fix(api tokens)!: make sure task create routes are available to use with the api

BREAKING CHANGE: The api route to create a new task is now /projects/:project/tasks instead of /projects/:project

pkg/models/api_routes.go

@@ -55,6 +55,8 @@ func getRouteGroupName(path string) string {
 
 	finalName := strings.Join(filteredParts, "_")
 	switch finalName {
+	case "projects_tasks":
+		return "tasks"
 	case "tasks_all":
 		return "tasks"
 	default:
@@ -129,7 +131,13 @@ func GetAvailableAPIRoutesForToken(c echo.Context) error {
 
 // CanDoAPIRoute checks if a token is allowed to use the current api route
 func CanDoAPIRoute(c echo.Context, token *APIToken) (can bool) {
-	path := c.Request().URL.Path
+	path := c.Path()
+	if path == "" {
+		// c.Path() is empty during testing, but returns the path which the route used during registration
+		// which is what we need.
+		path = c.Request().URL.Path
+	}
+
 	routeGroupName := getRouteGroupName(path)
 
 	group, hasGroup := token.Permissions[routeGroupName]

pkg/models/tasks.go

@@ -717,7 +717,7 @@ func getNextTaskIndex(s *xorm.Session, projectID int64) (nextIndex int64, err er
 // @Failure 400 {object} web.HTTPError "Invalid task object provided."
 // @Failure 403 {object} web.HTTPError "The user does not have access to the project"
 // @Failure 500 {object} models.Message "Internal error"
-// @Router /projects/{id} [put]
+// @Router /projects/{id}/tasks [put]
 func (t *Task) Create(s *xorm.Session, a web.Auth) (err error) {
 	return createTask(s, t, a, true)
 }

pkg/routes/routes.go

@@ -379,7 +379,7 @@ func registerAPIRoutes(a *echo.Group) {
 			return &models.Task{}
 		},
 	}
-	a.PUT("/projects/:project", taskHandler.CreateWeb)
+	a.PUT("/projects/:project/tasks", taskHandler.CreateWeb)
 	a.GET("/tasks/:projecttask", taskHandler.ReadOneWeb)
 	a.GET("/tasks/all", taskCollectionHandler.ReadAllWeb)
 	a.DELETE("/tasks/:projecttask", taskHandler.DeleteWeb)