* sequential
* zero default
* fix
* fix: preserve absolute paths in sqlite+sqlcipher URLs
Previously, the connection logic incorrectly stripped the leading slash
from `sqlite+sqlcipher` paths, forcibly converting absolute paths
(e.g., `sqlite+sqlcipher:////app/data.db`) into relative paths
(which became `app/data.db`). This caused database initialization failures
when using absolute paths, such as with Docker volume mounts.
This change removes the slash-stripping logic, ensuring that absolute
path conventions (starting with `/`) are respected while maintaining
support for relative paths (which do not start with `/`).
- Changed default sort order in 'Edit Group' modal to 'created_at' (newest first).
Previously it sorted by group membership, causing toggled users to invisible jump
to the top of the list (often changing pages). using a stable sort fixes this UX issue.
- Removed unnecessary `page = 1` reset in toggleMember function so admins
don't lose their place when selecting multiple users.
Bug 2 - Model Image Display Bug:
- Added `Cache-Control: no-cache, must-revalidate` headers to the model profile
image endpoint. This ensures that when a model avatar is updated, the browser
fetches the new image instead of serving a stale cached version (favicon).
Fixes#19885
* fix: enforce global ENABLE_CHANNELS check on all channel endpoints
When channels are disabled globally (ENABLE_CHANNELS=false), users with
channel permissions could still fetch channels via API endpoints. This
fix adds a get_enabled_channels dependency to all 22 channel endpoints
that returns 403 Forbidden when channels are globally disabled.
Fixes#19914
* refac
* refac
* feat: Add Excel file viewer to FileItemModal
* feat: Add CSV file viewer to FileItemModal
* feat: Add Markdown and Code syntax highlighting to file viewer
* chore: add dependency
* fix: default to raw text view for Excel/Code/MD files
* fix: only show rows count in preview tab for excel files
* fix: preserve access_control when cloning prompts
Cloned prompts now inherit the original prompt's access_control settings
instead of defaulting to null/public. This ensures that permission and
sharing restrictions are carried over with clones as expected.
If the original prompt doesn't have access_control set, defaults to {}
(private) which matches the behavior of newly created prompts.
Fixes#19360
* fix: clone access control
Use json.dumps with ensure_ascii=False to avoid converting Chinese
descriptions into Unicode escape sequences.
This makes logs easier to read and significantly improves LLM tool
selection accuracy (from ~48% to ~67%) by preserving the original
natural language context.
