Commit Graph

5918 Commits

Author SHA1 Message Date
Andy Smith ea61907397 Pass in data attribute to partial 2025-12-22 14:43:08 -06:00
Andy Smith 348808edc2 Replace span with li 2025-12-22 14:26:03 -06:00
Jason Zimdars 72ffc2b974 Merge branch 'main' into smooth-theme-change 2025-12-22 11:34:48 -06:00
Jason Zimdars 806297eb12 Merge pull request #2230 from basecamp/refactor-system-comment-classes
Refactor system comment classes
2025-12-22 11:15:48 -06:00
Jason Zimdars 5716303c22 Rename
It feels odd to have a `.system` class in the `.comment` namespace.
Might as well make it really obvious if we're going to rename it
2025-12-22 11:12:46 -06:00
Jason Zimdars 563c530e3e Merge pull request #2213 from basecamp/welcome-letter
Stub welcome letter for newly created accounts
2025-12-22 10:17:41 -06:00
Stanko K.R. 0df667f4fb Fix HTML injection in webhooks through card titles 2025-12-22 12:20:32 +01:00
Jason Zimdars e724b3bf86 Move to variable 2025-12-20 18:19:13 -06:00
Jason Zimdars 71433718d5 Set view-transition-name so it gets calculated in the layer rendering
Prevents cards from briefly appearing on top of the letter while they
finish transitioning
2025-12-20 18:16:35 -06:00
Jason Zimdars c33b12aa14 We get this for free 2025-12-20 18:12:34 -06:00
Jason Zimdars d0587d5db8 turbo:load doesn't seem to be working, try a specific controller method to open it 2025-12-20 18:05:41 -06:00
Jason Zimdars d4ace2752c Ensure the flash notice passes through the redirect 2025-12-20 18:04:56 -06:00
Jason Zimdars c32286da00 Remove second data-action attribute 2025-12-20 17:46:31 -06:00
Jason Zimdars 3b1c67f57d Undo debug 2025-12-20 17:34:19 -06:00
Jason Zimdars f2b49d0798 Avoid orphans 2025-12-20 17:34:05 -06:00
Jason Fried 69f6149ddc Updated the welcome message. 2025-12-19 15:29:20 -08:00
Jason Zimdars 10f27f19a6 Add a close button 2025-12-19 15:46:18 -06:00
Jason Zimdars 0adcfabe4c Stub welcome letter for newly created accounts 2025-12-19 15:36:52 -06:00
Rosa Gutierrez 641e67dc2e Remove status from allowed parameters in CardsController#update
We don't allow changing the status via this action, and it's confusing
and can lead to cases where someone can set someone's else card as
draft, effectively hiding it.
2025-12-19 22:35:30 +01:00
Jeremy Daer bd6c1cf34f Storage: harden reconcile for concurrent writes and fix board transfer (#2096)
* Storage: harden reconcile for concurrent writes and fix board transfer

Reconcile now uses two-cursor approach: captures cursor before and after
the storage scan, aborting if they differ (entries added during scan).
Job retries 3x with 1-minute waits and limits concurrency to 1 per owner.

Board transfer now correctly moves storage for card description embeds
and comment embeds, not just direct attachments. Uses batched queries
to handle cards with thousands of comments efficiently.

Also fixes N+1 queries in attachment grouping via lookup maps.

* Storage: fix per-attachment reconcile and enforce no blob reuse

The storage ledger tracks per-attachment (not per-blob) as a business
abstraction for quotas. This fixes reconcile to match that model and
adds enforcement to prevent blob reuse in tracked contexts.

* Reconcile now uses joins(:blob).sum() for per-attachment counting
* New validation prevents reusing blobs across tracked attachments
* Race-safe storage_total creation with create_or_find_by
* Job efficiency: skip find_by when object already available
* Backfill script checks per-attachment, not just per-blob
2025-12-19 13:07:32 -08:00
Stanko K.R. ca388c2b84 Replace handle_ naming 2025-12-19 19:21:58 +01:00
Stanko K.R. df1dfde2b3 Use same constant for fake magic links 2025-12-19 19:21:58 +01:00
Stanko K.R. 3af8bdbe37 Replace FakeMagicLink with a temporary object 2025-12-19 19:21:58 +01:00
Stanko K.R. 52d57c4681 Tidy up session_token 2025-12-19 19:21:57 +01:00
Stanko K.R. e0270c6c49 Clean up interfaces
I talked to the mobile team, and to keep things simple we agreed to send
the token via a cookie.
2025-12-19 19:21:57 +01:00
Stanko K.R. 1a1f4a077b Simplify auth logic 2025-12-19 19:21:57 +01:00
Fernando Olivares cddddcf83a Fix due to unit test when creating with invalid emails 2025-12-19 19:21:57 +01:00
Fernando Olivares b3c8d02709 Cleanup session creation 2025-12-19 19:21:57 +01:00
Fernando Olivares 6e8d6a3df0 Update to always return a pending auth token for JSON responses. 2025-12-19 19:21:57 +01:00
Fernando Olivares 877f82c0cc Pass a server token when creating a magic link via API 2025-12-19 19:21:57 +01:00
Fernando Olivares a75a939289 Simplify code a bit 2025-12-19 19:21:57 +01:00
Fernando Olivares 360e14352f Simplify session create logic for both html and json 2025-12-19 19:21:57 +01:00
Stanko K.R. e5bdb3b071 Add back missing development magic link prompt 2025-12-19 19:21:57 +01:00
Stanko K.R. c0a0786539 Return the session cookie
We had a call about this. In short, we could reuse access tokens but then the user would see access tokens for every mobile device they have without any indication as to what is going on. So, since this really is just logging in instead of an integration which seems to be the primary purpose of access tokens, we can just use our regular session cookie for authentication.
2025-12-19 19:21:57 +01:00
Stanko K.R. 54ceb4df7c Remove email address and users from magic link response
The identity endpoint can be used to fetch that information
2025-12-19 19:21:57 +01:00
Stanko K.R. b92982b244 Cleanup & simplify sign in 2025-12-19 19:21:57 +01:00
Fernando Olivares 093240c6f7 Return email and users too 2025-12-19 19:21:57 +01:00
Fernando Olivares ab0f7a3ea5 Dev: Set magic link as header when JSON request in development 2025-12-19 19:21:57 +01:00
Fernando Olivares 7644bb7411 Allow JSON requests submitting a magic link code 2025-12-19 19:21:57 +01:00
Fernando Olivares c8eb592746 Allow JSON requests to send a magic link 2025-12-19 19:21:57 +01:00
Jorge Manrubia eb1d112013 Merge pull request #2203 from basecamp/remove-unused-param
Remove unused `tag_ids` parameter from `CardsController#update`
2025-12-19 12:16:32 +01:00
Jorge Manrubia fcc426a97b Merge pull request #2192 from italomatos/optimize-card-count-queries
Optimize card count queries to avoid duplicates
2025-12-19 12:05:35 +01:00
Jorge Manrubia 33fc239571 Merge pull request #2140 from dilberryhoundog/fix-stale-account-cache
Fix: resolve stale account names in jump menu and page titles
2025-12-19 11:26:23 +01:00
Jorge Manrubia 2cbbdfbd19 Merge pull request #2138 from italomatos/refactor/replace-reverse-merge-with-with-defaults
Refactor: Replace reverse_merge with with_defaults for improved readability
2025-12-19 11:24:46 +01:00
Rosa Gutierrez 1e640643e9 Remove unused tag_ids parameter from CardsController#update
This is no longer used in the normal flow of the app. The tags are added
via `Cards::TaggingsController`.
2025-12-19 11:16:20 +01:00
Rosa Gutierrez cb01966439 Remove unused Card.published_or_drafted_by scope
As the tests for it could lead to confusion where it seems drafted cards
are not accessible to someone with access to the board and with the
direct drafted card URL.
2025-12-19 09:46:21 +01:00
Alexander Zaytsev 5657ee0455 Remove extra space 2025-12-19 09:37:07 +01:00
Alexander Zaytsev e52eba9c4e Rename .comment--system to .system-comment 2025-12-19 09:34:23 +01:00
Alexander Zaytsev cc6b5cba9c Use hash for conditional class 2025-12-19 09:33:07 +01:00
Samuel Péchèr 32a0acea11 Merge pull request #2107 from basecamp/adjust-paragraph-spacing
Adjusting text content spacing between paragraphs
2025-12-19 07:59:25 +01:00