v4.32.0

.claude/settings.json

@@ -0,0 +1,15 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(npm test:*)",
+      "Bash(npm run:*)",
+      "Bash(npx jest:*)",
+      "Bash(npm install:*)",
+      "Bash(git fetch:*)",
+      "Bash(git rebase:*)",
+      "Bash(git push:*)",
+      "Bash(git status:*)",
+      "Bash(git log:*)"
+    ]
+  }
+}

.firebaserc

@@ -2,5 +2,22 @@
   "projects": {
     "staging": "mfgt-flights",
     "production": "project-8979611309653332047"
-  }
-}
+  },
+  "targets": {
+    "cypress-testing": {
+      "database": {
+        "main": [
+          "cypress-testing-eu"
+        ]
+      }
+    },
+    "lspl-test": {
+      "database": {
+        "main": [
+          "lspl-test-default-rtdb"
+        ]
+      }
+    }
+  },
+  "etags": {}
+}

.github/workflows/claude.yml

@@ -19,7 +19,7 @@ jobs:
       (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       pull-requests: read
       issues: read
       id-token: write
@@ -28,7 +28,15 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: 1
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Install dependencies
+        run: npm ci
 
       - name: Run Claude Code
         id: claude

.github/workflows/firebase-hosting-dev.yml

@@ -11,21 +11,19 @@ jobs:
         environment:
           - lszt_test
           - lszm_test
+          - lspl_test
           - lspv_test
           - lszo_test
           - lsze_test
     environment: ${{ matrix.environment }}
     steps:
       - run: echo 'Running deplyoment for project ${{ vars.PROJECT }}'
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: 22
       - run: npm ci
       - run: npm run build --project=${{ vars.PROJECT }}
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
       - uses: w9jds/setup-firebase@main
         with:
           project_id: ${{ vars.FIREBASE_PROJECT }}
@@ -40,6 +38,7 @@ jobs:
         environment:
           - lszt_test
           - lszm_test
+          - lspl_test
           - lspv_test
           - lszo_test
           - lsze_test

.github/workflows/firebase-hosting-prod.yml

@@ -17,15 +17,12 @@ jobs:
     environment: ${{ matrix.environment }}
     steps:
       - run: echo 'Running deplyoment for project ${{ vars.PROJECT }}'
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: 22
       - run: npm ci
       - run: npm run build:prod --project=${{ vars.PROJECT }}
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
       - uses: w9jds/setup-firebase@main
         with:
           project_id: ${{ vars.FIREBASE_PROJECT }}

.github/workflows/test-pull-request.yml

@@ -5,8 +5,8 @@ jobs:
     if: '${{ github.event.pull_request.head.repo.full_name == github.repository }}'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: 22
       - run: npm ci

LICENSE

@@ -1,21 +1,15 @@
-MIT License
-
-Copyright (c) 2016-present, open digital Switzerland
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+Copyright (c) 2016-present, Open Digital Switzerland. All rights reserved.
+
+This software and associated documentation files (the "Software") are the
+proprietary property of Open Digital Switzerland. Unauthorized copying,
+modification, distribution, or use of the Software, in whole or in part,
+is strictly prohibited without the prior written consent of Open Digital
+Switzerland.
+
+The Software is provided "as is", without warranty of any kind, express or
+implied, including but not limited to the warranties of merchantability,
+fitness for a particular purpose, and noninfringement. In no event shall
+Open Digital Switzerland be liable for any claim, damages, or other
+liability, whether in an action of contract, tort, or otherwise, arising
+from, out of, or in connection with the Software or the use or other
+dealings in the Software.

cypress/CYPRESS_TESTING_SETUP.md

@@ -14,6 +14,20 @@ Auth endpoint: `https://europe-west1-cypress-testing.cloudfunctions.net/auth`
 | `foo`    | `bar`    | user  |
 | `admin`  | `12345`  | admin |
 
+## Email user login (for `loginEmail` command)
+
+The `cy.loginEmail()` command authenticates as `cypress-pilot@example.com` via the
+`createTestEmailToken` Cloud Function. This function is gated behind a config flag
+that must be enabled on the `cypress-testing` project:
+
+```bash
+firebase functions:config:set testing.enabled=true --project cypress-testing
+firebase deploy --only functions --project cypress-testing
+```
+
+The function always creates a token for the hardcoded email `cypress-pilot@example.com`
+and returns 403 on any project where `testing.enabled` is not set.
+
 ## Aerodrome settings (already in place)
 
 - Runway `36` with `departureRoute` options including `west`

cypress/integration/movements/email_user_movement_list_spec.js

@@ -0,0 +1,75 @@
+describe('movements', () => {
+  describe('email user movement list', () => {
+    let createdDepartureKey;
+
+    before(() => {
+      cy.visit('#/departure/new');
+      cy.loginEmail();
+    });
+
+    after(() => {
+      // Clean up as admin (email user may lack delete permission)
+      cy.logout();
+      cy.loginAdmin();
+
+      if (createdDepartureKey) {
+        cy.window().then(win => {
+          win.firebase.getRef(`/departures/${createdDepartureKey}`).remove();
+        });
+      }
+
+      cy.logout();
+    });
+
+    it('shows departure in movement list for email user', () => {
+      // Create a departure via the UI
+      cy.get(`[data-cy=immatriculation]`).type('HBKOF');
+      cy.get(`[data-cy=aircraftType]`).type('DR40');
+      cy.get(`[data-cy=mtow]`).type('1000');
+      cy.get(`[data-cy=aircraftCategory]`).click();
+      cy.get(`[data-cy=aircraftCategory-option-Flugzeug]`).click();
+      cy.get(`[data-cy=next-button]`).click();
+
+      cy.get(`[data-cy=lastname]`).type('Cypress');
+      cy.get(`[data-cy=firstname]`).type('Pilot');
+      cy.get(`[data-cy=email]`).type('pilot@example.com');
+      cy.get(`[data-cy=phone]`).type('0790000000');
+      cy.get(`[data-cy=next-button]`).click();
+
+      cy.get(`[data-cy=passengerCount-increment]`).click();
+      cy.get(`[data-cy=carriageVoucher-yes]`).click();
+      cy.get(`[data-cy=next-button]`).click();
+
+      cy.get(`[data-cy=date]`).click();
+      cy.get(`.DayPicker-Day[aria-disabled=false]`).last().click();
+      cy.get(`[data-cy=time-minutes-increment]`).click();
+      cy.get(`[data-cy=location]`).type('LSZR');
+      cy.get(`[data-cy=duration-hours-increment]`).click();
+      cy.get(`[data-cy=duration-minutes-increment]`).click();
+      cy.get(`[data-cy=next-button]`).click();
+      cy.get(`[data-cy=location-confirmation-dialog-confirm]`).click();
+
+      cy.get(`[data-cy=flightType-private]`).click();
+      cy.get(`[data-cy=runway-36]`).click();
+      cy.get(`[data-cy=departureRoute-west]`).click();
+      cy.get(`[data-cy=route]`).type('Testroute');
+      cy.get(`[data-cy=remarks]`).type('E2E email user test');
+      cy.get(`[data-cy=next-button]`).click();
+      cy.get(`[data-cy=commit-requirement-dialog-confirm]`).click();
+
+      cy.get(`[data-cy=finish-button]`).click();
+      cy.hash().should('eq', '#/');
+
+      // Navigate to movement list and verify exactly one departure appears
+      cy.visit('#/movements');
+      cy.get('[data-id]').should('have.length', 1);
+      cy.get('[data-id]')
+        .contains('HBKOF')
+        .closest('[data-id]')
+        .invoke('attr', 'data-id')
+        .then(key => {
+          createdDepartureKey = key;
+        });
+    });
+  });
+});

cypress/support/commands.js

@@ -14,6 +14,15 @@ Cypress.Commands.add('login', () => login('foo', 'bar'));
 
 Cypress.Commands.add('loginAdmin', () => login('admin', '12345'));
 
+Cypress.Commands.add('loginEmail', () => {
+  cy.request('POST', 'https://europe-west1-cypress-testing.cloudfunctions.net/createTestEmailToken')
+    .then((response) => {
+      cy.window().then(win => {
+        return win.firebase.authenticate(response.body.token);
+      });
+    });
+});
+
 Cypress.Commands.add('logout', () => {
   cy.window().then(win => {
     win.firebase.unauth();

firebase-rules-template.json

@@ -5,7 +5,8 @@
       ".indexOn": [
         "dateTime",
         "negativeTimestamp",
-        "immatriculation"
+        "immatriculation",
+        "createdBy_orderKey"
       ],
       "$departure_id": {
         ".write": "auth !== null && (!root.child('settings/lockDate').exists() || (!data.exists() && newData.exists() && newData.child('negativeTimestamp').val() * -1 > root.child('settings/lockDate').val() + 1000 * 60 * 60 * 24) || (data.exists() && !newData.exists() && data.child('negativeTimestamp').val() * -1 > root.child('settings/lockDate').val() + 1000 * 60 * 60 * 24) || (data.exists() && newData.exists() && data.child('negativeTimestamp').val() * -1 > root.child('settings/lockDate').val() + 1000 * 60 * 60 * 24 && newData.child('negativeTimestamp').val() * -1 > root.child('settings/lockDate').val() + 1000 * 60 * 60 * 24))",
@@ -91,6 +92,9 @@
         "customsFormUrl": {
           ".validate": "newData.isString()"
         },
+        "privacyPolicyAcceptedAt": {
+          ".validate": "newData.isString() && newData.val().matches(/^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$/)"
+        },
         "$other": {
           ".validate": false
         }
@@ -101,7 +105,8 @@
       ".indexOn": [
         "dateTime",
         "negativeTimestamp",
-        "immatriculation"
+        "immatriculation",
+        "createdBy_orderKey"
       ],
       "$arrival_id": {
         ".write": "auth !== null && (!root.child('settings/lockDate').exists() || (!data.exists() && newData.exists() && newData.child('negativeTimestamp').val() * -1 > root.child('settings/lockDate').val() + 1000 * 60 * 60 * 24) || (data.exists() && !newData.exists() && data.child('negativeTimestamp').val() * -1 > root.child('settings/lockDate').val() + 1000 * 60 * 60 * 24) || (data.exists() && newData.exists() && data.child('negativeTimestamp').val() * -1 > root.child('settings/lockDate').val() + 1000 * 60 * 60 * 24 && newData.child('negativeTimestamp').val() * -1 > root.child('settings/lockDate').val() + 1000 * 60 * 60 * 24))",
@@ -223,6 +228,9 @@
         "customsFormUrl": {
           ".validate": "newData.isString()"
         },
+        "privacyPolicyAcceptedAt": {
+          ".validate": "newData.isString() && newData.val().matches(/^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$/)"
+        },
         "$other": {
           ".validate": false
         }
@@ -287,6 +295,21 @@
         ".read": "auth !== null && root.child('admins/' + auth.uid).exists()",
         ".write": "auth !== null && root.child('admins/' + auth.uid).exists()"
       },
+      "privacyPolicyUrl": {
+        ".read": true,
+        ".write": "auth !== null && root.child('admins/' + auth.uid).exists()",
+        ".validate": "newData.isString()"
+      },
+      "movementRetentionDays": {
+        ".read": "auth !== null && root.child('admins/' + auth.uid).exists()",
+        ".write": "auth !== null && root.child('admins/' + auth.uid).exists()",
+        ".validate": "newData.isNumber() && newData.val() > 0"
+      },
+      "messageRetentionDays": {
+        ".read": "auth !== null && root.child('admins/' + auth.uid).exists()",
+        ".write": "auth !== null && root.child('admins/' + auth.uid).exists()",
+        ".validate": "newData.isNumber() && newData.val() > 0"
+      },
       "$other": {
         ".validate": false
       }
@@ -423,6 +446,11 @@
         }
       }
     },
+    "signInCodes": {
+      ".read": false,
+      ".write": false,
+      ".indexOn": ["email"]
+    },
     "profiles": {
       "$profile_id": {
         ".read": "auth !== null && $profile_id === auth.uid",
@@ -454,6 +482,9 @@
         "mtow": {
           ".validate": "newData.isNumber() && newData.val() > 0"
         },
+        "privacyPolicyAcceptedAt": {
+          ".validate": "newData.isString() && newData.val().matches(/^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$/)"
+        },
         "$other": {
           ".validate": false
         }