Commit Graph

882 Commits

Author SHA1 Message Date
Mike Dalessio c53b56c1db Display a helpful error message when join code is exhausted
ref: https://app.fizzy.do/5986089/cards/3015
2025-11-19 15:53:25 -05:00
Mike Dalessio 2fe578c5e5 Small improvements to the stats dashboard 2025-11-19 14:31:13 -05:00
Mike Dalessio 362be963c0 Add a very rudimentary admin dashboard. 2025-11-19 14:23:47 -05:00
Mike Dalessio 4636b31f06 Authorization ensure_staff uses identity.staff
for use on untenanted routes
2025-11-19 14:23:47 -05:00
Mike Dalessio 47c05e6d6a Restore basic auth on signup
broken in 6e304958
2025-11-19 14:12:59 -05:00
David Heinemeier Hansson 9ddcfa5c4b Conventional order and remove redundant filtering of actions 2025-11-18 15:49:50 +01:00
David Heinemeier Hansson 7d86aae67e Inline anemic method 2025-11-18 15:48:40 +01:00
David Heinemeier Hansson b63d79d7a2 Style 2025-11-18 15:45:28 +01:00
David Heinemeier Hansson c606de7b41 Instead of trying to suppress from the wrong layer of the stick, just don't touch until published? 2025-11-18 15:35:40 +01:00
David Heinemeier Hansson 444d43f2ac Its been a few days 2025-11-18 14:52:07 +01:00
David Heinemeier Hansson 6e304958be No need to protect local dev/test 2025-11-18 14:32:54 +01:00
Stanko K.R. 0f7b1312eb Fix tests broken by optimizations 2025-11-17 17:45:24 +01:00
Stanko K.R. 0b8c51c2e9 Preload cards for columns 2025-11-17 16:16:19 +01:00
Stanko K.R. e539754e2c Preload cards 2025-11-17 09:12:41 -05:00
Mike Dalessio f5305b2fe6 Use Card number as the model param
instead of the UUID `id`
2025-11-17 09:12:41 -05:00
Kevin McConnell 9615753e1f Add routing header to see who served request 2025-11-17 09:12:41 -05:00
Stanko K.R. e0693de7c3 Scope jobs and controllers by account 2025-11-17 09:12:41 -05:00
Mike Dalessio 5a7f08067a Move setting Current.account into the middleware
so that code called from the Rails controllers can use Current.account
2025-11-17 09:12:40 -05:00
Stanko K.R. 56c41d45eb Reinstate email changes 2025-11-17 09:12:40 -05:00
Stanko K.R. 34d83aaa7c Fix tests after the removal of memberships 2025-11-17 09:12:40 -05:00
Stanko K.R. 8fa9566c07 Update sign up 2025-11-17 09:12:40 -05:00
Stanko K.R. edf837fed3 Drop memberships 2025-11-17 09:12:39 -05:00
Stanko K.R. 5c6b91ef77 Fix incorrect var setting 2025-11-17 09:12:36 -05:00
Stanko K.R. 71a332bb08 Remove dead code 2025-11-17 09:12:17 -05:00
Stanko K.R. db172bae4e Simplify authorization 2025-11-17 09:12:17 -05:00
Stanko K.R. 28a6dfce01 Simplify user deactivation 2025-11-17 09:12:17 -05:00
Stanko K.R. 6858b96619 Simplify join codes 2025-11-17 09:12:17 -05:00
Donal McBreen 3aa4a1a562 Shard the search index into 16 tables
Create search_index_0 to search_index_15 tables and shard each index by
account id. MySQL has no ability to pre-filter fulltext indexes by
another field so this is the best bet for improving performance.

Each fulltest index internally creates 11 sub tables (see
https://dev.mysql.com/doc/refman/8.4/en/innodb-fulltext-index.html) so
actually we have 192 tables in total here.

The search_index table name is generated dynamically based on the
account_id.
2025-11-17 09:12:17 -05:00
Donal McBreen ddd7fe082a Ensure the mentioning scope search works
Include the filter by accessible board ids to avoid large joins from the
search_index table. Drop the unused search scope.
2025-11-17 09:12:17 -05:00
Mike Dalessio dbf66f9a50 Constrain user queries to the current or relevant account 2025-11-17 09:11:57 -05:00
Mike Dalessio 89d1299ec0 Fix authentication on "untenanted" controllers
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00
Mike Dalessio 086a9ceada Revert some auth pieces of "Account.sole → Current.account" 2025-11-17 09:11:45 -05:00
Mike Dalessio 030433b99d Remove debugging statements 2025-11-17 09:11:42 -05:00
Mike Dalessio ec54014832 Add account slug middleware
and set Current.account
2025-11-17 09:11:42 -05:00
Mike Dalessio d41d50d52b Account.sole → Current.account
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
Kevin McConnell dc40d2b5b0 Remove custom read/writer routing 2025-11-17 09:11:28 -05:00
Jorge Manrubia a1bc6b7939 Do not use HTTP caching since the page is full of forms, and can result in 422s due to CSRF tokens
https://app.fizzy.do/5986089/cards/2977
2025-11-17 13:55:23 +01:00
Jorge Manrubia eea9afb639 Fix: dismiss grouped notifications by card from the notifications tray
This also splits the templates into two: index and tray, since the URL now changes.
2025-11-14 12:58:24 +01:00
Jorge Manrubia 0d55c966b3 Fix: setting board entropy was changing the account entropy when not present 2025-11-14 12:10:54 +01:00
Jorge Manrubia 17876b30d4 Manage comments with streams
We replacing the full list of comments within a turbo frame, which didn't feel great when you had several comments.
2025-11-13 17:12:46 +01:00
Jorge Manrubia 6e2d115b71 Http caching for my/menu 2025-11-12 18:27:11 +01:00
Jorge Manrubia 2d96e7c9c6 Use streams to update/remove reactions
Prevents race condition causing flickering https://app.fizzy.do/5986089/cards/2906

This will prevent these from udpating live, but we will tackle that as part of live card
updates with page refreshes, which I will tackle soon.
2025-11-12 18:04:20 +01:00
Jorge Manrubia 285328ec60 Smoother tag updates with streams 2025-11-12 17:29:35 +01:00
Jorge Manrubia 6929f536f2 Merge pull request #1567 from basecamp/permissions-tweak
Enforce several admin-only permissions in the backend
2025-11-12 11:50:21 +01:00
Jorge Manrubia 872537f02c Ensure only admins/creators can publish boards 2025-11-12 11:48:35 +01:00
Jorge Manrubia 39c88cf188 Ensure only admins/creators can touch the board entropy 2025-11-12 11:45:09 +01:00
Jorge Manrubia 9c77ad6029 Admins can't edit the board in general 2025-11-12 11:41:46 +01:00
Jorge Manrubia b7729401b4 Only admins can edit entropy 2025-11-12 11:33:46 +01:00
Jorge Manrubia e67cdd986f Only admins can manage join codes 2025-11-12 11:30:29 +01:00
Jorge Manrubia 7bfcfb57c7 Fix: invalidate http cache when selecting assignees 2025-11-12 11:17:21 +01:00