Mike Dalessio
b05ecb7809
Update card buttons dynamically
...
User flows when editing a card look like:
- Click "Edit" → the closure buttons are replaced by "Save changes"
- Submit card form → Saves and restores closure buttons
- Press ESC while editing → Cancels and restores closure buttons
Also, renamed for clarity:
- _title.html.erb → _content.html.erb
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-22 12:14:39 -05:00
Mike Dalessio
4dc28943da
Don't let cloudflare cache avatars
...
The issue here is that anyone else who views my avatar will cause it
to be cached, and then I can't easily bust the cache if I change my
avatar.
2025-11-22 09:48:28 -05:00
Mike Dalessio
64bac96545
User avatar responses have cache-control "public"
...
ref: https://app.fizzy.do/5986089/cards/3125
2025-11-21 16:11:39 -05:00
Mike Dalessio
bcb43305b6
Improve avatar image handling
...
- redirect avatar image requests to the rails_blob_url, instead of
streaming them through the web app
- use a thumbnail variant for avatar images
- only put avatar initials behind the stale? check (not the image
redirect, which would result in browsers rendering broken images when
an avatar is changed, until max-age expires)
2025-11-21 15:16:46 -05:00
Stanko K.R.
fe909d6dc5
Disable stale while revalidate for own avatar
...
Locally, having stale_while_revalidate works great, but in production when we are behind CloudFlare, this results in an old image being shown after you upload a new one
See: https://app.fizzy.do/5986089/cards/2978
2025-11-21 19:26:38 +01:00
Jason Zimdars
2c4d2df469
Merge pull request #1679 from basecamp/notifications
...
Cap the max number of unread notifications to 500
2025-11-21 09:34:26 -06:00
Jorge Manrubia
42a39b224c
Cap the max number of unread notifications to 500
...
Simpler than adding 2 levels of pagination here
2025-11-21 15:55:24 +01:00
Jorge Manrubia
93ee8899a0
More robust implementation to prevent method injection attacks
2025-11-21 10:38:16 +01:00
Jorge Manrubia
e4558f00ab
Merge branch 'main' into expand-activity-columns
2025-11-21 10:25:39 +01:00
Jorge Manrubia
e813b7eaf0
Invalidate HTTP caching when the cards change
...
https://app.fizzy.do/5986089/cards/3067
2025-11-21 09:32:02 +01:00
Mike Dalessio
1341830ed2
Add total counts and restructure admin stats dashboard
...
- Add total counts for accounts and identities alongside 7-day and 24-hour metrics
- Change layout from horizontal to vertical stacking
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-20 14:39:19 -05:00
Jason Zimdars
133a17a75e
Just pass the column name string, no need to both with numbers
2025-11-20 11:43:17 -06:00
Mike Dalessio
c53b56c1db
Display a helpful error message when join code is exhausted
...
ref: https://app.fizzy.do/5986089/cards/3015
2025-11-19 15:53:25 -05:00
Mike Dalessio
2fe578c5e5
Small improvements to the stats dashboard
2025-11-19 14:31:13 -05:00
Mike Dalessio
362be963c0
Add a very rudimentary admin dashboard.
2025-11-19 14:23:47 -05:00
Mike Dalessio
4636b31f06
Authorization ensure_staff uses identity.staff
...
for use on untenanted routes
2025-11-19 14:23:47 -05:00
Mike Dalessio
47c05e6d6a
Restore basic auth on signup
...
broken in 6e304958
2025-11-19 14:12:59 -05:00
Jason Zimdars
eba749a193
Expand activity columns
2025-11-19 12:48:36 -06:00
David Heinemeier Hansson
9ddcfa5c4b
Conventional order and remove redundant filtering of actions
2025-11-18 15:49:50 +01:00
David Heinemeier Hansson
7d86aae67e
Inline anemic method
2025-11-18 15:48:40 +01:00
David Heinemeier Hansson
b63d79d7a2
Style
2025-11-18 15:45:28 +01:00
David Heinemeier Hansson
c606de7b41
Instead of trying to suppress from the wrong layer of the stick, just don't touch until published?
2025-11-18 15:35:40 +01:00
David Heinemeier Hansson
444d43f2ac
Its been a few days
2025-11-18 14:52:07 +01:00
David Heinemeier Hansson
6e304958be
No need to protect local dev/test
2025-11-18 14:32:54 +01:00
Stanko K.R.
0f7b1312eb
Fix tests broken by optimizations
2025-11-17 17:45:24 +01:00
Stanko K.R.
0b8c51c2e9
Preload cards for columns
2025-11-17 16:16:19 +01:00
Stanko K.R.
e539754e2c
Preload cards
2025-11-17 09:12:41 -05:00
Mike Dalessio
f5305b2fe6
Use Card number as the model param
...
instead of the UUID `id`
2025-11-17 09:12:41 -05:00
Kevin McConnell
9615753e1f
Add routing header to see who served request
2025-11-17 09:12:41 -05:00
Stanko K.R.
e0693de7c3
Scope jobs and controllers by account
2025-11-17 09:12:41 -05:00
Mike Dalessio
5a7f08067a
Move setting Current.account into the middleware
...
so that code called from the Rails controllers can use Current.account
2025-11-17 09:12:40 -05:00
Stanko K.R.
56c41d45eb
Reinstate email changes
2025-11-17 09:12:40 -05:00
Stanko K.R.
34d83aaa7c
Fix tests after the removal of memberships
2025-11-17 09:12:40 -05:00
Stanko K.R.
8fa9566c07
Update sign up
2025-11-17 09:12:40 -05:00
Stanko K.R.
edf837fed3
Drop memberships
2025-11-17 09:12:39 -05:00
Stanko K.R.
5c6b91ef77
Fix incorrect var setting
2025-11-17 09:12:36 -05:00
Stanko K.R.
71a332bb08
Remove dead code
2025-11-17 09:12:17 -05:00
Stanko K.R.
db172bae4e
Simplify authorization
2025-11-17 09:12:17 -05:00
Stanko K.R.
28a6dfce01
Simplify user deactivation
2025-11-17 09:12:17 -05:00
Stanko K.R.
6858b96619
Simplify join codes
2025-11-17 09:12:17 -05:00
Donal McBreen
3aa4a1a562
Shard the search index into 16 tables
...
Create search_index_0 to search_index_15 tables and shard each index by
account id. MySQL has no ability to pre-filter fulltext indexes by
another field so this is the best bet for improving performance.
Each fulltest index internally creates 11 sub tables (see
https://dev.mysql.com/doc/refman/8.4/en/innodb-fulltext-index.html ) so
actually we have 192 tables in total here.
The search_index table name is generated dynamically based on the
account_id.
2025-11-17 09:12:17 -05:00
Donal McBreen
ddd7fe082a
Ensure the mentioning scope search works
...
Include the filter by accessible board ids to avoid large joins from the
search_index table. Drop the unused search scope.
2025-11-17 09:12:17 -05:00
Mike Dalessio
dbf66f9a50
Constrain user queries to the current or relevant account
2025-11-17 09:11:57 -05:00
Mike Dalessio
89d1299ec0
Fix authentication on "untenanted" controllers
...
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00
Mike Dalessio
086a9ceada
Revert some auth pieces of "Account.sole → Current.account"
2025-11-17 09:11:45 -05:00
Mike Dalessio
030433b99d
Remove debugging statements
2025-11-17 09:11:42 -05:00
Mike Dalessio
ec54014832
Add account slug middleware
...
and set Current.account
2025-11-17 09:11:42 -05:00
Mike Dalessio
d41d50d52b
Account.sole → Current.account
...
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
Kevin McConnell
dc40d2b5b0
Remove custom read/writer routing
2025-11-17 09:11:28 -05:00
Jorge Manrubia
a1bc6b7939
Do not use HTTP caching since the page is full of forms, and can result in 422s due to CSRF tokens
...
https://app.fizzy.do/5986089/cards/2977
2025-11-17 13:55:23 +01:00