Commit Graph

21 Commits

Author SHA1 Message Date
Stanko Krtalić eceb6c9b43 Add self-service account deletion (#2246)
* Add self-service account deletion

* Disable access to cancelled accounts & implement Stripe interactions

* Add tests

* Fix failing tests

* Remove cancelled accounts from lists

* Fix incorrect redirect

* Use _path instead of _url for consistency

* Don't track how far the inicieration job got

We still want the step tracking so that the job can be interrupted. But, since the scope is idempotent, we don't need to track how far it got.

* Specify the exact time when the data will be deleted

* Fix crash due to unadvancable cursor

* Rename up_for_incineration to due_for_incineration

* Regenrate the schema

* Fix incorrect path check

* Migrate the SQLite schema

* Only show the cancel button on cancellable accounts

* Check that a subscirption method exists before calling it

* Ignore job failures due to missing records when an account gets deleted

* Skip sending notifications on cancelled accounts

* Use collbacks to integrate

* Add a blank line between queue_as and discard_on

* Break checks into methods

* Inline methods

* Rename Account::IncinerateJob

* Run migrations

* Migrate SQLite
2026-01-12 14:21:05 +01:00
Rosa Gutierrez 3fcf5a9d08 Require authorization for direct uploads
Respond with 403 to JSON requests that are unauthorized, instead of
redirecting.
2025-12-23 11:08:51 +01:00
Jeremy Daer 82626f020d Tailscale serve support (#2126)
Ensure we can serve the app from multiple hosts without breaking links.
* Switch unnecessary full URLs to paths
* Drop default host/port URL options for controllers

Shell 1
```bash
bin/dev
```

Shell 2
```bash
tailscale serve http://fizzy.localhost:3006
```
2025-12-13 09:29:50 -08:00
Mike Dalessio 9cff236f66 Drop staff restriction in beta and staging
because it was preventing testing of signups.
2025-12-12 15:12:46 -05:00
Jorge Manrubia 1897cc238f Only staff can access beta/staging
https://app.fizzy.do/5986089/cards/3208
2025-11-28 15:53:58 +01:00
Mike Dalessio 4636b31f06 Authorization ensure_staff uses identity.staff
for use on untenanted routes
2025-11-19 14:23:47 -05:00
Stanko K.R. edf837fed3 Drop memberships 2025-11-17 09:12:39 -05:00
Stanko K.R. db172bae4e Simplify authorization 2025-11-17 09:12:17 -05:00
Stanko K.R. 28a6dfce01 Simplify user deactivation 2025-11-17 09:12:17 -05:00
Stanko K.R. 6858b96619 Simplify join codes 2025-11-17 09:12:17 -05:00
Mike Dalessio 89d1299ec0 Fix authentication on "untenanted" controllers
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00
Mike Dalessio 030433b99d Remove debugging statements 2025-11-17 09:11:42 -05:00
Mike Dalessio ec54014832 Add account slug middleware
and set Current.account
2025-11-17 09:11:42 -05:00
Mike Dalessio d41d50d52b Account.sole → Current.account
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
Stanko K.R. 87d9c3cd01 Make unauthenticated access permit unauthorized access 2025-11-04 09:02:36 +01:00
David Heinemeier Hansson 43069b1ea4 Extract Users::JoinsController from overloaded UsersController
Good code smell is when the before_action callbacks stack up but can't
be shared across actions
2025-11-02 17:49:25 +01:00
Stanko K.R. 085c7fee2e Fix Rubocop offenses 2025-10-31 16:35:44 +01:00
Stanko K.R. ece9008459 Remove dead code 2025-10-31 16:28:08 +01:00
Stanko Krtalić 98755844a1 Remove the internal API
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
David Heinemeier Hansson 60a429e463 Use more naturally-sounding ensures
These match Basecamp and the existing predicate methods
2025-10-29 13:33:34 +01:00
Stanko K.R. 25b2daad93 Limit access to webhooks to admins 2025-09-16 20:04:20 +02:00