Commit Graph

69 Commits

Author SHA1 Message Date
Donal McBreen e51f0bfee7 Fix account destroy cascade gaps
Account incineration could leave orphaned records due to missing cascade
declarations and async jobs failing when the account was already gone.

Cascade fixes:
- Add Account::Searchable concern to clean up Search::Query (delete_all)
  and Search::Record (destroy_all, respects SQLite FTS dependent: :destroy)
- Add before_destroy in Account::Storage to delete storage entries
- Suppress storage entry recording during incineration so attachment
  purge callbacks don't create entries or enqueue materialize jobs
- Guard Access#clean_inaccessible_data_later with unless user.destroyed?
  to avoid enqueuing pointless jobs during user cascade

Job tenancy:
- Extract AccountTenanted concern from the global ActiveJob initializer
  into ApplicationJob (include) with targeted prepends for
  ActionMailer::MailDeliveryJob and Turbo broadcast jobs
- Defer account resolution from deserialize to perform so that missing
  accounts raise DeserializationError inside the execution path where
  discard_on can handle it

Tests:
- Comprehensive incineration test covering 35 model types with
  before/after assertions and full enqueued job processing
- Mailer deliver_later test verifying account context survives job
  serialization for multi-account users
- Turbo broadcast test verifying account-scoped URLs in rendered partials
2026-04-06 10:04:24 +01:00
Stanko K.R. a791fe1919 Hide importing accounts 2026-02-02 12:36:48 +01:00
Stanko K.R. 2cb77eaaf7 Fix orphaned Entropy records upon Account destruction 2026-02-02 12:36:48 +01:00
Stanko K.R. 161efb0b8e Implement basic imports 2026-02-02 12:36:48 +01:00
Stanko Krtalić eceb6c9b43 Add self-service account deletion (#2246)
* Add self-service account deletion

* Disable access to cancelled accounts & implement Stripe interactions

* Add tests

* Fix failing tests

* Remove cancelled accounts from lists

* Fix incorrect redirect

* Use _path instead of _url for consistency

* Don't track how far the inicieration job got

We still want the step tracking so that the job can be interrupted. But, since the scope is idempotent, we don't need to track how far it got.

* Specify the exact time when the data will be deleted

* Fix crash due to unadvancable cursor

* Rename up_for_incineration to due_for_incineration

* Regenrate the schema

* Fix incorrect path check

* Migrate the SQLite schema

* Only show the cancel button on cancellable accounts

* Check that a subscirption method exists before calling it

* Ignore job failures due to missing records when an account gets deleted

* Skip sending notifications on cancelled accounts

* Use collbacks to integrate

* Add a blank line between queue_as and discard_on

* Break checks into methods

* Inline methods

* Rename Account::IncinerateJob

* Run migrations

* Migrate SQLite
2026-01-12 14:21:05 +01:00
Italo Matos cd4fbc011c Refactor: Replace reverse_merge with with_defaults for improved readability
Replace all occurrences of reverse_merge with with_defaults across the codebase.
The with_defaults method provides clearer intent and better readability when
setting default values for hash parameters.

Changes:
- app/helpers/columns_helper.rb: Update column_frame_tag method
- app/models/user/email_address_changeable.rb: Update generate_email_address_change_token method
- app/models/account.rb: Update create_with_owner method
- app/controllers/concerns/filter_scoped.rb: Update filter_params method

This refactoring maintains the same functionality while improving code clarity.
2025-12-14 14:22:06 -03:00
Kevin McConnell dece2d08d1 Update namespacing & naming 2025-12-11 11:21:09 +00:00
Adam Haris f76309d116 Merge branch 'main' into single_tenant 2025-12-11 06:08:01 +01:00
Jeremy Daer 761d0b4a76 Speedy, auditable, deadlock-resistant storage tracking (#2026)
An append-only storage ledger replaces deadlock-prone synchronous
counter updates and drift-prone async updates.

All content storage (card images, card/comment/board description embeds)
is tracked. Account exports (which expire) and avatars are not tracked.

Storage is accounted for by Account and Board. Both consume the same
event stream independently: no bubble-up storage bumps triggering
deadlocks due to lock sequencing. Each calculates its own total from
the underlying ledger with independent cursors and materialization.

* Storage::Entry: Append-only ledger recording attach/detach/transfer
  events with delta bytes. Single event stream indexed for both
  Account and Board cursor queries.

* Storage::Total: Polymorphic snapshot cache with cursor (last_entry_id)
  tracking which entries have been materialized.

* Storage::Totaled concern: Provides bytes_used (fast snapshot) and
  bytes_used_exact (snapshot + pending) query modes, plus
  materialize_storage! to roll up pending entries.

* Storage::Tracked concern: For models owning attachments (Card,
  Comment, Board). Provides board_for_storage_tracking for models
  where board is determined differently (Board returns self).
  Handles board transfers by recording transfer_out/transfer_in entries.

* Storage::AttachmentTracking: Hooks ActiveStorage::Attachment lifecycle
  to record attach/detach entries. Handles ActionText::RichText embeds
  by traversing to the actual model. Snapshots context in before_destroy
  to handle cascading deletes where parent record may be gone by
  after_destroy_commit.

* MaterializeJob: Rolls up pending entries into snapshot. Concurrency
  limited per owner to prevent duplicate work.

* ReconcileJob: On-demand reconciliation against actual attachment
  storage for support/debugging. Compares ledger total to real bytes
  from card images, card embeds, comment embeds, and board embeds.

Usage:
* account.bytes_used / board.bytes_used: fast, slightly stale bytesize
* account.bytes_used_exact / board.bytes_used_exact: real-time bytesize
* Storage::Entry: audit trail for debugging and point-in-time queries
2025-12-10 16:04:30 -08:00
Adam Haris eb8655dc8e refactor: use MULTI_TENANT env variable, model concern instead of controller (#accepting_signups?) 2025-12-10 15:14:22 +01:00
Jeremy Daer bec46e15a9 Drop defunct Account upload attachments (#2030)
Controller and routes removed in 6a62df470c
2025-12-09 00:36:39 -08:00
Mike Dalessio 4602cd3cdd Add verified_at timestamp to use for spam prevention
User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:

- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
  authenticated with the correct identity)

Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).

This sets up for later commits that will backfill existing users and
require verification before sending notification emails.

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-05 21:51:44 -05:00
Matheus Richard 7e95322776 Prefer find_by! over where + first! 2025-12-03 11:20:02 -03:00
Dave Kimura 2f740c81c0 (account): encode external_account_id in slug
- Use `AccountSlug.encode` to generate slug instead of raw ID
  - Fixes where slug is /1 and will be in the proper format of /0000001
2025-12-02 16:07:04 -05:00
Kevin McConnell e16cc21b0a Add "data export" feature
- Adds a button in Account Settings where you can request a ZIP export of your
  Fizzy data
- Export files are created in the background. When ready, a link to
  download them is sent to the requester.
- Exports expire after 24 hours. And are limited to 10 per day.
2025-12-01 15:23:26 +00:00
Mike Dalessio edf6b53469 Introduce an "owner" role, and prevent it from being administered
to prevent the owner from being demoted or kicked out.

ref: https://app.fizzy.do/5986089/cards/3213
2025-11-29 14:13:29 -05:00
Jorge Manrubia 2061ab4ab2 Use dedicated sequence record instead of deal with issues with ids and uuids when using the previous approach 2025-11-28 15:53:58 +01:00
Jorge Manrubia 07b4c55185 Auto-increment external_account_id automatically by default to allow upcoming simple signups 2025-11-28 15:53:58 +01:00
Mike Dalessio e0aa1d257e Drop User.system and replace with Account#system_user 2025-11-24 13:23:57 -05:00
Stanko K.R. 15eeba82f5 Scope model methods by account 2025-11-17 09:12:41 -05:00
Stanko K.R. e0693de7c3 Scope jobs and controllers by account 2025-11-17 09:12:41 -05:00
Mike Dalessio fe6df7085f Finish the rollout of account_id to all core data models
Schema:
- add account_id to tables it was missing from
- make account_id a required column everywhere
- add [account_id] indexes, or add `account_id` to existing indices

Models:
- add `belongs_to :account` to all models (default to using a domain
  model's account whenever possible)
- add account_id in all the necessary fixtures
- add account_id to insert_all hashes
- pass account_id to a few initialize calls

Miscellaneous:
- update the import script to set account_id

Note that I'm not adding account_id to the join tables primarily
because I couldn't think of an easy way to populate it without making
it a full Join model, and that was more work than I have time to take
on right now.
2025-11-17 09:12:40 -05:00
Donal McBreen fc56ad9d7c Combine uuid-old and uuid branch changes
- Switch to binary 16 for UUID keys
- Remove AccountScopedRecord base class, all model use binary uuids now
- Fix the search sql to serialize uuids properly
- Patch the MySQL schema dumper to output binary lengths
2025-11-17 09:12:34 -05:00
Mike Dalessio e4011ef211 Update primary keys on customer data to UUIDs
- schema changes to primary and foreign keys
- fixture changes
- customer data models subclass AccountScopedRecord
- import script updated
2025-11-17 09:12:30 -05:00
Kevin McConnell ab35c730d0 Scope account.cards 2025-11-17 09:12:25 -05:00
Mike Dalessio ff8d786144 Filter boards by account 2025-11-17 09:11:57 -05:00
Mike Dalessio dbf66f9a50 Constrain user queries to the current or relevant account 2025-11-17 09:11:57 -05:00
Stanko K.R. ba3f6b188e Add account_id to everything 2025-11-17 09:11:42 -05:00
Mike Dalessio 006aa4d6b3 Tests need to set up the script_name properly
which requires tweaking fixtures for the memberships and the account
2025-11-17 09:11:42 -05:00
Jason Zimdars e1159a06aa Merge branch 'main' into seed-new-accounts 2025-11-03 17:10:09 -06:00
David Heinemeier Hansson b3474ec97d Rename Entropy::Configuration to just Entropy 2025-11-02 13:11:41 +01:00
Jorge Manrubia 4e2f56f4c0 Extract concern, add tests 2025-11-02 09:44:50 +01:00
Jorge Manrubia e726335833 WIP for seeding accounts 2025-11-02 00:05:38 +01:00
Stanko K.R. dd583206ee Allow changes to the Account name 2025-10-31 16:26:08 +01:00
Stanko K.R. 79b012f319 Add Join Codes 2025-10-31 16:24:30 +01:00
Stanko K.R. c8843360fe Clean up and simplify magic links 2025-10-31 16:23:38 +01:00
Stanko K.R. 5cef4ffeb0 Add sign in flow using magic links 2025-10-31 16:22:12 +01:00
Jorge Manrubia 2a083bd82f Fix typo 2025-10-31 11:09:41 +01:00
Jorge Manrubia 3ee4eb731a Comment 2025-10-31 11:00:19 +01:00
Jorge Manrubia 3c8c4abc17 Invalidate cards when entropy configuration changes 2025-10-31 10:40:45 +01:00
Stanko Krtalić 6efeb03252 Create system user with account (#1345)
* Create system user with account

* Update tests
2025-10-17 20:23:34 +02:00
Jason Zimdars da413e7540 Remove closure reasons 2025-10-15 16:15:56 -05:00
Mike Dalessio f26b0b7256 Rename accounts.tenant_id to external_account_id
and simplify the params to Account.create_with_admin_user
2025-10-03 17:21:01 -04:00
Mike Dalessio 8e0cb930af Delete SignalId concerns from the codebase
including Signup for now, will rebuild it with just QB
2025-10-03 14:06:51 -04:00
Mike Dalessio fcd3c178ce Account#slug uses the virtual "tenant" attribute 2025-10-02 16:44:24 -04:00
Jorge Manrubia 0b0fb57e58 Fix tests 2025-09-28 20:31:41 +02:00
Mike Dalessio d5a4239d19 Rename the queenbee_id and signal_user_id columns
to be more generic for the open-source release.

Find the signal account via Account#external_account

Find the signal user via User#external_user
2025-09-15 13:57:53 -04:00
Mike Dalessio e7dcefb25b Extract SignalUser and SignalAccount, and QB routes 2025-09-13 16:03:02 -04:00
Mike Dalessio 9bdc273c76 Prefer Account#slug to Account.script_name
Caching the script name in a class instance variable seemed like a bug
to me.
2025-08-09 14:27:41 -04:00
Jorge Manrubia 8bb7783215 Extract "prompt generation" logic to models for events, comments and cards
So that we can reuse in other scenarios
2025-07-24 16:48:03 +02:00