cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8957 commits 4 branches 1 tag 499 MiB
Commit graph

8957 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tom Hughes
3e2b3c31be Update leaflet.locate.js 2019-01-02 10:58:28 +00:00
Tom Hughes
0604b36708 Update leaflet to 1.4.0 2019-01-02 10:51:39 +00:00
translatewiki.net
b8a8acaae4 Localisation updates from https://translatewiki.net. 2018-12-31 18:05:03 +01:00
Tom Hughes
801271363d Allow inline styling on pages that display the map 
Both leaflet itself and at least one of our plugins use inline
styling to style markers so we need to allow it.

Fixes #2093
 2018-12-31 09:32:13 +00:00
translatewiki.net
3d4a107934 Localisation updates from https://translatewiki.net. 2018-12-27 10:58:51 +01:00
translatewiki.net
b23cef5ae1 Localisation updates from https://translatewiki.net. 2018-12-17 09:04:08 +01:00
Tom Hughes
5614c5a551 Merge remote-tracking branch 'upstream/pull/2087' 2018-12-13 15:49:34 +00:00
Bryan Housel
876d150e57 Update to iD v2.12.2 2018-12-13 10:34:21 -05:00
translatewiki.net
dd7c1e2cae Localisation updates from https://translatewiki.net. 2018-12-13 09:17:29 +01:00
Tom Hughes
eb7c4cdedd Allow abilities that require no login for token based access 
Fixes #2085
 2018-12-12 22:41:29 +00:00
Tom Hughes
7bb15e02cc Merge remote-tracking branch 'upstream/pull/2084' 2018-12-12 18:40:13 +00:00
Tom Hughes
c203edda20 Merge remote-tracking branch 'upstream/pull/2083' 2018-12-12 18:33:23 +00:00
Andy Allan
ca596106f5 Refactor users_controller to use CanCanCan for authorisation 2018-12-12 16:17:24 +01:00
Andy Allan
981e4a34b5 Use only token capabilities when a token is provided 
The Authenticate#allow? method (from oauth-plugin) sets current_user as a side
effect of checking the token. But this allows a valid token to access
all actions that are available to that user, beyond the capabilities for
that token.
 2018-12-12 16:16:23 +01:00
translatewiki.net
bdd0cb3176 Localisation updates from https://translatewiki.net. 2018-12-10 08:19:29 +01:00
Tom Hughes
cbc4c5352d Only check IP addresses for anonymous note comments 2018-12-05 12:54:55 +00:00
Tom Hughes
f434b68d2f Merge remote-tracking branch 'upstream/pull/2080' 2018-12-05 08:23:54 +00:00
Bryan Housel
b02728076b Update to iD v2.12.1 2018-12-05 02:04:18 -05:00
Tom Hughes
d0dd5302ac Merge remote-tracking branch 'upstream/pull/2079' 2018-12-04 20:41:34 +00:00
Tom Hughes
177b2c3e65 Update to rails 5.2.2 2018-12-04 20:41:22 +00:00
Bryan Housel
b5ba6a1e3f Update to iD v2.12.0 2018-12-03 22:25:48 -05:00
translatewiki.net
2c5535ca46 Localisation updates from https://translatewiki.net. 2018-12-03 07:50:33 +01:00
translatewiki.net
85f97c584b Localisation updates from https://translatewiki.net. 2018-11-29 18:01:06 +01:00
Tom Hughes
4a11c8c4f3 Merge remote-tracking branch 'upstream/pull/2078' 2018-11-28 21:11:32 +00:00
Andy Allan
a3a10237f7 Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
Tom Hughes
a790c47923 Merge remote-tracking branch 'upstream/pull/2072' 2018-11-28 18:24:04 +00:00
Paul Dexter-Sobkowiak
74d2c4336b Split browse_helper.rb into two modules due to rubocop ModuleLength 2018-11-28 18:18:14 +00:00
Tom Hughes
b99b192697 Merge remote-tracking branch 'upstream/pull/2075' 2018-11-28 18:09:20 +00:00
Tom Hughes
6213592a6a Merge remote-tracking branch 'upstream/pull/2074' 2018-11-28 18:09:17 +00:00
Andy Allan
ed8e15c8f0 Remove user_roles integration test since it is not meaningful 
This test has not been meaningful for a long while, since both check_success and check_fail contain exactly the same code.

Additionally, the test doesn't cover any integrations (beyond logging in), and so it is only covering the same ground as the controller test.
 2018-11-28 17:22:31 +01:00
Andy Allan
3fd083d9d4 Remove the unused require_moderator filter 
Use of this filter has been refactored to use CanCanCan
 2018-11-28 15:59:47 +01:00
Andy Allan
ea766ec57d Use CanCanCan for notes authorization 2018-11-28 15:59:47 +01:00
Tom Hughes
aaf5600342 Merge remote-tracking branch 'upstream/pull/2073' 2018-11-28 11:54:00 +00:00
Andy Allan
8f70fb2114 Use CanCanCan for changeset comments 
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
 2018-11-28 12:35:45 +01:00
Tom Hughes
b29c173ac7 Update to rails 5.2.1.1 2018-11-27 23:10:24 +00:00
Paul Dexter-Sobkowiak
5ba64efd7c Show tel: links for multiple phone numbers separated by ; 
Closes #2069
 2018-11-27 00:06:28 +00:00
translatewiki.net
fb299a0601 Localisation updates from https://translatewiki.net. 2018-11-26 08:03:14 +01:00
translatewiki.net
84339e9216 Localisation updates from https://translatewiki.net. 2018-11-22 07:38:17 +01:00
Mikel Maron
98262d3ab1 Add links to Welcome Mat on /welcome and /help 
Closes #2056
 2018-11-20 18:46:22 +00:00
Tom Hughes
1801724c9e Update Potlatch 2 to 2.5-59-gdd728d5e build 2018-11-19 18:02:46 +00:00
Tom Hughes
15c96081a6 Allow connect_src to match all sites in Potlatch 
It seems that Safari matches connections made from a flash application
against connect_src while Firefox uses object_src instead.

Fixes #2067
 2018-11-19 17:34:47 +00:00
translatewiki.net
9869f97548 Localisation updates from https://translatewiki.net. 2018-11-19 08:48:39 +01:00
Tom Hughes
85802048a7 Fix issues with renaming of diary entry controller 2018-11-17 17:47:51 +00:00
Tom Hughes
dc6a5bc1a6 Take security policy URLs from the configuration file 2018-11-15 18:48:05 +00:00
translatewiki.net
3db0994f3c Localisation updates from https://translatewiki.net. 2018-11-15 08:24:40 +01:00
Tom Hughes
6f2f9221ef Fix tests for rails 5.2.1 compatibility 
Rails 5.2.1 has changed how the request body is handled
internally for a test which means we can no longer cheat
by stashing it in the request environment and must instead
pass it properly to the request method.
 2018-11-15 00:46:53 +00:00
Tom Hughes
28e011e219 Update to rails 5.2.1 2018-11-14 22:35:44 +00:00
Tom Hughes
75189bd17d Merge remote-tracking branch 'upstream/pull/2060' 2018-11-14 13:13:56 +00:00
Andy Allan
234afb3f42 Remove custom deny_access handlers 
Since these pages are not accessed by normal users, except for url fiddling, it's fine to respond with a generic access denied.
 2018-11-14 14:10:51 +01:00
Tom Hughes
dd302f4f2c Merge remote-tracking branch 'upstream/pull/2061' 2018-11-14 12:43:35 +00:00