diff --git a/Gemfile.saas.lock b/Gemfile.saas.lock
index 91c11943f..cc5d1ab5d 100644
--- a/Gemfile.saas.lock
+++ b/Gemfile.saas.lock
@@ -21,7 +21,7 @@ GIT
GIT
remote: https://github.com/basecamp/fizzy-saas
- revision: a14df11b57818697df4b2cc7b6a43e762ebaa196
+ revision: fb30201b9b2752f9e9cff2f9f36b698b13856404
specs:
fizzy-saas (0.1.0)
audits1984
diff --git a/README.md b/README.md
index 27ba149fc..5ea839008 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,8 @@ We've added comments to that file to highlight what each setting needs to be, bu
- `proxy/ssl` and `proxy/host`: Kamal can set up SSL certificates for you automatically. To enable that, set the hostname again as `host`. If you don't want SSL for some reason, you can set `ssl: false` to turn it off.
- `env/clear/MAILER_FROM_ADDRESS`: This is the email address that Fizzy will send emails from. It should usually be an address from the same domain where you're running Fizzy.
- `env/clear/SMTP_ADDRESS`: The address of an SMTP server that you can send email through. You can use a 3rd-party service for this, like Sendgrid or Postmark, in which case their documentation will tell you what to use for this.
+- `env/clear/MULTI_TENANT`: Set to `false` to enable single-tenant mode (disable multi-account signups).
+
Fizzy also requires a few environment variables to be set up, some of which contain secrets.
The simplest way to do this is to put them in a file called `.kamal/secrets`.
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index fb9fe0617..e32cf3829 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -14,7 +14,8 @@ class SessionsController < ApplicationController
else
signup = Signup.new(email_address: email_address)
if signup.valid?(:identity_creation)
- redirect_to_session_magic_link signup.create_identity
+ identity = signup.create_identity if Account.accepting_signups?
+ redirect_to_session_magic_link identity
else
head :unprocessable_entity
end
diff --git a/app/controllers/signups_controller.rb b/app/controllers/signups_controller.rb
index 776421201..56614158f 100644
--- a/app/controllers/signups_controller.rb
+++ b/app/controllers/signups_controller.rb
@@ -3,6 +3,7 @@ class SignupsController < ApplicationController
allow_unauthenticated_access
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_signup_path, alert: "Try again later." }
before_action :redirect_authenticated_user
+ before_action :enforce_tenant_limit
layout "public"
@@ -24,6 +25,10 @@ class SignupsController < ApplicationController
redirect_to new_signup_completion_path if authenticated?
end
+ def enforce_tenant_limit
+ redirect_to new_session_url unless Account.accepting_signups?
+ end
+
def signup_params
params.expect signup: :email_address
end
diff --git a/app/models/account.rb b/app/models/account.rb
index 34aaf64ae..df0b845b0 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -1,5 +1,5 @@
class Account < ApplicationRecord
- include Account::Storage, Entropic, Seedeable
+ include Account::Storage, Entropic, MultiTenantable, Seedeable
has_one :join_code
has_many :users, dependent: :destroy
diff --git a/app/models/account/multi_tenantable.rb b/app/models/account/multi_tenantable.rb
new file mode 100644
index 000000000..7d1ef5d39
--- /dev/null
+++ b/app/models/account/multi_tenantable.rb
@@ -0,0 +1,13 @@
+module Account::MultiTenantable
+ extend ActiveSupport::Concern
+
+ included do
+ cattr_accessor :multi_tenant, default: false
+ end
+
+ class_methods do
+ def accepting_signups?
+ multi_tenant || Account.none?
+ end
+ end
+end
diff --git a/app/views/sessions/magic_links/show.html.erb b/app/views/sessions/magic_links/show.html.erb
index 4e94f411e..947b3c426 100644
--- a/app/views/sessions/magic_links/show.html.erb
+++ b/app/views/sessions/magic_links/show.html.erb
@@ -3,7 +3,9 @@
">
<%= @page_title %>
-
Then enter the verification code included in the email below:
+
+ Then enter the verification code included in the email below:
+