- Add api/org/add_member.go for adding organization members
- Register POST /api/orgs/{id}/members endpoint
- Fix PermWithOwner to check owner before permission
- Remove user:update from user role (should use owner check)
- Add service enabled check in verification send
Add validation for the 'purpose' parameter in verification code requests
to ensure only allowed values are accepted.
Valid purposes: register, login, reset_password, bind
Invalid purposes will be rejected with 400 Bad Request.
Fix the logic for code.max_daily_count setting to correctly handle:
- 0: Disable verification code service entirely
- -1: No limit on daily sends
- >0: Limit daily sends to the specified number
Previously both 0 and -1 were treated as unlimited, which was incorrect.
The documentation states 0 should disable the service.
veypi