cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9001 commits 4 branches 1 tag 499 MiB
Commit graph

9001 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tom Hughes
5614c5a551 Merge remote-tracking branch 'upstream/pull/2087' 2018-12-13 15:49:34 +00:00
Bryan Housel
876d150e57 Update to iD v2.12.2 2018-12-13 10:34:21 -05:00
translatewiki.net
dd7c1e2cae Localisation updates from https://translatewiki.net. 2018-12-13 09:17:29 +01:00
Tom Hughes
eb7c4cdedd Allow abilities that require no login for token based access 
Fixes #2085
 2018-12-12 22:41:29 +00:00
Tom Hughes
7bb15e02cc Merge remote-tracking branch 'upstream/pull/2084' 2018-12-12 18:40:13 +00:00
Tom Hughes
c203edda20 Merge remote-tracking branch 'upstream/pull/2083' 2018-12-12 18:33:23 +00:00
Andy Allan
ca596106f5 Refactor users_controller to use CanCanCan for authorisation 2018-12-12 16:17:24 +01:00
Andy Allan
981e4a34b5 Use only token capabilities when a token is provided 
The Authenticate#allow? method (from oauth-plugin) sets current_user as a side
effect of checking the token. But this allows a valid token to access
all actions that are available to that user, beyond the capabilities for
that token.
 2018-12-12 16:16:23 +01:00
translatewiki.net
bdd0cb3176 Localisation updates from https://translatewiki.net. 2018-12-10 08:19:29 +01:00
Tom Hughes
cbc4c5352d Only check IP addresses for anonymous note comments 2018-12-05 12:54:55 +00:00
Tom Hughes
f434b68d2f Merge remote-tracking branch 'upstream/pull/2080' 2018-12-05 08:23:54 +00:00
Bryan Housel
b02728076b Update to iD v2.12.1 2018-12-05 02:04:18 -05:00
Tom Hughes
d0dd5302ac Merge remote-tracking branch 'upstream/pull/2079' 2018-12-04 20:41:34 +00:00
Tom Hughes
177b2c3e65 Update to rails 5.2.2 2018-12-04 20:41:22 +00:00
Bryan Housel
b5ba6a1e3f Update to iD v2.12.0 2018-12-03 22:25:48 -05:00
translatewiki.net
2c5535ca46 Localisation updates from https://translatewiki.net. 2018-12-03 07:50:33 +01:00
translatewiki.net
85f97c584b Localisation updates from https://translatewiki.net. 2018-11-29 18:01:06 +01:00
Tom Hughes
4a11c8c4f3 Merge remote-tracking branch 'upstream/pull/2078' 2018-11-28 21:11:32 +00:00
Andy Allan
a3a10237f7 Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
Tom Hughes
a790c47923 Merge remote-tracking branch 'upstream/pull/2072' 2018-11-28 18:24:04 +00:00
Paul Dexter-Sobkowiak
74d2c4336b Split browse_helper.rb into two modules due to rubocop ModuleLength 2018-11-28 18:18:14 +00:00
Tom Hughes
b99b192697 Merge remote-tracking branch 'upstream/pull/2075' 2018-11-28 18:09:20 +00:00
Tom Hughes
6213592a6a Merge remote-tracking branch 'upstream/pull/2074' 2018-11-28 18:09:17 +00:00
Andy Allan
ed8e15c8f0 Remove user_roles integration test since it is not meaningful 
This test has not been meaningful for a long while, since both check_success and check_fail contain exactly the same code.

Additionally, the test doesn't cover any integrations (beyond logging in), and so it is only covering the same ground as the controller test.
 2018-11-28 17:22:31 +01:00
Andy Allan
3fd083d9d4 Remove the unused require_moderator filter 
Use of this filter has been refactored to use CanCanCan
 2018-11-28 15:59:47 +01:00
Andy Allan
ea766ec57d Use CanCanCan for notes authorization 2018-11-28 15:59:47 +01:00
Tom Hughes
aaf5600342 Merge remote-tracking branch 'upstream/pull/2073' 2018-11-28 11:54:00 +00:00
Andy Allan
8f70fb2114 Use CanCanCan for changeset comments 
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
 2018-11-28 12:35:45 +01:00
Tom Hughes
b29c173ac7 Update to rails 5.2.1.1 2018-11-27 23:10:24 +00:00
Paul Dexter-Sobkowiak
5ba64efd7c Show tel: links for multiple phone numbers separated by ; 
Closes #2069
 2018-11-27 00:06:28 +00:00
translatewiki.net
fb299a0601 Localisation updates from https://translatewiki.net. 2018-11-26 08:03:14 +01:00
translatewiki.net
84339e9216 Localisation updates from https://translatewiki.net. 2018-11-22 07:38:17 +01:00
Mikel Maron
98262d3ab1 Add links to Welcome Mat on /welcome and /help 
Closes #2056
 2018-11-20 18:46:22 +00:00
Tom Hughes
1801724c9e Update Potlatch 2 to 2.5-59-gdd728d5e build 2018-11-19 18:02:46 +00:00
Tom Hughes
15c96081a6 Allow connect_src to match all sites in Potlatch 
It seems that Safari matches connections made from a flash application
against connect_src while Firefox uses object_src instead.

Fixes #2067
 2018-11-19 17:34:47 +00:00
translatewiki.net
9869f97548 Localisation updates from https://translatewiki.net. 2018-11-19 08:48:39 +01:00
Tom Hughes
85802048a7 Fix issues with renaming of diary entry controller 2018-11-17 17:47:51 +00:00
Tom Hughes
dc6a5bc1a6 Take security policy URLs from the configuration file 2018-11-15 18:48:05 +00:00
translatewiki.net
3db0994f3c Localisation updates from https://translatewiki.net. 2018-11-15 08:24:40 +01:00
Tom Hughes
6f2f9221ef Fix tests for rails 5.2.1 compatibility 
Rails 5.2.1 has changed how the request body is handled
internally for a test which means we can no longer cheat
by stashing it in the request environment and must instead
pass it properly to the request method.
 2018-11-15 00:46:53 +00:00
Tom Hughes
28e011e219 Update to rails 5.2.1 2018-11-14 22:35:44 +00:00
Tom Hughes
75189bd17d Merge remote-tracking branch 'upstream/pull/2060' 2018-11-14 13:13:56 +00:00
Andy Allan
234afb3f42 Remove custom deny_access handlers 
Since these pages are not accessed by normal users, except for url fiddling, it's fine to respond with a generic access denied.
 2018-11-14 14:10:51 +01:00
Tom Hughes
dd302f4f2c Merge remote-tracking branch 'upstream/pull/2061' 2018-11-14 12:43:35 +00:00
Andy Allan
c89b88c8d0 Add a changeset to exercise that part of the contact rendering 2018-11-14 12:25:21 +01:00
Andy Allan
0d55c40ca8 Ensure that the blocked template rendering works 2018-11-14 12:19:23 +01:00
Andy Allan
d7f41756f9 Check that a request that requires authentication is redirected when the user hasn't seen the terms 2018-11-14 12:19:23 +01:00
Tom Hughes
94a48482e0 Merge remote-tracking branch 'upstream/pull/2058' 2018-11-14 10:48:18 +00:00
Andy Allan
252b9ef08a Pluralize changesets controller 2018-11-14 10:34:28 +01:00
Tom Hughes
4deffa5e40 Skip CSRF verification for changeset comment actions 
Fixes #2057
 2018-11-13 13:17:19 +00:00