Commit Graph

16 Commits

Author SHA1 Message Date
Mike Dalessio edf6b53469 Introduce an "owner" role, and prevent it from being administered
to prevent the owner from being demoted or kicked out.

ref: https://app.fizzy.do/5986089/cards/3213
2025-11-29 14:13:29 -05:00
Mike Dalessio e0aa1d257e Drop User.system and replace with Account#system_user 2025-11-24 13:23:57 -05:00
Stanko K.R. e85c5736c9 Render system user avatars using redirects 2025-11-24 12:05:32 +01:00
Jorge Manrubia 9903a37243 Fix tests 2025-11-12 11:37:06 +01:00
Jorge Manrubia dba3b2d65d Remove nil param 2025-11-12 11:25:51 +01:00
Jorge Manrubia 3b34703db3 Make sure that only admins or card creators can delete cards 2025-11-05 16:37:43 +01:00
Jorge Manrubia 193cc26a98 Make sure only admins or collection creators can toggle the all access setting 2025-11-05 15:51:19 +01:00
Stanko K.R. 25b2daad93 Limit access to webhooks to admins 2025-09-16 20:04:20 +02:00
David Heinemeier Hansson 8e479dddba Clearer still 2025-04-15 16:04:11 +02:00
David Heinemeier Hansson 5d22809e29 No public use of this concept, so inline it 2025-04-15 16:03:14 +02:00
David Heinemeier Hansson 680611503d Distinguish between administering and just changing 2025-04-15 16:00:29 +02:00
David Heinemeier Hansson af0a42080b Allow users to edit themselves 2025-04-15 15:35:39 +02:00
David Heinemeier Hansson 6bbf68a4f9 The tenanted db is the account scope 2025-04-12 20:06:34 +02:00
Jorge Manrubia cfe91c25c9 Add admin role, make sure only admins can remove and promote other users 2025-04-03 17:43:29 +02:00
Kevin McConnell d925b53b01 Prevent calling system without scoping to account 2025-02-12 15:19:51 +00:00
Kevin McConnell 485a056ba2 Add a "system" role & specific user 2025-02-12 13:19:53 +00:00