Commit Graph

7793 Commits

Author SHA1 Message Date
Jeremy Daer cac0ca1656 Scope the single-board case to just the creator's boards (#1880) 2025-12-03 15:47:04 -08:00
Jeremy Daer 49139b7a14 SQLite import creates account-scoped tags
References #1879
2025-12-03 15:09:22 -08:00
Jorge Manrubia 9cf223aea1 Fix path 2025-12-03 23:53:18 +01:00
Jorge Manrubia efc809c23e Script to fix misassigned tags
See https://github.com/basecamp/fizzy/pull/1879
2025-12-03 23:46:08 +01:00
Jorge Manrubia 38d86fb17b Merge pull request #1879 from basecamp/scope-tags
Scope tags by account
2025-12-03 23:42:04 +01:00
Jorge Manrubia 4a30663df1 Scope tags by account
We missed this one when we went to MySQL. This can results in cards tagged with cards
from other accounts. No data leaked though: the symptom is that you see the card
tagged as expected but you don't see the tag in the menu.
2025-12-03 23:39:37 +01:00
Jorge Manrubia 6847c001ea Merge pull request #1876 from basecamp/column-reordering-auth
Fix unauthorized column reordering
2025-12-03 22:18:06 +01:00
Jorge Manrubia 367e5aa1dd Merge pull request #1871 from imbriaco/patch-2
Use environment variable for default mailer address
2025-12-03 22:07:39 +01:00
Jorge Manrubia 6c9ec052db Merge pull request #1874 from basecamp/bump-prometheus-client-mmap
Bump fizzy-saas to upgrade prometheus-client-mmap to ~> 1.4.0
2025-12-03 22:06:41 +01:00
Jeremy Daer 9f6a4f1cc6 Fix unauthorized column reordering
Users could reorder columns they didn't have access to. Fixed by
limiting ColumnScoped to User::Accessor#accessible_columns.

References https://hackerone.com/reports/3449905
2025-12-03 13:00:49 -08:00
Jorge Manrubia 7fcf660f05 Merge pull request #1854 from MatheusRich/find-by-over-where-first
Prefer find_by! over where + first!
2025-12-03 21:51:18 +01:00
Lewis Buckley 4bcedbbd77 Upgrade prometheus-client-mmap to ~> 1.4.0 2025-12-03 20:46:23 +00:00
Mike Dalessio cd23a54bb5 Merge pull request #1873 from basecamp/flavorjones/seed-staff-users
Update seeds to use `@example.com`
2025-12-03 15:44:54 -05:00
Mike Dalessio 6345aa4787 Update seeds to use @example.com
See also https://www.rfc-editor.org/rfc/rfc2606.html
2025-12-03 15:40:58 -05:00
Mike Dalessio 8064e017dc db:seeds create staff users for testing in development 2025-12-03 15:29:36 -05:00
Mark Imbriaco 56033d0a8e Use environment variable for default mailer address 2025-12-03 14:56:19 -05:00
Jason Zimdars 8f2ec267f6 Merge pull request #1820 from dcchambers/delete-board-confirmation
Add card deletion warning to board deletion confirmation message
2025-12-03 13:42:06 -06:00
Stanko Krtalić f41b1b098a Merge pull request #1868 from basecamp/use-cryptographically-secure-randomness-for-magic-link-code-generation
Use cryptographically secure randomness for Magic Link code generation
2025-12-03 20:21:52 +01:00
Andy Smith 4b86399ae9 Merge pull request #1866 from basecamp/quick-filters-on-mobile
Don't hide quick filters on mobile
2025-12-03 13:18:09 -06:00
Stanko K.R. 7ab06d1dbd Use cryptographically secure randomness for Magic Link code generation
#sample uses PRNG under the hood which is pseudo random, which means that given enough magic link codes you can predict which code would come next. To fix that we have to switch to CSPRNG - SecureRandom.random_number - which isn't easy to predict based on previous results.
2025-12-03 20:15:27 +01:00
Stanko Krtalić 3520f97e33 Merge pull request #1857 from basecamp/friendly-error-message-when-changing-email-with-an-invalid-code
Render a friendly error message when using an invalid email change token
2025-12-03 20:06:24 +01:00
Dakota Chambers a98cb58348 Update app/views/boards/edit/_delete.html.erb
Co-authored-by: Jason Zimdars <jz@37signals.com>
2025-12-03 13:04:29 -06:00
Jorge Manrubia 60b1fe26e8 Merge pull request #1847 from javier-valencia-arch/patch-1
Refactor with_account and without_account methods
2025-12-03 19:33:31 +01:00
Jorge Manrubia 2e3c9374a5 Merge pull request #1833 from rossvz/fix/hide-add-step-on-closed-cards
hide "add a step" input when card is closed
2025-12-03 19:32:22 +01:00
Jason Zimdars 7a45caa39d Update test 2025-12-03 12:02:23 -06:00
Andy Smith e7cdeb1148 Don't monkey with input width 2025-12-03 11:51:23 -06:00
Jason Zimdars 443a6bd408 Merge pull request #1864 from basecamp/update-onboarding-text
Update seeder.rb to fix minor things in the onboarding content
2025-12-03 11:45:56 -06:00
Andy Smith 5118ca04b1 Don't hide quick filters on mobile 2025-12-03 11:43:50 -06:00
Andy Smith b26284402e Merge pull request #1863 from basecamp/filters-z-index-fix
Target tooltips instead of specific buttons
2025-12-03 11:26:55 -06:00
Jason Zimdars df04fb9250 Adjust for layout consistency and tighten up some copy 2025-12-03 11:21:34 -06:00
Jason Zimdars a6c5cc19b7 Copy and layout edits for the new invalid token screen 2025-12-03 11:21:13 -06:00
Brian Bailey 30a2149115 Update seeder.rb to fix a few minor things in the onboarding content 2025-12-03 12:20:37 -05:00
Andy Smith c3172c66ee Target tooltips instead of specific buttons 2025-12-03 11:16:37 -06:00
Andy Smith 8cc698b702 Merge pull request #1862 from basecamp/lexxy-attachment-margins
Repair margins for attachments
2025-12-03 11:07:21 -06:00
Andy Smith d62a608772 Repair margins for attachments 2025-12-03 11:02:02 -06:00
Jorge Manrubia 31fa58817c Merge pull request #1861 from karlentwistle/move-eventable-to-concerns
Move Eventable concern to app/models/concerns
2025-12-03 18:00:56 +01:00
Karl Entwistle 59d7229500 Move Eventable concern to app/models/concerns
Aligns with Rails conventions for organizing concerns in a dedicated
concerns directory alongside existing concerns like Attachments,
Mentions, Searchable, etc.
2025-12-03 16:36:15 +00:00
Stanko K.R. 92b7c4a86c Update copy 2025-12-03 15:44:20 +01:00
Donal McBreen 684f665cad Merge pull request #1856 from basecamp/auto-set-uuid-defaults
Auto default for UUID primary keys
2025-12-03 14:38:35 +00:00
Stanko K.R. 84213265e7 Render friendly error message when using an invalid token 2025-12-03 15:37:27 +01:00
Donal McBreen 13db384648 Auto default for UUID primary keys
Patch load_schmema! to set the default value for UUID primary keys. This
removes the need to patch ApplicationRecord + Rails models individually.

It also means we no longer need to patch the default in for the integer
primary key in Search::Record::SQLite.
2025-12-03 14:27:52 +00:00
Matheus Richard 7e95322776 Prefer find_by! over where + first! 2025-12-03 11:20:02 -03:00
David Heinemeier Hansson 737d92781b We now use GH actions instead of local CI since this project is public 2025-12-03 14:57:59 +01:00
Stanko Krtalić 61cc535c5b Merge pull request #1851 from palkan/tests/connection-test
Add Connection tests
2025-12-03 14:56:15 +01:00
Vladimir Dementyev 3832b6230f + connection_test.rb 2025-12-03 16:40:44 +03:00
Stanko Krtalić 372d46f2cc Merge pull request #1849 from basecamp/prevent-crash-in-join-code-race-condition
Fix crash in join code redemption race condition
2025-12-03 13:35:08 +01:00
Jorge Manrubia b9694449fc Merge pull request #1850 from basecamp/column-dialog-issues
Capture key presses inside the column edit form to prevent interferences with column navigation
2025-12-03 13:32:57 +01:00
Stanko K.R. 6e9381abb8 Fix crash in join code redemption race condition 2025-12-03 13:29:20 +01:00
Jorge Manrubia 0cb65685e5 Capture key presses inside the column edit form to prevent interferences with column navigation
https://app.fizzy.do/5986089/cards/3249
2025-12-03 13:28:44 +01:00
Javier Valencia 0d83e9b90c Refactor with_account and without_account methods
Remove variables name for block, not needed from Ruby >= 3.1
2025-12-03 12:26:39 +01:00