Commit Graph

1007 Commits

Author SHA1 Message Date
Mike Dalessio fa118a7d83 Add validation for the join code usage limit
which is preferred to generating a database error
2025-12-10 10:10:08 -05:00
Stanko K.R. 5ce71bf941 Move Identities to My::Identities 2025-12-10 15:13:35 +01:00
Stanko K.R. 90e6322092 Return no content on update 2025-12-10 15:07:22 +01:00
Stanko K.R. 566def581e Remove redundant respond_to 2025-12-10 15:05:13 +01:00
Stanko K.R. 79e77a3780 Handle user update failures 2025-12-10 09:23:53 +01:00
Stanko K.R. 7b30ca203e Add index actions for Comments and Columns
Also, fix crash when a deactivated user is serialized (they don't have
an identity).
2025-12-10 09:23:52 +01:00
Stanko K.R. 6b229424a3 Lower the number of returned unread notifications
After talking to the mobile team we cam to the conclusion that for the API and the mobile apps speed is of the utmost importance when working with notifications. So we agreed to lower the unread notifications limit to 100 like we have in Basecamp. This strikes a balance between speed and usability.
2025-12-10 09:23:52 +01:00
Stanko K.R. bf51950007 Add API for reading notifications 2025-12-10 09:23:52 +01:00
Stanko K.R. 1a24c1373c Add API for creating and updating boards 2025-12-10 09:23:52 +01:00
Stanko K.R. f3ff0c605e Add pagination to most places and fix cards pagination 2025-12-10 09:23:52 +01:00
Stanko K.R. ba30a301dc Add API for updating and deactivating users 2025-12-10 09:23:52 +01:00
Stanko K.R. 7a0554774c Add API for columns 2025-12-10 09:23:52 +01:00
Stanko K.R. d16b3756de Add API for reactions 2025-12-10 09:23:52 +01:00
Stanko K.R. eeed2a8416 Add API for watching cards 2025-12-10 09:23:52 +01:00
Stanko K.R. ed1002f6c5 Add API for card triage 2025-12-10 09:23:52 +01:00
Stanko K.R. 8a84785056 Add API for tagging cards 2025-12-10 09:23:52 +01:00
Stanko K.R. c517ef6063 Add API for CRUD actions on steps 2025-12-10 09:23:52 +01:00
Stanko K.R. 8a61ca2a79 Add API for postponing cards 2025-12-10 09:23:52 +01:00
Stanko K.R. 52e65b3c08 Add API for removing card images 2025-12-10 09:23:52 +01:00
Stanko K.R. 1caeea541d Add API for gilding cards 2025-12-10 09:23:52 +01:00
Stanko K.R. 41115eaf87 Add API for comments CRUD 2025-12-10 09:23:52 +01:00
Stanko K.R. b4012dfb40 Add API for closing and opening cards 2025-12-10 09:23:52 +01:00
Stanko K.R. cf52982b8b Add API for mobing cards between boards 2025-12-10 09:23:52 +01:00
Stanko K.R. 23e6f3b095 Add API for assigning cards 2025-12-10 09:23:52 +01:00
Stanko K.R. 235a94355e Add card update & delete actions 2025-12-10 09:23:52 +01:00
Stanko K.R. 259707bf70 Fix identity tests 2025-12-10 09:23:52 +01:00
Jay Ohms 26fc9ecad4 Add an /identity.json endpoint to obtain the identity accounts and users 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson ae0eaadcdf Publish any API card as soon as it is created 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 0159f369f4 Only authenticate with bearer token if the header is present 2025-12-10 09:23:52 +01:00
Jay Ohms 680f9c0c4d Add top-level API index support for tags 2025-12-10 09:23:52 +01:00
Jay Ohms 5ad7b973cb Add API support for users 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 79fc57a82a Use built-in authenticate_or_request_with_http_token
Hat tip to @adrienpoly
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 983a19fd8a Create cards via API 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson f0c0a87c74 Return json URLs for API actions 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 129b81984f Creating a new board will return the location header 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson efbd2cc3da Allow API JSON requests to sidestep csrf protection 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 0ce3a85778 Only allow writing when the access token has permission 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 7bc6ae4fac Polish 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 96b62d6ec4 Only allow new token to be viewed within 10 seconds 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 88902485e1 Access tokens are strictly personal 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson caa4cd491e Smooth out the finder API 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 7d2c284726 Clarify 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 467843fe22 Inline now anemic helper methods 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 3329008dd8 Handle everything in the same method 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 660fcff558 Authenticate api requests without needing a session 2025-12-10 09:23:52 +01:00
Jason Zimdars 073d1af862 List, create, and revoke access tokens 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson db29562c4c Tie access token directly to session
We need to present them differently in the session list and prevent them
from being deleted
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson a81c681a8d Add access token authentication via HTTP AUTHORIZATION bearer header 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson ea697b7143 Add API to boards 2025-12-10 09:23:52 +01:00
Jeremy Daer ea8a78cc22 Fix stale-read race when creating push subscriptions
(Caught one such uniqueness exception in the wild)

* 200 OK -> 204 No Content, default status
* No need to touch the subscription when found
* Drop superflous test
2025-12-09 01:34:37 -08:00