/categories routes and will return a 405 when a category is not supported for the item type
- - We have updated the item/subcategories routes and will return a 405 when a subcategory is not supported for the item type
- - The Authentication controller no longer extends from the base app controller, it was doing some unnecessary work
+ - We have updated sign-in to clear tokens that have not been used for a year
+ - We have added additional validation to `/auth/login` to match all the create password routes
+ - We have removed additional references to our `item-type` entity class, keep code in the individual item type namespaces
+ - We have converted out `Mailables` to `Notifications` and they get send via the queue
+ - We have updated the `partial-transfers` route to use methods per item types, this way we can correctly return a 405 when an item doesn't support partial transfers
+ - We have updated the `transfers` route to use methods per item types, this was we can correctly return a 405 when an item doesn't support transfers
+ - We have localised all response messages in the Authentication controller to match the rest of the API
Fixed
- - We have fixed the `delete_resource_type_success` test, wrong route
- - The `notFoundOrNotAccessible` response will optionally return a 403 if not accessible and not a 404
-
-
- Removed
-
-
- - We have removed a few files not used by the API
+ - We have fixed our Authentication tests, we no longer overwrite the initial user, additionally, we have updated three tests to return success on a 422, not a 401
+ - We have corrected a couple of parameter conversions, two parameters not correctly being converted to Booleans
+ - Unable to delete an `allocated-expense`, need to clear the partial transfers table