Commit Graph

119 Commits

Author SHA1 Message Date
Jorge Manrubia 872537f02c Ensure only admins/creators can publish boards 2025-11-12 11:48:35 +01:00
Stanko K.R. bbe74966a1 Extract saas helpers into a concern 2025-11-07 07:08:24 +01:00
Jorge Manrubia 39ec6cf062 Replace collection with board in the code, tests green 2025-11-05 13:41:12 +01:00
Jorge Manrubia 03a345609e Baseline replacing collection with board across code 2025-11-05 13:31:54 +01:00
Jorge Manrubia 2bb90eab13 Use the sole collection as the root for a better onboarding experience for new accounts 2025-11-04 17:09:35 +01:00
Stanko K.R. 87d9c3cd01 Make unauthenticated access permit unauthorized access 2025-11-04 09:02:36 +01:00
David Heinemeier Hansson 6678d0e4fc No longer used 2025-11-03 15:58:36 +01:00
David Heinemeier Hansson 65d04f681a DRY up the public controllers by introducing a shared base class 2025-11-03 15:56:25 +01:00
David Heinemeier Hansson 393e5fd3d4 Don't want to ship with this wart
cc @monorkin
2025-11-03 15:30:44 +01:00
David Heinemeier Hansson 42ebdf9ac1 More natural conditional 2025-11-03 15:29:20 +01:00
David Heinemeier Hansson 9913853cc6 Remove anemic concern 2025-11-03 15:27:12 +01:00
David Heinemeier Hansson cf503bfba3 Prefer templates for turbo streams in all but the very simplest cases
(And probably even then)
2025-11-02 20:20:01 +01:00
David Heinemeier Hansson 43069b1ea4 Extract Users::JoinsController from overloaded UsersController
Good code smell is when the before_action callbacks stack up but can't
be shared across actions
2025-11-02 17:49:25 +01:00
Stanko K.R. 49d865ffd1 Delete scoped session tokens when encountered 2025-10-31 19:00:37 +01:00
Stanko K.R. 085c7fee2e Fix Rubocop offenses 2025-10-31 16:35:44 +01:00
Stanko K.R. ece9008459 Remove dead code 2025-10-31 16:28:08 +01:00
Stanko Krtalić 98755844a1 Remove the internal API
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
Stanko K.R. 201c3e27d3 Update tests for the Internal API 2025-10-31 16:26:08 +01:00
Stanko K.R. 79b012f319 Add Join Codes 2025-10-31 16:24:30 +01:00
Stanko K.R. c8843360fe Clean up and simplify magic links 2025-10-31 16:23:38 +01:00
Stanko K.R. 5cef4ffeb0 Add sign in flow using magic links 2025-10-31 16:22:12 +01:00
Mike Dalessio 1277cc065b Introduce untenanted Identity and Membership models
The new integration test shows the desired user-facing behavior, which
is to make it easy to login without a tenanted URL and to jump between
tenants.

Note that we track two things in the identity_token cookie: a signed
id, and the updated_at for the underlying Identity object. This allows
us to effectively cache on the Identity without having to hit the
database, by using an Identity::Mock object that is compatible with
etag and cache methods.
2025-10-31 16:22:12 +01:00
Jorge Manrubia 5eb5e4b007 Add buttons to move columns left and right 2025-10-29 16:15:25 +01:00
David Heinemeier Hansson b8a0660d7c Fix indention 2025-10-29 13:50:19 +01:00
David Heinemeier Hansson d9ebc8ace0 We need to upstream this fix to turbo-rails
If page refreshes and view transitions clash for us, they'll clash for
all.

cc: @jorgemanrubia
2025-10-29 13:47:51 +01:00
David Heinemeier Hansson 716e5ee506 Mark for upstreaming 2025-10-29 13:41:11 +01:00
David Heinemeier Hansson 2ed10b23c4 Aesthetics 2025-10-29 13:37:14 +01:00
David Heinemeier Hansson 60a429e463 Use more naturally-sounding ensures
These match Basecamp and the existing predicate methods
2025-10-29 13:33:34 +01:00
Kevin McConnell decd01c8d0 Extend public caching to 30 seconds
Up from the previous 5 seconds. It's still short enough that the pages
shouldn't feel stale, but it further reduces the number of requests that
will reach the app.

Also moved this into a shared concern so we can adjust the caching rule
in one place.
2025-10-23 11:48:12 -07:00
Kevin McConnell c1600a99e2 Populate writer and last transaction in responses
In order to control routing dynamically, we need to expose some Beamer
information to the proxy.

The `beamer_writer` value is used by the proxy to keep track of which
node should receive write requests. When it changes due to a failover,
the proxy will update after seeing a new value in this header. We
provide this to the proxy in the `X-Writer` response header.

The `beamer_last_txn` value will be used to control writer pinning.
Setting it in the cookie here is the first stage of this. The second
stage will be to catch situations where a reader gets a request where
this header value is set to a large value than the reader has seen; when
that happens if means there's a risk of reading stale data, so rather
than serve the request we should request the proxy to reproxy it back to
the writer.

We also set `X-Kamal-Target` in the response to match the
`X-Kamal-Target` that was set in the request; this lets us see which
proxy target served each request, which is useful for diagnostics.
2025-10-15 08:46:45 +01:00
Jorge Manrubia b177f92ec1 Prevent view transition animations on page refreshes
View transitions don't play great with page refreshes as they can make those
very noticeable
2025-10-14 15:38:35 +02:00
Mike Dalessio 04be825609 Fix identities for existing sessions 2025-10-10 10:58:30 -04:00
Mike Dalessio 3399e45130 Introduce an "Identity" model to ease login
- New untenanted Identity and Membership models
- New `identity_token` cookie with path "/" holds state across tenants

We're not sure whether the untenanted database will be sqlite or
MySQL, and so I've been careful to minimize

- database reads, placing them behind etags and caching
- database writes, only writing when a new Session is created (login)

Note that we track two things in the identity_token cookie: a signed
id, and the updated_at for the underlying Identity object. This allows
us to effectively cache on the Identity without having to hit the
database, by using an Identity::Mock object that is compatible with
etag and cache methods.

The new integration test shows the desired user-facing behavior, which
is to make it easy to login without a tenanted URL and to jump between
tenants.

- the untenanted "login_help" page shows all linked memberships
- the jump menu shows all linked memberships (except the current)

Also introduced a utility script to populate existing employee
Identities, grouping accounts by email address.
2025-10-10 10:12:25 -04:00
Jorge Manrubia 4527dcbeda Remove unnecessary filtering code
After removing collections from the filtering menu, there was quite a good cleanup here pending
2025-10-03 10:56:34 +02:00
Mike Dalessio 2d327e6294 Render a helpful menu of tenants temporarily 2025-10-02 16:33:25 -04:00
Jorge Manrubia 1bb8de8564 Fix tests 2025-09-29 13:13:40 +02:00
Jorge Manrubia 4103e0c346 Adapt public collections/cards to the new columns model 2025-09-28 18:33:06 +02:00
Jorge Manrubia ce80c843d0 Several fixes for saving filters
- Unify terms with the settings form so that terms are saved normally in the same form.
- Fix filter normalization since it was sometimes failing to match the saved filters due to using quotes around number strings.
2025-09-22 12:55:19 +02:00
Jorge Manrubia 0703263664 Save/delete filter working properly and fast 2025-09-19 16:51:11 +02:00
Jorge Manrubia 375b16b26e Introduce columns and column entity
To refactor some messy code used to render the cards index screen
2025-09-18 11:41:28 +02:00
Stanko K.R. 25b2daad93 Limit access to webhooks to admins 2025-09-16 20:04:20 +02:00
Jorge Manrubia 48f7f914dc Fix: the system to filter at the current view was broken after moving menu to turbo frame
https://fizzy.37signals.com/5986089/cards/1723
2025-09-15 17:07:09 +02:00
Jorge Manrubia 2e4138b585 Tie etag to sessions
So that we don't get CSRF token issues if sharing sessions in the same browser
2025-09-15 16:31:01 +02:00
Jorge Manrubia af6cb37db1 Speed up filter expansion with turbo stream 2025-09-12 13:06:00 +02:00
Jorge Manrubia 36488278a8 Merge pull request #1052 from basecamp/caching
Add more caching
2025-09-09 12:31:46 +02:00
Jorge Manrubia 0864c91770 Add timezone to etag 2025-09-09 11:32:31 +02:00
Stanko Krtalić 24cb5da194 Make Fizzy Ask staff-only (#1037)
* Make Fizzy Ask invisible but usable by staff

* Remove unused span

* Prevent non-staff users from creating or browsing messages

* Extract staff-only into a mixin

* Keep existing markup, use the utility class we already have

---------

Co-authored-by: Jason Zimdars <jz@37signals.com>
2025-09-09 11:23:31 +02:00
Jorge Manrubia cfa0149564 Persist timezones in the server
Add a beacon to persist timezones when these change (or the first time)
2025-09-05 12:11:57 +02:00
Jorge Manrubia c8569ce8b9 Split indexed_by into two filters: indexed by and sort by
https://3.basecamp.com/2914079/buckets/37331921/todos/8877489555#__recording_8987808963
2025-08-21 19:12:54 +02:00
Jorge Manrubia 5896a21499 Support filter by collection in different screens
We want to filter in the same screen for cards/events but not when viewing a card or from other screens. This adds a controller action to flag the actions where this is supported
2025-08-21 14:19:13 +02:00