Commit Graph

346 Commits

Author SHA1 Message Date
Mike Dalessio b05ecb7809 Update card buttons dynamically
User flows when editing a card look like:
- Click "Edit" → the closure buttons are replaced by "Save changes"
- Submit card form → Saves and restores closure buttons
- Press ESC while editing → Cancels and restores closure buttons

Also, renamed for clarity:
- _title.html.erb → _content.html.erb

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-22 12:14:39 -05:00
Mike Dalessio 4dc28943da Don't let cloudflare cache avatars
The issue here is that anyone else who views my avatar will cause it
to be cached, and then I can't easily bust the cache if I change my
avatar.
2025-11-22 09:48:28 -05:00
Jason Zimdars 0482d3b5ba Update test 2025-11-21 17:08:04 -06:00
Mike Dalessio ec8974640f User avatar responses have cache-control "public"
ref: https://app.fizzy.do/5986089/cards/3125
2025-11-21 16:08:52 -06:00
Mike Dalessio af0e2488d0 Improve avatar image handling
- redirect avatar image requests to the rails_blob_url, instead of
  streaming them through the web app
- use a thumbnail variant for avatar images
- only put avatar initials behind the stale? check (not the image
  redirect, which would result in browsers rendering broken images when
  an avatar is changed, until max-age expires)
2025-11-21 16:08:52 -06:00
Stanko K.R. fe909d6dc5 Disable stale while revalidate for own avatar
Locally, having stale_while_revalidate works great, but in production when we are behind CloudFlare, this results in an old image being shown after you upload a new one

See: https://app.fizzy.do/5986089/cards/2978
2025-11-21 19:26:38 +01:00
Jorge Manrubia 93ee8899a0 More robust implementation to prevent method injection attacks 2025-11-21 10:38:16 +01:00
Mike Dalessio 99fe5ff934 Make sure that comments show up in search properly
when the search term appears in both the comment and the card description
2025-11-19 18:02:36 -05:00
Mike Dalessio c53b56c1db Display a helpful error message when join code is exhausted
ref: https://app.fizzy.do/5986089/cards/3015
2025-11-19 15:53:25 -05:00
Stanko K.R. 0f7b1312eb Fix tests broken by optimizations 2025-11-17 17:45:24 +01:00
Mike Dalessio e599c462b2 Fix test from 0d55c966 to use Current.account 2025-11-17 09:14:23 -05:00
Mike Dalessio e3d86bb21e Clean up some spots where "current account" is ambiguous
Primarily this is in tests (which were caught by temporarily
introducing acts_as_tenant and enabling safety checks), but notably
action cable connections were not working properly, and that's now
fixed.
2025-11-17 09:12:41 -05:00
Stanko K.R. e0693de7c3 Scope jobs and controllers by account 2025-11-17 09:12:41 -05:00
Donal McBreen 28efe28f24 Replace Search::Index with Search::Records
Lean on ActiveRecord models for searching and strip out the raw SQL.
Replaces the search_index_* tables with sharded search_records_* tables
as that allows us to use a Search::Record model name.

A Class is dynamically created for each record table shard so that we
and we can access it via the Search::Record.for_account(account_id)
method.
2025-11-17 09:12:40 -05:00
Stanko K.R. 56c41d45eb Reinstate email changes 2025-11-17 09:12:40 -05:00
Mike Dalessio 4d8b3ed719 rubocop: style fixes 2025-11-17 09:12:40 -05:00
Kevin McConnell 59dd8ca549 Make IDs more time-sortable in tests
In order for model ordering to work as expected in tests, we need to
keep two properties:

- Fixtures are all created in the past
- Models sort in the order that they were created

This allows us to do things like this:

    post cards_path, params: { ... }
    created_card = Card.last

When using UUIDv7 PKs rather than sequential integers, we have to make
sure a couple of things happen in order for this still to be true:

- Fixtures should generate deterministic IDs that translate to UUIDs
  that would have been created in the past (i.e. before today)
- Newly created objects must have enough precision in their timestamps
  so that they sort in the order they were created, and their random
  component doesn't come into play.

To solve this, we use the deterministic numeric ID as a number of
milliseconds after an early year. And we ensure that the new timestamps
we create have sub-millisecond precision.
2025-11-17 09:12:40 -05:00
Stanko K.R. 34d83aaa7c Fix tests after the removal of memberships 2025-11-17 09:12:40 -05:00
Kevin McConnell 1959e15f7e Fix more tests
These are mainly because the fixture's UUIDs are deterministic rather
than time-sortable, and more places where we need to correct the fixture
IDs as well.
2025-11-17 09:12:31 -05:00
Stanko K.R. 71a332bb08 Remove dead code 2025-11-17 09:12:17 -05:00
Stanko K.R. 6858b96619 Simplify join codes 2025-11-17 09:12:17 -05:00
Mike Dalessio dbf66f9a50 Constrain user queries to the current or relevant account 2025-11-17 09:11:57 -05:00
Mike Dalessio c38f27f3b4 test: fix or skip signup controller tests 2025-11-17 09:11:47 -05:00
Mike Dalessio 905cf759d8 test: fixing or skipping more tests 2025-11-17 09:11:47 -05:00
Mike Dalessio d41d50d52b Account.sole → Current.account
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
Jorge Manrubia eea9afb639 Fix: dismiss grouped notifications by card from the notifications tray
This also splits the templates into two: index and tray, since the URL now changes.
2025-11-14 12:58:24 +01:00
Jorge Manrubia 0d55c966b3 Fix: setting board entropy was changing the account entropy when not present 2025-11-14 12:10:54 +01:00
Jorge Manrubia 17876b30d4 Manage comments with streams
We replacing the full list of comments within a turbo frame, which didn't feel great when you had several comments.
2025-11-13 17:12:46 +01:00
Jorge Manrubia 2dab14ef64 Replace the full container since we want to get back to the initial state
To see the boost button again
2025-11-12 18:14:31 +01:00
Jorge Manrubia 2d96e7c9c6 Use streams to update/remove reactions
Prevents race condition causing flickering https://app.fizzy.do/5986089/cards/2906

This will prevent these from udpating live, but we will tackle that as part of live card
updates with page refreshes, which I will tackle soon.
2025-11-12 18:04:20 +01:00
Jorge Manrubia 285328ec60 Smoother tag updates with streams 2025-11-12 17:29:35 +01:00
Jorge Manrubia 872537f02c Ensure only admins/creators can publish boards 2025-11-12 11:48:35 +01:00
Jorge Manrubia 9c77ad6029 Admins can't edit the board in general 2025-11-12 11:41:46 +01:00
Jorge Manrubia cc612479f0 Add missing test 2025-11-12 11:35:58 +01:00
Jorge Manrubia b7729401b4 Only admins can edit entropy 2025-11-12 11:33:46 +01:00
Jorge Manrubia e67cdd986f Only admins can manage join codes 2025-11-12 11:30:29 +01:00
Stanko K.R. cd51256f41 Disable user creation tests for the OSS config 2025-11-07 07:17:49 +01:00
Stanko K.R. 3f4d500103 Unify sign in and sign up 2025-11-07 07:06:25 +01:00
Jorge Manrubia 693c0c0fb2 Redirect to root to avoid changing the path by default 2025-11-05 19:00:50 +01:00
Jorge Manrubia 2af7a9f402 Merge pull request #1498 from basecamp/rename-boards
Rename collections => boards
2025-11-05 18:50:49 +01:00
Jorge Manrubia 3b34703db3 Make sure that only admins or card creators can delete cards 2025-11-05 16:37:43 +01:00
Jorge Manrubia de8e861712 Make sure only admins or collection creators can toggle the individual access settings 2025-11-05 16:04:25 +01:00
Jorge Manrubia 193cc26a98 Make sure only admins or collection creators can toggle the all access setting 2025-11-05 15:51:19 +01:00
Jorge Manrubia 39ec6cf062 Replace collection with board in the code, tests green 2025-11-05 13:41:12 +01:00
Jorge Manrubia 03a345609e Baseline replacing collection with board across code 2025-11-05 13:31:54 +01:00
Stanko Krtalić 1c54efbd75 Merge pull request #1497 from basecamp/fix-double-memberships
Prohibit duplicate memberships
2025-11-05 12:22:32 +01:00
Stanko K.R. 3f054c79dd Check that the join code was copied to the membership 2025-11-05 12:09:47 +01:00
Stanko K.R. cfdd7ab1cb Prohibit duplicate memberships 2025-11-05 11:57:40 +01:00
Jorge Manrubia 999043eda0 Fix tests 2025-11-05 11:48:36 +01:00
Jorge Manrubia 10d14b5774 Don't choke when no collections 2025-11-05 08:31:42 +01:00