Commit graph

3406 commits

Author SHA1 Message Date
gregoirenovel
ed240cb4d3 Enable Style/UnneededInterpolation 2018-10-03 12:03:21 +02:00
gregoirenovel
6eeba14885 Enable Style/WordArray 2018-10-03 12:03:21 +02:00
gregoirenovel
d1439f8a52 Enable Style/YodaCondition 2018-10-03 12:00:17 +02:00
gregoirenovel
1f4ef0074f Enable Style/ZeroLengthPredicate 2018-10-03 12:00:17 +02:00
Chaïb Martinez
e452fa8343 [Fix #2432] Warn admins to always share a direct link to their demarche 2018-10-03 11:18:17 +02:00
Frederic Merizen
8bb08a1b8b [#2579] Validate columns on ProcedurePresentation model 2018-10-03 10:17:46 +02:00
Frederic Merizen
103f466cb8 [Fix #2579] Protect get_value against method name injection 2018-10-03 10:17:46 +02:00
Frederic Merizen
1ac8840bc9 [#2579] Protect against SQL injection on column and table in filtered_ids 2018-10-03 10:17:46 +02:00
Frederic Merizen
670edc3279 [#2579] Sanitize order 2018-10-03 10:17:46 +02:00
Frederic Merizen
314e9354c1 [#2579] Simplify sorted_ids 2018-10-03 10:17:46 +02:00
Frederic Merizen
3bb6fd2d47 [#2579] Remove no-op
(sanitize_sql_for_order does not do anything when its argument is a string)
2018-10-03 10:17:46 +02:00
Frederic Merizen
b8f88ece5c [#2579] Fix injection SQL dans le filtrage instructeur 2018-10-03 10:17:46 +02:00
Paul Chavard
941c529b2c Remove CGU checkbox
fix #2725
2018-10-03 08:59:02 +02:00
Mathieu Magnin
1dc2c30b24 Add mail templates to manager 2018-10-02 17:27:28 +02:00
Mathieu Magnin
a029aa62b1 [Fix #2674] Add Services to manager 2018-10-02 16:17:17 +02:00
Pierre de La Morinerie
20f0151e8a dossier: remove pdf.svg 2018-10-02 15:43:37 +02:00
Pierre de La Morinerie
36c1aa118d dossier: remove RecapitulatifController
And add a redirection to the new URLs.
2018-10-02 15:42:29 +02:00
Pierre de La Morinerie
d476953108 dossier: remove Invites view 2018-10-02 14:40:47 +02:00
Pierre de La Morinerie
bf9f427299 dossier: remove DescriptionController 2018-10-02 14:40:47 +02:00
Pierre de La Morinerie
3392df0029 dossier: remove CommentairesController 2018-10-02 14:40:38 +02:00
gregoirenovel
553a6b53f2 Make the annotations privées submit button more visible 2018-10-02 14:18:07 +02:00
Pierre de La Morinerie
758ccff984 dossier: remove feature flag 2018-10-02 12:25:44 +02:00
Chaïb Martinez
da134c6d4b Ajout d'une astuce dans l'ajout d'instructeur 2018-10-02 11:43:44 +02:00
gregoirenovel
cf69c28979 Fix scope for logo/notice/deliberation deletion 2018-10-02 11:03:48 +02:00
gregoirenovel
b994fa4206 Do one thing per line 2018-10-01 16:15:46 +02:00
gregoirenovel
3965709bd0 Fix a mistake in the Tour de France page 2018-10-01 15:33:19 +02:00
Pierre de La Morinerie
cd938b4c36 dropdown: refactor to make the button an actual button 2018-09-27 17:43:08 +02:00
Pierre de La Morinerie
c79c1a2636 carto: update link to dossier 2018-09-27 17:22:59 +02:00
Pierre de La Morinerie
0526551e71 templates: update link to dossier 2018-09-27 17:22:59 +02:00
Pierre de La Morinerie
40cf7ebdcb mailers: update links to messagerie 2018-09-27 17:22:59 +02:00
Pierre de La Morinerie
5f1ce48d2e invites: update link to dossier 2018-09-27 17:22:59 +02:00
Pierre de La Morinerie
08dfe7d13a support: update link to messagerie 2018-09-27 17:22:59 +02:00
Paul Chavard
3c66fceba5 Replace password strength js with ujs 2018-09-27 16:00:14 +02:00
Paul Chavard
5a795ae30b Add more information about lien demarche 2018-09-27 15:47:33 +02:00
simon lehericey
4d4dba1550 Procedure: small renaming on mean_time 2018-09-27 15:02:38 +02:00
simon lehericey
88f7e888c3 Administrateur: do not save api_token in clear text anymore 2018-09-27 10:24:56 +02:00
simon lehericey
16566b46c0 DossierController: private some methods 2018-09-27 10:24:56 +02:00
simon lehericey
912371fbd6 DossierController: use new token validation 2018-09-27 10:24:56 +02:00
simon lehericey
8dd4a1ca4e ProcedureController: remove useless logger call 2018-09-27 10:24:56 +02:00
simon lehericey
3c95273d6f ProcedureController: use new token validation 2018-09-27 10:24:56 +02:00
simon lehericey
0b2a98cdce ApiController: private some methods 2018-09-27 10:24:56 +02:00
simon lehericey
f7c23bb435 ApiController: remove ensure_token_is_present
An admin without token answer false to admin.api_token_valid?(api_token) with api_token=*
2018-09-27 10:24:56 +02:00
simon lehericey
4a04f2e59f ApiController: check token validity for a given admin 2018-09-27 10:24:56 +02:00
simon lehericey
d576d426f4 ApiController: remove old authenticate logic
The old logic cannot work anymore as we cannot `find_by api_token`
2018-09-27 10:24:56 +02:00
simon lehericey
1af789b9a8 Profile: add breadcrumb 2018-09-27 10:14:32 +02:00
simon lehericey
8c4f8347ca Api Token: store token in an encrypted form 2018-09-27 10:14:32 +02:00
simon lehericey
1997f45d7e Api Token: do not generate one token by default 2018-09-27 10:14:32 +02:00
simon lehericey
17285b0368 Profil: display token only once 2018-09-27 10:14:32 +02:00
simon lehericey
bd04972f65 Profile: move to new design 2018-09-27 10:14:32 +02:00
simon lehericey
f115658d55 OH ! 2018-09-27 10:14:32 +02:00