cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10172 commits 4 branches 1 tag 499 MiB
Commit graph

5562 commits

Author SHA1 Message Date
Tom Hughes
eb7c4cdedd Allow abilities that require no login for token based access 
Fixes #2085
 2018-12-12 22:41:29 +00:00
Tom Hughes
7bb15e02cc Merge remote-tracking branch 'upstream/pull/2084' 2018-12-12 18:40:13 +00:00
Tom Hughes
c203edda20 Merge remote-tracking branch 'upstream/pull/2083' 2018-12-12 18:33:23 +00:00
Andy Allan
ca596106f5 Refactor users_controller to use CanCanCan for authorisation 2018-12-12 16:17:24 +01:00
Andy Allan
981e4a34b5 Use only token capabilities when a token is provided 
The Authenticate#allow? method (from oauth-plugin) sets current_user as a side
effect of checking the token. But this allows a valid token to access
all actions that are available to that user, beyond the capabilities for
that token.
 2018-12-12 16:16:23 +01:00
Tom Hughes
cbc4c5352d Only check IP addresses for anonymous note comments 2018-12-05 12:54:55 +00:00
Andy Allan
a3a10237f7 Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
Tom Hughes
a790c47923 Merge remote-tracking branch 'upstream/pull/2072' 2018-11-28 18:24:04 +00:00
Paul Dexter-Sobkowiak
74d2c4336b Split browse_helper.rb into two modules due to rubocop ModuleLength 2018-11-28 18:18:14 +00:00
Andy Allan
3fd083d9d4 Remove the unused require_moderator filter 
Use of this filter has been refactored to use CanCanCan
 2018-11-28 15:59:47 +01:00
Andy Allan
ea766ec57d Use CanCanCan for notes authorization 2018-11-28 15:59:47 +01:00
Andy Allan
8f70fb2114 Use CanCanCan for changeset comments 
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
 2018-11-28 12:35:45 +01:00
Paul Dexter-Sobkowiak
5ba64efd7c Show tel: links for multiple phone numbers separated by ; 
Closes #2069
 2018-11-27 00:06:28 +00:00
Mikel Maron
98262d3ab1 Add links to Welcome Mat on /welcome and /help 
Closes #2056
 2018-11-20 18:46:22 +00:00
Tom Hughes
15c96081a6 Allow connect_src to match all sites in Potlatch 
It seems that Safari matches connections made from a flash application
against connect_src while Firefox uses object_src instead.

Fixes #2067
 2018-11-19 17:34:47 +00:00
Tom Hughes
85802048a7 Fix issues with renaming of diary entry controller 2018-11-17 17:47:51 +00:00
Tom Hughes
dc6a5bc1a6 Take security policy URLs from the configuration file 2018-11-15 18:48:05 +00:00
Tom Hughes
75189bd17d Merge remote-tracking branch 'upstream/pull/2060' 2018-11-14 13:13:56 +00:00
Andy Allan
234afb3f42 Remove custom deny_access handlers 
Since these pages are not accessed by normal users, except for url fiddling, it's fine to respond with a generic access denied.
 2018-11-14 14:10:51 +01:00
Andy Allan
252b9ef08a Pluralize changesets controller 2018-11-14 10:34:28 +01:00
Tom Hughes
4deffa5e40 Skip CSRF verification for changeset comment actions 
Fixes #2057
 2018-11-13 13:17:19 +00:00
Tom Hughes
ccdec3ed4c Attempt to send pretty 403 errors to web browsers 2018-11-08 19:09:56 +00:00
Tom Hughes
6ca22de4f2 Merge remote-tracking branch 'upstream/pull/2051' 2018-11-08 17:51:23 +00:00
Tom Hughes
70d6880e10 Merge remote-tracking branch 'upstream/pull/2052' 2018-11-08 17:44:57 +00:00
Tom Hughes
10294f4849 Merge remote-tracking branch 'upstream/pull/2050' 2018-11-08 17:31:30 +00:00
Andy Allan
26777c4464 Pluralize diary entries controller 2018-11-07 16:31:04 +01:00
Andy Allan
e85c56d151 Pluralize old_ controllers 2018-11-07 16:05:56 +01:00
Andy Allan
05117aa928 Pluralize nodes, ways and relations controllers 2018-11-07 15:55:26 +01:00
Andy Allan
79207ee594 Use CanCanCan for redaction authorizations 2018-11-07 13:28:58 +01:00
Andy Allan
368ce0000d Migrate UserBlocksController to use CanCanCan 2018-11-07 13:07:08 +01:00
Andy Allan
5cd417f8e8 Use relative translations for changeset comments 2018-11-07 11:07:29 +01:00
Andy Allan
04afeeb32f Rename hide_comment and unhide_comment to destroy and restore 
This preserves the API endpoints and HTTP methods, which could be changed in the next API version
 2018-11-07 10:51:43 +01:00
Andy Allan
4b0d56f7e1 Rename comments_feed to index 2018-11-07 10:22:07 +01:00
Andy Allan
b7e871cb46 Rename comment to create 2018-11-07 10:22:07 +01:00
Andy Allan
19c2b92fb7 Split changeset comment handling into a changeset_comments controller 2018-11-07 10:20:14 +01:00
Tom Hughes
cdb42d2a6c Avoid ordering points from public and private traces 
Closes #2046
 2018-11-07 08:57:14 +00:00
Tom Hughes
b7438167c0 Use character validate to exclude URL characters for trace tags 2018-11-05 21:16:21 +00:00
Tom Hughes
56f7e692cd Improve character validator error messages 2018-11-05 21:16:21 +00:00
Tom Hughes
d73a5d4bc0 Merge character validators 2018-11-05 18:54:19 +00:00
Tom Hughes
b4ef61a9f3 Merge leading and trailing whitespace validators 2018-11-05 18:29:17 +00:00
Tom Hughes
873ac155ca Improve consistency of text validations 2018-11-05 17:06:48 +00:00
J Guthrie
1e57189366 Added tests for validators 2018-11-05 16:23:30 +00:00
J Guthrie
6cde8c9b0c Changed User model to not allow nil display_name (w/ tests) 2018-11-05 15:40:37 +00:00
J Guthrie
e091246ffc Converted invalid_chars validator to use locale 2018-11-05 14:27:07 +00:00
J Guthrie
3b68061e87 Fix rubocop errors 2018-11-05 14:27:06 +00:00
J Guthrie
c2f23fea6a Create invalid_char validators and apply to models 2018-11-05 14:27:03 +00:00
J Guthrie
64816e50b5 Added more non-ascii chars to validation (matching list of chars in other models) 2018-11-05 14:24:30 +00:00
J Guthrie
7d6c5d7cd7 Fix rubucop errors 2018-11-05 14:24:29 +00:00
J Guthrie
b439bac920 Make invalid char list more explicit (between ascii and non ascii chars) 2018-11-05 14:24:29 +00:00
J Guthrie
c3254b7e93 Added trailing/leading whitespace errors to locale 2018-11-05 14:24:25 +00:00