Commit Graph

115 Commits

Author SHA1 Message Date
Mike Dalessio 0d138df952 Guard search indexing with searchable? check
Only index cards and comments if their card is `published?`, using a
new method `searchable?` that is implemented on both Card and Comment.
This prevents draft cards and their comments from being indexed.

When drafts are published, the existing `update_in_search_index`
callback creates the record via `upsert!`, or else ensures unpublished
records are removed from the index.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-23 12:13:08 -05:00
Mike Dalessio 9aa15e9fb2 Forbid comments on draft cards
- Add Card#commentable? method that returns true only for published cards.
- CardsController#create ensures that the card is commentable.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-23 11:28:26 -05:00
Mike Dalessio bb2d3a59b5 prefactor: update search to use published cards
We're about to make a change to assert that draft cards are not added
to the search index, and so let's make the intention behind these
tests clear first.
2026-01-23 11:07:43 -05:00
Mike Dalessio 1aea6850f0 Extract Card::Commentable 2026-01-23 10:30:12 -05:00
Kevin McConnell 468fe5f16b Only index up to 32KB of search content
To prevent overflowing the columns in the search index tables (and also
just to avoid creating massive indexes), let's limit the searchable
content to the first 32KB.
2026-01-21 09:52:23 +00:00
Dylan a005391724 Fix: allow destroying "not now" state when closing cards
- Update `Card::Closeable` to destroy associated "not now" state during close.
- Add new tests to verify closure behavior for different column types, including "not now".
2025-12-23 13:43:03 +08:00
Rosa Gutierrez cb01966439 Remove unused Card.published_or_drafted_by scope
As the tests for it could lead to confusion where it seems drafted cards
are not accessible to someone with access to the board and with the
direct drafted card URL.
2025-12-19 09:46:21 +01:00
Stanko K.R. 15daa2bf05 Limit asignees to 10 per card 2025-12-15 16:40:52 +01:00
Ítalo Matos 2066109003 Add test coverage for with_golden_first scope (#2130)
* Add test coverage for with_golden_first scope

Test verifies that the with_golden_first scope correctly orders
golden cards before non-golden cards in query results.

* Refactor golden test: use instance variables, add subordering coverage

Extract @golden and @non_golden fixtures into setup for reuse across
all tests. Simplify with_golden_first test to verify both primary
ordering (golden before non-golden) and subordering preservation.

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:34:35 -08:00
Jankees van Woezik 78fc80cf35 API: Allow updates to last_active_at (#2076)
* Allow Card#last_updated_at to be set

This is useful when doing an import from another system. I'm currently
working on a script to import our Github issues into Fizzy.

This is discussed in
https://github.com/basecamp/fizzy/pull/2056#discussion_r2609560246

* Add nil fallback and expand test coverage for last_active_at

Adds a safety fallback to Time.current if created_at is unexpectedly nil
during card creation.

Test coverage to verify:
* last_active_at defaults to created_at when not provided
* last_active_at can be updated via API on existing cards
* import workflow where last_active_at is restored after comments
* publishing doesn't overwrite explicit last_active_at values

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-11 19:06:03 -08:00
Mike Dalessio 83360ec6f3 Escape the names used to generate system comments
including user names, board titles, column names, and card titles.
2025-12-10 10:38:42 -05:00
Jorge Manrubia c89db89f2a Only broadcast when the preview changes, use the _later variant for the broadcast, add tests 2025-12-05 10:09:20 +01:00
Jorge Manrubia 4a30663df1 Scope tags by account
We missed this one when we went to MySQL. This can results in cards tagged with cards
from other accounts. No data leaked though: the symptom is that you see the card
tagged as expected but you don't see the tag in the menu.
2025-12-03 23:39:37 +01:00
Kevin McConnell d24726c1d3 Merge pull request #1768 from basecamp/data-exports
Add "data export" feature
2025-12-02 09:56:40 +00:00
Jorge Manrubia af0113c9ee After touch should trigger board touch too
The change in https://github.com/basecamp/fizzy/commit/c606de7b41f57734c4c859c5fc3d98c952b26d58#diff-1ecde9fb1ee2494e5d94e807f51f861928f77cfcfb0884889911b62a32c2ff4cL4-R23 was preventing marking cards as golden from broadcasting
2025-12-02 05:55:49 +01:00
Kevin McConnell e16cc21b0a Add "data export" feature
- Adds a button in Account Settings where you can request a ZIP export of your
  Fizzy data
- Export files are created in the background. When ready, a link to
  download them is sent to the requester.
- Exports expire after 24 hours. And are limited to 10 per day.
2025-12-01 15:23:26 +00:00
Jorge Manrubia 7dd3497d3a Extract common setup step 2025-12-01 15:42:03 +01:00
Jorge Manrubia 29d07e7326 Fix: not detecting mentions when publishing saved drafts
The problem was that publishing a card with `#publish` was tracking the event
after updating the status, which was clearing the saved changes and preventing the
code from detecting the mention.

See:
https://app.fizzy.do/5986089/cards/2835
2025-12-01 15:39:45 +01:00
Donal McBreen c4498212dc Merge branch 'main' into sqlite
* main: (116 commits)
  Ensure avatar thumbnails are square
  Update useragent to recognize twitterbot/facebot
  Add defensive styles for non-square avatar images
  Update test for copy changes
  Missed commit
  AI: standardize on https://agents.md
  Make it clear this is just notifications, not comprehensive activity
  AI: configure MCP servers for Chrome, Grafana, and Sentry (#1727)
  Allow requests from Google Image Proxy
  Update to basecamp's useragent fork
  Clean up a little bit the CSRF reporting code
  Claude: production observability guidance (#1725)
  Prevent autoscroll to the root columns container to prevent jump on page load
  Include full name string so you can type your name to filter
  Prioritize current user and assigned users in assignment dropdown
  Check and report on Sec-Fetch-Site header for forgery protection
  bundle update
  Bump bootsnap from 1.18.6 to 1.19.0
  Bump rails from `077c3ad` to `17f6e00`
  Fix cards getting stuck in edit mode
  ...
2025-11-26 10:07:41 +00:00
Donal McBreen b571303385 Don't use Current.account for search records
It doesn't actually work, and even if we could make it work reliably
we are better off if the records always know to go to the right shard.

It does make the interface a bit more complicated as we need to select
the right shard class with `for(account_id)`.
2025-11-25 11:34:41 +00:00
Mike Dalessio e0aa1d257e Drop User.system and replace with Account#system_user 2025-11-24 13:23:57 -05:00
Donal McBreen 525e53a2f7 Add FTS ActiveRecord model
Needs some special handling for the FTS virtual table format. Set the
primary key to rowid and manually specify the columns.
2025-11-21 15:21:11 +00:00
Donal McBreen 01d16f96d4 Remove Search::Record.for_account
Instead we'll compute the table name dynamically based on
Current.account where needed. Also we'll prevent searchable records
from being saved if Current.account is not set, otherwise the after
commit callbacks will fail.
2025-11-21 12:09:21 +00:00
Mike Dalessio 1bbb6d0c03 Fix race condition in Card::ActivitySpike::DetectionJob
The check-then-act pattern in `register_activity_spike` has been
replaced with `find_or_create_by!` to eliminate the race condition
that could lead to creating multiple activity spikes for a card. To
support this change, the `card_id` index on `cards_activity_spikes`
has been made unique.

ref: https://app.fizzy.do/5986089/cards/3063
2025-11-20 15:40:42 -05:00
Mike Dalessio 88750a3498 Prefer Time.current to Time.now 2025-11-20 09:13:17 -05:00
Mike Dalessio dbbee2c661 Stalled cards are unstalled by anything that touches updated_at
ref: https://app.fizzy.do/5986089/cards/2492
2025-11-18 17:46:56 -05:00
Mike Dalessio 97a6916ae1 Update a card's created_at when it is published
ref: https://app.fizzy.do/5986089/cards/2854
2025-11-17 17:39:25 -05:00
Mike Dalessio 73812817e9 Improve card entropic test 2025-11-17 09:12:41 -05:00
Mike Dalessio 4976e4a7bb Update Card::Entropic so its scopes work cross-accounts
with an eye towards making the postpone_all_due recurring job work efficiently.
2025-11-17 09:12:41 -05:00
Donal McBreen 28efe28f24 Replace Search::Index with Search::Records
Lean on ActiveRecord models for searching and strip out the raw SQL.
Replaces the search_index_* tables with sharded search_records_* tables
as that allows us to use a Search::Record model name.

A Class is dynamically created for each record table shard so that we
and we can access it via the Search::Record.for_account(account_id)
method.
2025-11-17 09:12:40 -05:00
Kevin McConnell 59dd8ca549 Make IDs more time-sortable in tests
In order for model ordering to work as expected in tests, we need to
keep two properties:

- Fixtures are all created in the past
- Models sort in the order that they were created

This allows us to do things like this:

    post cards_path, params: { ... }
    created_card = Card.last

When using UUIDv7 PKs rather than sequential integers, we have to make
sure a couple of things happen in order for this still to be true:

- Fixtures should generate deterministic IDs that translate to UUIDs
  that would have been created in the past (i.e. before today)
- Newly created objects must have enough precision in their timestamps
  so that they sort in the order they were created, and their random
  component doesn't come into play.

To solve this, we use the deterministic numeric ID as a number of
milliseconds after an early year. And we ensure that the new timestamps
we create have sub-millisecond precision.
2025-11-17 09:12:40 -05:00
Mike Dalessio 6df681991f rubocop: fix style warnings 2025-11-17 09:12:36 -05:00
Kevin McConnell 1959e15f7e Fix more tests
These are mainly because the fixture's UUIDs are deterministic rather
than time-sortable, and more places where we need to correct the fixture
IDs as well.
2025-11-17 09:12:31 -05:00
Donal McBreen 3aa4a1a562 Shard the search index into 16 tables
Create search_index_0 to search_index_15 tables and shard each index by
account id. MySQL has no ability to pre-filter fulltext indexes by
another field so this is the best bet for improving performance.

Each fulltest index internally creates 11 sub tables (see
https://dev.mysql.com/doc/refman/8.4/en/innodb-fulltext-index.html) so
actually we have 192 tables in total here.

The search_index table name is generated dynamically based on the
account_id.
2025-11-17 09:12:17 -05:00
Donal McBreen 996140e053 Add non transactional search tests
MySQL fulltext indexes are only updated on commit. Use a single test in
each file to avoid repeated setup.
2025-11-17 09:12:17 -05:00
Mike Dalessio 7bd697f75e test: Skip search tests, fix others, and skip a few hard ones 2025-11-17 09:11:42 -05:00
Jorge Manrubia eea9afb639 Fix: dismiss grouped notifications by card from the notifications tray
This also splits the templates into two: index and tray, since the URL now changes.
2025-11-14 12:58:24 +01:00
Jorge Manrubia 0d55c966b3 Fix: setting board entropy was changing the account entropy when not present 2025-11-14 12:10:54 +01:00
Jorge Manrubia 956a7aafad Revert "Revert "Color a11y"" 2025-11-14 11:24:55 +01:00
Jorge Manrubia 6413570985 Revert "Color a11y" 2025-11-14 11:21:52 +01:00
Jorge Manrubia 06b762c0a8 Move default color to the column 2025-11-14 11:15:09 +01:00
Jorge Manrubia b1e087e7c9 Introduce a proper color poro to represent colors
Instead of managing a hash throgh the app
2025-11-14 11:09:39 +01:00
Andy Smith 2b0fd0909d Fix test 2025-11-13 17:32:36 -06:00
Jorge Manrubia 03a345609e Baseline replacing collection with board across code 2025-11-05 13:31:54 +01:00
Jorge Manrubia 9d4dd3b00e Remove "save as draft"
Removes the creating status completely as well as the abandoned cards system. It will
always resume drafts if they exist, for a given collection and user.

https://app.box-car.com/5986089/cards/2489
2025-11-03 09:32:29 +01:00
David Heinemeier Hansson b3474ec97d Rename Entropy::Configuration to just Entropy 2025-11-02 13:11:41 +01:00
Jason Zimdars a8fc78fa90 Update tests 2025-10-29 11:23:13 -05:00
Jorge Manrubia 85bee1af9b Add events for moving between columns 2025-10-29 14:49:02 +01:00
Stanko K.R. a67fd7b082 Add missing quotation mark 2025-10-23 12:50:41 +02:00
Stanko K.R. 2ac2d4e0da Add postpone and auto-postpone as Webhook triggers 2025-10-23 12:31:22 +02:00