Commit Graph

135 Commits

Author SHA1 Message Date
Mike Dalessio f5305b2fe6 Use Card number as the model param
instead of the UUID `id`
2025-11-17 09:12:41 -05:00
Kevin McConnell 9615753e1f Add routing header to see who served request 2025-11-17 09:12:41 -05:00
Stanko K.R. e0693de7c3 Scope jobs and controllers by account 2025-11-17 09:12:41 -05:00
Mike Dalessio 5a7f08067a Move setting Current.account into the middleware
so that code called from the Rails controllers can use Current.account
2025-11-17 09:12:40 -05:00
Stanko K.R. edf837fed3 Drop memberships 2025-11-17 09:12:39 -05:00
Stanko K.R. 5c6b91ef77 Fix incorrect var setting 2025-11-17 09:12:36 -05:00
Stanko K.R. 71a332bb08 Remove dead code 2025-11-17 09:12:17 -05:00
Stanko K.R. db172bae4e Simplify authorization 2025-11-17 09:12:17 -05:00
Stanko K.R. 28a6dfce01 Simplify user deactivation 2025-11-17 09:12:17 -05:00
Stanko K.R. 6858b96619 Simplify join codes 2025-11-17 09:12:17 -05:00
Mike Dalessio 89d1299ec0 Fix authentication on "untenanted" controllers
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00
Mike Dalessio 086a9ceada Revert some auth pieces of "Account.sole → Current.account" 2025-11-17 09:11:45 -05:00
Mike Dalessio 030433b99d Remove debugging statements 2025-11-17 09:11:42 -05:00
Mike Dalessio ec54014832 Add account slug middleware
and set Current.account
2025-11-17 09:11:42 -05:00
Mike Dalessio d41d50d52b Account.sole → Current.account
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
Kevin McConnell dc40d2b5b0 Remove custom read/writer routing 2025-11-17 09:11:28 -05:00
Jorge Manrubia 872537f02c Ensure only admins/creators can publish boards 2025-11-12 11:48:35 +01:00
Stanko K.R. bbe74966a1 Extract saas helpers into a concern 2025-11-07 07:08:24 +01:00
Jorge Manrubia 39ec6cf062 Replace collection with board in the code, tests green 2025-11-05 13:41:12 +01:00
Jorge Manrubia 03a345609e Baseline replacing collection with board across code 2025-11-05 13:31:54 +01:00
Jorge Manrubia 2bb90eab13 Use the sole collection as the root for a better onboarding experience for new accounts 2025-11-04 17:09:35 +01:00
Stanko K.R. 87d9c3cd01 Make unauthenticated access permit unauthorized access 2025-11-04 09:02:36 +01:00
David Heinemeier Hansson 6678d0e4fc No longer used 2025-11-03 15:58:36 +01:00
David Heinemeier Hansson 65d04f681a DRY up the public controllers by introducing a shared base class 2025-11-03 15:56:25 +01:00
David Heinemeier Hansson 393e5fd3d4 Don't want to ship with this wart
cc @monorkin
2025-11-03 15:30:44 +01:00
David Heinemeier Hansson 42ebdf9ac1 More natural conditional 2025-11-03 15:29:20 +01:00
David Heinemeier Hansson 9913853cc6 Remove anemic concern 2025-11-03 15:27:12 +01:00
David Heinemeier Hansson cf503bfba3 Prefer templates for turbo streams in all but the very simplest cases
(And probably even then)
2025-11-02 20:20:01 +01:00
David Heinemeier Hansson 43069b1ea4 Extract Users::JoinsController from overloaded UsersController
Good code smell is when the before_action callbacks stack up but can't
be shared across actions
2025-11-02 17:49:25 +01:00
Stanko K.R. 49d865ffd1 Delete scoped session tokens when encountered 2025-10-31 19:00:37 +01:00
Stanko K.R. 085c7fee2e Fix Rubocop offenses 2025-10-31 16:35:44 +01:00
Stanko K.R. ece9008459 Remove dead code 2025-10-31 16:28:08 +01:00
Stanko Krtalić 98755844a1 Remove the internal API
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
Stanko K.R. 201c3e27d3 Update tests for the Internal API 2025-10-31 16:26:08 +01:00
Stanko K.R. 79b012f319 Add Join Codes 2025-10-31 16:24:30 +01:00
Stanko K.R. c8843360fe Clean up and simplify magic links 2025-10-31 16:23:38 +01:00
Stanko K.R. 5cef4ffeb0 Add sign in flow using magic links 2025-10-31 16:22:12 +01:00
Mike Dalessio 1277cc065b Introduce untenanted Identity and Membership models
The new integration test shows the desired user-facing behavior, which
is to make it easy to login without a tenanted URL and to jump between
tenants.

Note that we track two things in the identity_token cookie: a signed
id, and the updated_at for the underlying Identity object. This allows
us to effectively cache on the Identity without having to hit the
database, by using an Identity::Mock object that is compatible with
etag and cache methods.
2025-10-31 16:22:12 +01:00
Jorge Manrubia 5eb5e4b007 Add buttons to move columns left and right 2025-10-29 16:15:25 +01:00
David Heinemeier Hansson b8a0660d7c Fix indention 2025-10-29 13:50:19 +01:00
David Heinemeier Hansson d9ebc8ace0 We need to upstream this fix to turbo-rails
If page refreshes and view transitions clash for us, they'll clash for
all.

cc: @jorgemanrubia
2025-10-29 13:47:51 +01:00
David Heinemeier Hansson 716e5ee506 Mark for upstreaming 2025-10-29 13:41:11 +01:00
David Heinemeier Hansson 2ed10b23c4 Aesthetics 2025-10-29 13:37:14 +01:00
David Heinemeier Hansson 60a429e463 Use more naturally-sounding ensures
These match Basecamp and the existing predicate methods
2025-10-29 13:33:34 +01:00
Kevin McConnell decd01c8d0 Extend public caching to 30 seconds
Up from the previous 5 seconds. It's still short enough that the pages
shouldn't feel stale, but it further reduces the number of requests that
will reach the app.

Also moved this into a shared concern so we can adjust the caching rule
in one place.
2025-10-23 11:48:12 -07:00
Kevin McConnell c1600a99e2 Populate writer and last transaction in responses
In order to control routing dynamically, we need to expose some Beamer
information to the proxy.

The `beamer_writer` value is used by the proxy to keep track of which
node should receive write requests. When it changes due to a failover,
the proxy will update after seeing a new value in this header. We
provide this to the proxy in the `X-Writer` response header.

The `beamer_last_txn` value will be used to control writer pinning.
Setting it in the cookie here is the first stage of this. The second
stage will be to catch situations where a reader gets a request where
this header value is set to a large value than the reader has seen; when
that happens if means there's a risk of reading stale data, so rather
than serve the request we should request the proxy to reproxy it back to
the writer.

We also set `X-Kamal-Target` in the response to match the
`X-Kamal-Target` that was set in the request; this lets us see which
proxy target served each request, which is useful for diagnostics.
2025-10-15 08:46:45 +01:00
Jorge Manrubia b177f92ec1 Prevent view transition animations on page refreshes
View transitions don't play great with page refreshes as they can make those
very noticeable
2025-10-14 15:38:35 +02:00
Mike Dalessio 04be825609 Fix identities for existing sessions 2025-10-10 10:58:30 -04:00
Mike Dalessio 3399e45130 Introduce an "Identity" model to ease login
- New untenanted Identity and Membership models
- New `identity_token` cookie with path "/" holds state across tenants

We're not sure whether the untenanted database will be sqlite or
MySQL, and so I've been careful to minimize

- database reads, placing them behind etags and caching
- database writes, only writing when a new Session is created (login)

Note that we track two things in the identity_token cookie: a signed
id, and the updated_at for the underlying Identity object. This allows
us to effectively cache on the Identity without having to hit the
database, by using an Identity::Mock object that is compatible with
etag and cache methods.

The new integration test shows the desired user-facing behavior, which
is to make it easy to login without a tenanted URL and to jump between
tenants.

- the untenanted "login_help" page shows all linked memberships
- the jump menu shows all linked memberships (except the current)

Also introduced a utility script to populate existing employee
Identities, grouping accounts by email address.
2025-10-10 10:12:25 -04:00
Jorge Manrubia 4527dcbeda Remove unnecessary filtering code
After removing collections from the filtering menu, there was quite a good cleanup here pending
2025-10-03 10:56:34 +02:00