Mike Dalessio
4636b31f06
Authorization ensure_staff uses identity.staff
...
for use on untenanted routes
2025-11-19 14:23:47 -05:00
Stanko K.R.
edf837fed3
Drop memberships
2025-11-17 09:12:39 -05:00
Stanko K.R.
db172bae4e
Simplify authorization
2025-11-17 09:12:17 -05:00
Stanko K.R.
28a6dfce01
Simplify user deactivation
2025-11-17 09:12:17 -05:00
Stanko K.R.
6858b96619
Simplify join codes
2025-11-17 09:12:17 -05:00
Mike Dalessio
89d1299ec0
Fix authentication on "untenanted" controllers
...
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00
Mike Dalessio
030433b99d
Remove debugging statements
2025-11-17 09:11:42 -05:00
Mike Dalessio
ec54014832
Add account slug middleware
...
and set Current.account
2025-11-17 09:11:42 -05:00
Mike Dalessio
d41d50d52b
Account.sole → Current.account
...
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
Stanko K.R.
87d9c3cd01
Make unauthenticated access permit unauthorized access
2025-11-04 09:02:36 +01:00
David Heinemeier Hansson
43069b1ea4
Extract Users::JoinsController from overloaded UsersController
...
Good code smell is when the before_action callbacks stack up but can't
be shared across actions
2025-11-02 17:49:25 +01:00
Stanko K.R.
085c7fee2e
Fix Rubocop offenses
2025-10-31 16:35:44 +01:00
Stanko K.R.
ece9008459
Remove dead code
2025-10-31 16:28:08 +01:00
Stanko Krtalić
98755844a1
Remove the internal API
...
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
David Heinemeier Hansson
60a429e463
Use more naturally-sounding ensures
...
These match Basecamp and the existing predicate methods
2025-10-29 13:33:34 +01:00
Stanko K.R.
25b2daad93
Limit access to webhooks to admins
2025-09-16 20:04:20 +02:00