Commit graph

5562 commits

Author SHA1 Message Date
Tom Hughes
1dfbd9282c Merge remote-tracking branch 'upstream/pull/1950' 2018-08-28 17:59:46 +01:00
Tom Hughes
08f0621d6f Tidy whitespace 2018-08-28 17:56:34 +01:00
Ilya Zverev
a46ecae757 Reverse coordinates order only when called with two nondescript numbers 2018-08-28 15:16:26 +03:00
ENT8R
e8cb7ac8f1
Add some more tests, better error handling for dates 2018-08-27 16:44:46 +02:00
Ilya Zverev
d9d51fce9b Add parsing coordinates in lon, lat format 2018-08-27 14:06:17 +03:00
ENT8R
98402908b0
Improve code style, fix tests 2018-08-26 16:04:09 +02:00
ENT8R
85324058f4
Enhanced the notes search endpoint with a few features 2018-08-25 23:00:11 +02:00
Tom Hughes
ed82d0a756 Only fetch client side translations for the current locale 2018-08-16 12:22:36 +01:00
mmd-osm
fe644bbd72 Include num_changes in changeset xml response 2018-08-14 10:57:13 +02:00
Tom Hughes
e9abea3dd7 Avoid some accidental manouver type matches 2018-08-13 17:13:26 +01:00
Tom Hughes
91194cf354 Set the locale when adding a comment to an issue 2018-08-01 21:35:51 +01:00
Tom Hughes
5fa0aebe9f Use dynamic error pages built through the asset pipeline
Fixes #1241
2018-08-01 19:13:04 +01:00
Tom Hughes
640ea955fe Remove script sources which are no longer needed by iD 2018-07-26 17:44:16 +01:00
J Guthrie
07480996d7 Refactored and added new test 2018-07-26 16:27:28 +01:00
J Guthrie
a04b19a9ae Return after rendering - stops further processing in controller 2018-07-25 02:30:59 +01:00
J Guthrie
4ae7bb4178 Switched if to unless to satisfy rubycop 2018-07-25 02:04:04 +01:00
J Guthrie
c299bd42ef No trace description now redirects to /new 2018-07-25 01:49:51 +01:00
Frederik Ramm
b9f9d9df88 allow moderators to read hidden notes through API 2018-07-22 15:42:14 +02:00
Tom Hughes
28b48cf583 Add issues link to "More" menu for intermediate sized screens
Fixes #1928
2018-07-18 18:59:52 +01:00
Frederik Ramm
1aa0e35a7a do not allow anonymous users to comment on notes 2018-07-17 12:41:49 +02:00
Tom Hughes
b4106383d9 Add /api/0.6/users to fetch multiple users
Fixes #1921
2018-07-09 22:26:55 +01:00
Tom Hughes
f70edc02f0 Return the "large" image from the user details API call
Closes #1923
2018-07-09 20:26:37 +01:00
Tom Hughes
73637b285d Remove expired banners 2018-06-22 12:05:45 +01:00
Francesco Frassinelli
99856a7717 Add SotM 2018 banner
Closes #1905
2018-06-22 12:05:45 +01:00
Tom Hughes
98de681e47 Update to rails 5.2.0 2018-06-19 00:16:24 +01:00
Tom Hughes
f7a35c5895 Fix new rubocop warnings 2018-06-18 09:00:49 +01:00
Chris Flipse
25256a4849 Make rubocop happy 2018-06-17 20:40:48 -04:00
Chris Flipse
91fc65a2e3 separate ability and capability
These are asking fundamentally different questions;

Abilities are asking the application if the user has a role that allows
the user to take a certain action
Capabilities are asking if the user has granted the application to
perform a certain type of action

CanCanCan makes no distinction, however, so the `granted_capabilities`
method is provided as a point that can be checked in rescue methods, so
that one can _attempt_ to continue to provide the more informative error
messages around permission refusals
2018-06-17 13:57:32 -04:00
Benjamin Reynolds
4d20a2c96a Authorize actions on GeocoderController with CanCanCan Ability 2018-06-17 13:57:06 -04:00
Chris Flipse
464c7f863e Update capabilities check to actually reflect the existing logic
The OAuth capabilities are essentially user permissions that have been
granted to the app.  If the user authenticates through a non-oauth
method, they are assumed to have granted all capabilities to the app
2018-06-17 13:57:06 -04:00
Chris Flipse
060c686c19 Use cancancan to authorize user_preference_controller 2018-06-17 13:57:06 -04:00
Chris Flipse
5232914427 Implement the cancan filters for diary entries
Access logic is not _entirely_ exported from the controller,
unfortunately.  For interface reasons, some actions which require admin
have to be listed within the controller's deny_access method.

This is required because, being a default-deny system, cancancan
_cannot_ tell you the reason you were denied access; and so
the "nice" feedback presenting next steps can't be gleaned from
the exception
2018-06-17 13:57:06 -04:00
Chris Flipse
6b44a1976c use a controller method to handle cancan denials
This will let controllers override for specific circumstances
2018-06-17 13:57:06 -04:00
Chris Flipse
6da3ece683 use token in ability checks 2018-06-17 13:56:23 -04:00
Chris Flipse
b16aa11f65 fix tests for site controller 2018-06-17 13:56:23 -04:00
Chris Flipse
2ab3d56102 don't check authorization everywhere 2018-06-17 13:56:23 -04:00
Andy Allan
ffa65d4d72 Add cancancan and the first ability definitions for site_controller 2018-06-17 13:56:23 -04:00
Tom Hughes
727ee97a3f Allow inline javascript and CSS in better_errors pages 2018-06-17 11:33:51 +01:00
Tom Hughes
e5604ce98e Assign vandalism reports for users to moderators 2018-06-17 11:14:19 +01:00
Tom Hughes
6c225bd01c Only include issues visible to the current user in the count 2018-06-17 01:01:24 +01:00
Tom Hughes
0071025400 Avoid using "other" as a translation key 2018-06-16 16:21:07 +01:00
Tom Hughes
1392e63272 Show count of open issues in the header 2018-06-16 12:40:15 +01:00
Tom Hughes
5ea1ba8d84 Set the locale for issue and report views 2018-06-16 12:14:58 +01:00
Tom Hughes
27679356af Default to only showing open issues 2018-06-10 19:11:25 +01:00
Tom Hughes
5e2c567b7f Make report type a required field 2018-06-10 17:16:33 +01:00
Tom Hughes
f7d0a60fc1 Make reportable item titles translatable 2018-06-10 17:05:21 +01:00
Tom Hughes
d3700e6201 Merge branch 'master' into next 2018-06-10 17:02:12 +01:00
Tom Hughes
2aca6920dc Use lazy lookups for translations in issues 2018-06-10 16:59:58 +01:00
Tom Hughes
5effa0a6d6 Avoid losing filter settings when an invalid user is entered 2018-06-10 15:42:35 +01:00
Tom Hughes
e8942437c0 Use select_tag for issue filter fields instead of abusing select 2018-06-10 15:32:27 +01:00