Commit Graph

16 Commits

Author SHA1 Message Date
Mike Dalessio 4636b31f06 Authorization ensure_staff uses identity.staff
for use on untenanted routes
2025-11-19 14:23:47 -05:00
Stanko K.R. edf837fed3 Drop memberships 2025-11-17 09:12:39 -05:00
Stanko K.R. db172bae4e Simplify authorization 2025-11-17 09:12:17 -05:00
Stanko K.R. 28a6dfce01 Simplify user deactivation 2025-11-17 09:12:17 -05:00
Stanko K.R. 6858b96619 Simplify join codes 2025-11-17 09:12:17 -05:00
Mike Dalessio 89d1299ec0 Fix authentication on "untenanted" controllers
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00
Mike Dalessio 030433b99d Remove debugging statements 2025-11-17 09:11:42 -05:00
Mike Dalessio ec54014832 Add account slug middleware
and set Current.account
2025-11-17 09:11:42 -05:00
Mike Dalessio d41d50d52b Account.sole → Current.account
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
Stanko K.R. 87d9c3cd01 Make unauthenticated access permit unauthorized access 2025-11-04 09:02:36 +01:00
David Heinemeier Hansson 43069b1ea4 Extract Users::JoinsController from overloaded UsersController
Good code smell is when the before_action callbacks stack up but can't
be shared across actions
2025-11-02 17:49:25 +01:00
Stanko K.R. 085c7fee2e Fix Rubocop offenses 2025-10-31 16:35:44 +01:00
Stanko K.R. ece9008459 Remove dead code 2025-10-31 16:28:08 +01:00
Stanko Krtalić 98755844a1 Remove the internal API
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
David Heinemeier Hansson 60a429e463 Use more naturally-sounding ensures
These match Basecamp and the existing predicate methods
2025-10-29 13:33:34 +01:00
Stanko K.R. 25b2daad93 Limit access to webhooks to admins 2025-09-16 20:04:20 +02:00