cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10172 commits 4 branches 1 tag 499 MiB
Commit graph

52 commits

Author SHA1 Message Date
Andy Allan
41d6f19a6b Rename the notes#mine action to index 2020-07-08 18:43:30 +02:00
Andy Allan
600812f6ad Rework user#set_status and #delete to avoid GET requests 
This renames the delete action to destroy, and starts using resourceful
routing for user actions.
 2020-06-10 11:49:18 +02:00
Andy Allan
8ebfdbc1ff Move make_friend and remove_friend to friendships controller 2020-06-03 18:23:07 +02:00
Andy Allan
f1c6a87aa1
Merge pull request #2427 from mmd-osm/patch/remove_expand_bbox 
Remove expand_bbox endpoint
 2019-12-04 12:48:34 +01:00
Andy Allan
44c6fdc273 Use the conventional 'destroy' method name for destroying traces 2019-12-04 11:59:18 +01:00
Andy Allan
25ebf87e5a Rename UserPreference controller methods to follow rails conventions more closely 2019-11-20 16:09:48 +01:00
mmd-osm
fc8923c305 Remove expand_bbox endpoint 2019-11-09 21:08:40 +01:00
Andy Allan
15865b5a8d Remove node/way/relation Search API 
This API clearly shows its age, having never been fully implemented
and simply returning 100 ways (or 2000 relations) at random matching
the provided tags.

It is, as far as I'm aware, completely unused. While it provides a
good amount of humour to anyone who reads the code, the time as come
for it to be retired.
 2019-10-23 11:41:05 +02:00
Andy Allan
2398614349 Add support for an unversioned 'versions' API call 
This will eventually replace the unversioned 'capabilities' call.
Client applications can use this versions call to find out what versions
are available, if they support multiple versions. The capabilities
of each version, and the format of the capabilities call, is then
able to change between versions. If a client only supports one version
they can jump straight to the versioned capabilities call.

Additionally, supported versions are now a list of version identifiers,
without any implications surrounding min/max values (e.g. guesswork
for supported intermediate versions).

Fixes #2162
 2019-06-26 16:52:10 +02:00
Tom Hughes
31edc7dff6 Merge remote-tracking branch 'upstream/pull/2226' 2019-06-18 21:10:07 +01:00
Tom Hughes
24b138db09 Merge remote-tracking branch 'upstream/pull/2228' 2019-06-12 19:16:32 +01:00
Andy Allan
fdffd22cca Allow admins to unhide diary comments, if they wish 2019-06-06 16:03:42 +02:00
Andy Allan
f2f3fbb1f1 Allow administrators to unhide diary entries, if they wish 2019-06-06 15:59:47 +02:00
Andy Allan
b7893df84e Refactor diary entries to use create and update methods 
This brings it slightly more into line with resourceful routing.
 2019-05-29 15:37:23 +02:00
mmd-osm
b97e8d5427 Remove SWF gpx trackpoints feature for Potlatch1 2019-05-19 15:17:14 +02:00
Andy Allan
2142ff02c2 Allow moderators to hide diary entries and comments 2019-05-15 13:40:15 +02:00
Andy Allan
e66c719294 Resourceful(ish) naming for api/users_controller 2019-04-10 17:06:15 +02:00
Andy Allan
5444af981c Resourceful route names for api/trace_controller 2019-04-10 16:52:20 +02:00
Andy Allan
7b057545c0 Disentangle the api abilities from the web abilities 
This will allow us to rename api actions without causing permissions headaches. The choice of
abilities files is made by inheriting from either api_controller or application_controller.

Also rename capabilities to api_capabilites, for consistency.
 2019-03-27 18:07:29 +01:00
Tom Hughes
6600221fe3 Fix database offline mode 2019-03-17 11:15:34 +00:00
Andy Allan
f4e2990526 Move map method to its own controller 2019-02-24 11:44:10 +01:00
Andy Allan
d887252eeb Move the changes api to its own controller 2019-02-24 11:00:28 +01:00
Andy Allan
8383fd0928 Move the permissions call out of api_controller 2019-02-24 11:00:28 +01:00
Andy Allan
317b8f9d45 Move the trackpoints call into its own controller (and rename to tracepoints) 2019-02-24 11:00:28 +01:00
Andy Allan
6a4092bc16 Move the capabilities call out of api_controller 2019-02-24 11:00:20 +01:00
Andy Allan
35a2d66e19 Remove require_terms_agreed configuration option 
This has been set to true for 6 years in production. Refs #2097

As per other user settings, we set the terms as seen by default for tests,
and we can override that when necessary for specific tests.
 2019-02-06 15:50:57 +01:00
Andy Allan
8a2df0e0b5 More resourceful routing for nodes, ways, relations and changesets controllers 2019-01-16 13:10:11 +01:00
Tom Hughes
11806a676f Merge remote-tracking branch 'upstream/pull/2116' 2019-01-16 10:23:27 +00:00
Andy Allan
3e49e4a62a Use CanCanCan to control access to oauth controller actions 2019-01-16 10:17:55 +01:00
Andy Allan
e7f943c715 Use CanCanCan for nodes, ways, relations, old and api controllers 2019-01-16 10:12:19 +01:00
Tom Hughes
5c877e0fa4 Allow everybody to query features 2019-01-09 19:15:55 +00:00
Tom Hughes
99b380765a Allow everybody to create new notes 
Fixes #2110
 2019-01-09 18:13:55 +00:00
Tom Hughes
6c2432ae42 Merge remote-tracking branch 'upstream/pull/2109' 2019-01-09 17:27:16 +00:00
Tom Hughes
74e1d7336e Merge remote-tracking branch 'upstream/pull/2107' 2019-01-09 17:20:08 +00:00
Tom Hughes
09b6560e81 Merge remote-tracking branch 'upstream/pull/2106' 2019-01-09 17:16:01 +00:00
Andy Allan
b184b39f34 Use CanCanCan for oauth clients controller 2019-01-09 15:34:54 +01:00
Andy Allan
425f42dd80 Use CanCanCan for messages controller 2019-01-09 15:27:29 +01:00
Andy Allan
1774109311 Use CanCanCan for changesets controller 
The expand_bbox method now needs require_write_api capability on tokens.
 2019-01-09 12:41:33 +01:00
Andy Allan
414c4b2c36 Use CanCanCan for traces controller 2019-01-09 11:40:54 +01:00
Andy Allan
73201ca96b Use CanCanCan for swf controller 2019-01-09 10:32:57 +01:00
Andy Allan
7420479cde Use CanCanCan for directions controller 2019-01-09 10:12:14 +01:00
Andy Allan
1e30edba53 Use CanCanCan for browse controller 2019-01-09 10:10:12 +01:00
Andy Allan
44eea9dcaf Use CanCanCan for export controller 2019-01-02 19:21:10 +01:00
Andy Allan
ad68d4c634 Use CanCanCan for search controller 2019-01-02 19:17:32 +01:00
Andy Allan
c7a7d29813 Require terms agreement for abilities and capabilities related to api write methods 2019-01-02 17:40:43 +01:00
Andy Allan
ca596106f5 Refactor users_controller to use CanCanCan for authorisation 2018-12-12 16:17:24 +01:00
Andy Allan
a3a10237f7 Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
Andy Allan
ea766ec57d Use CanCanCan for notes authorization 2018-11-28 15:59:47 +01:00
Andy Allan
8f70fb2114 Use CanCanCan for changeset comments 
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
 2018-11-28 12:35:45 +01:00
Andy Allan
79207ee594 Use CanCanCan for redaction authorizations 2018-11-07 13:28:58 +01:00