sunsheeppoplar / live-musically-rails Goto Github PK

While the radio button defaults to 'individual' (vs. 'company'), the link for the setup button does not include it by default, only on change. Need to grab that value and insert it into the link on load.

Previous FB OAuth needs to be changed around a little: https://github.com/omniauth/omniauth/wiki/Managing-Multiple-Providers

After Stripe onboarding is complete, user should be redirected to profile page.

This is where our code lives. Of course, we'll mask it with a domain, but essentially the server that runs our code will be on Heroku.

Check out their pricing here: https://www.heroku.com/pricing

We have the ability to post and apply to opportunities, but we need to wire up the rest of the process between employers and artists

• Employers can view submissions
• Employers can accept a submission
• Employers can reject a submission

On account of some bad version control in the past, we still had issues with config/secrets.yml not being ignored in development. Have stripped the git cache now, but need to set the config for Rails to read from Heroku environment.

They can already enter it and it'll apply to yearly subscriptions, but they don't see an updated price anywhere

If an user didn't intend to change the password, we don't need to worry about it. Currently, there's a second form on the page for password related fields (versus other profile attributes), but that was a workaround at the time.

cf. https://stackoverflow.com/a/35064640/6051631

cf. #13

We have the improper index on one of the seeds. We want to seed leveraging the Locations model which has 2208 entries under the state of NY. Just need to change the index over in db/seeds.rb from 2208 to 2207, whoops.

Right now display: none doesn't ever get flipped. Probably should convert to visibility: none and height: 0 for accessibility purposes

Which pages does this live on? Only on landing page?

As it currently stands, you would have to refresh the page to be able to see the results of your cropping. Need to swap out the current picture (if there is one) to the cropped photo. Note, it doesn't get saved until you submit the form still, which seems to be standard behavior.

#35

Notification on login page: We're sorry, but something went wrong. If you are the application owner check the logs for more information.

Notification on sign up page: This site can't be reached. localhost refused to connect

Four links:

• banner / home
• sign up / login
• Browse Opportunities
• Browse Home
• conditional login / logout link

latter two are dummy links for now, of course

Looks like instead of a DELETE request, it's being sent as a GET request. This behavior doesn't exist (confirmed by Heroku logs) in Chrome

Notification: This site can't be reached. localhost refused to connect

Having some issues with keeping the project version straight with RVM. Attempt to remedy this problem by placing the proper Ruby version in .ruby-version and also in the Gemfile. This issue became apparent during recent upgrade of OS and attempt to use logout feature of Devise.

After sign up is complete for Employers, the link is broken to the Stripe on boarding.

"We're sorry, but something went wrong. Check logs for more info."

• flip forms based on whether they mean to sign up or login
• integrate facebook oauth (https://auth0.com/docs/connections/social/facebook)
• intermediate panels to designate whether user is a musician or an employer
• build manual form if user chooses not to use fb as login / signup
• link to terms of service
• link to user agreement and private policy
• link to go back and sign up as the other type of user if made mistake with intermediate panels
• remember me functionality
• flip facebook oauth link text based on whether they're signing up or logging in
  - [ ] add forgot password link

additional references: https://aaronparecki.com/oauth-2-simplified/

cf. https://bugzilla.mozilla.org/show_bug.cgi?id=1425763

moved from #50

https://stripe.com/docs/connect/subscriptions
https://stackoverflow.com/questions/40228547/stripe-connect-whats-the-difference-between-customers-and-accounts-in-react-na

cf. flavorjones/loofah#144

This is so that we can deploy based on test-driven code and know that we won't break anything along the way when refactoring and/or adding new functionality.

I'm thinking of using https://travis-ci.org/

What this means is that I make a push to our production branch, travis-ci (or whatever CI tool we want to use) will only deploy the code to a production server once it's run through a designated test suite that I've written alongside the "real" code that runs the stuff we interact and see on our app, making sure it is passing all those tests. It's not foolproof of course, but I think it's worth the investment.

Subscriptions altered our user policies across the app, cf. #43

Hello,You are receiving this email because you run at least one Ruby application on Heroku that uses Sprockets. All previously released versions of the software that powers the Rails asset pipeline, Sprockets, contain a directory traversal vulnerability. We recommend updating Sprockets using bundle update sprockets in all of your Ruby applications as soon as possible.Am I Vulnerable?Applications are vulnerable if they have this setting enabled in their application:
config/environments/production.rbconfig.assets.compile = true

Please Note: The default value of this setting that ships with Rails in production.rb is false. By default, Rails apps running in production mode are not vulnerable to this exploit. We have detected that your following Ruby apps are using a vulnerable version of Sprockets: live-musically-railsIf the above applications contain the vulnerable setting, please follow the instructions below.

Patching and Upgrading

To remediate this vulnerability, applications can either change the setting above to false or upgrade the version of Sprockets. Heroku highly recommends upgrading to the latest patch release for your version of Sprockets by running bundle update sprockets. Your applications should use the following versions of Sprockets or higher:

• 2.12.5
• 3.7.2
• 4.0.0.beta8

Unpatched applications can be exploited to reveal credentials contained in your application. If you feel the need to rotate your credentials, additional information and instructions can be found in our blog post. Thanks for your help in keeping your applications secure.

After all site elements are built out, review the user flow for both musicians and employers as they navigate the site. The purpose of this is to make sure that directs and redirects make sense.

• need to hide checkbox after successful submission of the about textarea
• render success / error
• add link to edit / delete opportunity
• add link to view past opportunities

• correct zip column on opportunities to be a string

• add link in header
• add link from profile
• add method to check that event_start_time isn't before event_end_time if same date is selected
• convert header to only allow employers view post link
• save and finish later
• redirect back to profile
• add states to form

- [ ] hide promotional code input unless clicked on

• facebook
• stripe
• aws
• devise