Nested forms are not valid HTML and we were submitting the wrong
authenticity token to Rails when updating the enterprise.
I inverted the hierarchy of the form and the panels. The menu and
tab-panel structure now sits above and the enterprise edit form is
nested within.
The current structure is not ideal but it's only a transition phase. I'm
expecting the page to get re-designed at some point and re-writen
without AngularJS.
Simple Rails forms prevent double-clicking on submit already. Converting
the StimulusReflex interaction to a simple form submit to a controller
solves the race condition.
The UX is slightly worse because the whole page is reloaded instead
rendering only the connected app panel. But we can solve that when we
add more apps and want to activate them independently. By then, we may
have good patterns for working with Turbo.
Technically, the new buttons are a form within a form which is invalid
HTML, but it works.
The app has to provide a webhook URL to be notified when the app is
disconnected. Once we have better token management, we would have a
unique token per app and could revoke it. But for now it's just a
request to disconnect the app.
I would have like to use a standard form to submit to the reflex but the
whole enterprise settings tab is in a form already and HTML doesn't
allow nested forms. While it does still work in browsers, it would have
added much more HTML to set up a form with a hidden input field instead
of just one additional data attribute.
The whole page is rendered by the controller again but the reflex root
attribute ensures that only parts of this tab are replaced. Otherwise
unsaved data on other tabs could be replaced and the page actually
becomes blank because AngularJS doesn't play well with the morph.
I think that it's a valid case to check a feature toggle against the
user and an enterprise. You may want to check with only one user first,
then activate it for a whole enterprise and lastly activate the feature
globally.
I also kept the per-user check to be backwards-compatible. Some
instances have that enabled already. And for early testing, you may want
to test with only one user first before all customer see it.
