Tom Hughes
1dfbd9282c
Merge remote-tracking branch 'upstream/pull/1950'
2018-08-28 17:59:46 +01:00
Tom Hughes
08f0621d6f
Tidy whitespace
2018-08-28 17:56:34 +01:00
Ilya Zverev
a46ecae757
Reverse coordinates order only when called with two nondescript numbers
2018-08-28 15:16:26 +03:00
ENT8R
e8cb7ac8f1
Add some more tests, better error handling for dates
2018-08-27 16:44:46 +02:00
Ilya Zverev
d9d51fce9b
Add parsing coordinates in lon, lat format
2018-08-27 14:06:17 +03:00
ENT8R
98402908b0
Improve code style, fix tests
2018-08-26 16:04:09 +02:00
ENT8R
85324058f4
Enhanced the notes search endpoint with a few features
2018-08-25 23:00:11 +02:00
Tom Hughes
ed82d0a756
Only fetch client side translations for the current locale
2018-08-16 12:22:36 +01:00
mmd-osm
fe644bbd72
Include num_changes in changeset xml response
2018-08-14 10:57:13 +02:00
Tom Hughes
e9abea3dd7
Avoid some accidental manouver type matches
2018-08-13 17:13:26 +01:00
Tom Hughes
91194cf354
Set the locale when adding a comment to an issue
2018-08-01 21:35:51 +01:00
Tom Hughes
5fa0aebe9f
Use dynamic error pages built through the asset pipeline
...
Fixes #1241
2018-08-01 19:13:04 +01:00
Tom Hughes
640ea955fe
Remove script sources which are no longer needed by iD
2018-07-26 17:44:16 +01:00
J Guthrie
07480996d7
Refactored and added new test
2018-07-26 16:27:28 +01:00
J Guthrie
a04b19a9ae
Return after rendering - stops further processing in controller
2018-07-25 02:30:59 +01:00
J Guthrie
4ae7bb4178
Switched if to unless to satisfy rubycop
2018-07-25 02:04:04 +01:00
J Guthrie
c299bd42ef
No trace description now redirects to /new
2018-07-25 01:49:51 +01:00
Frederik Ramm
b9f9d9df88
allow moderators to read hidden notes through API
2018-07-22 15:42:14 +02:00
Tom Hughes
28b48cf583
Add issues link to "More" menu for intermediate sized screens
...
Fixes #1928
2018-07-18 18:59:52 +01:00
Frederik Ramm
1aa0e35a7a
do not allow anonymous users to comment on notes
2018-07-17 12:41:49 +02:00
Tom Hughes
b4106383d9
Add /api/0.6/users to fetch multiple users
...
Fixes #1921
2018-07-09 22:26:55 +01:00
Tom Hughes
f70edc02f0
Return the "large" image from the user details API call
...
Closes #1923
2018-07-09 20:26:37 +01:00
Tom Hughes
73637b285d
Remove expired banners
2018-06-22 12:05:45 +01:00
Francesco Frassinelli
99856a7717
Add SotM 2018 banner
...
Closes #1905
2018-06-22 12:05:45 +01:00
Tom Hughes
98de681e47
Update to rails 5.2.0
2018-06-19 00:16:24 +01:00
Tom Hughes
f7a35c5895
Fix new rubocop warnings
2018-06-18 09:00:49 +01:00
Chris Flipse
25256a4849
Make rubocop happy
2018-06-17 20:40:48 -04:00
Chris Flipse
91fc65a2e3
separate ability and capability
...
These are asking fundamentally different questions;
Abilities are asking the application if the user has a role that allows
the user to take a certain action
Capabilities are asking if the user has granted the application to
perform a certain type of action
CanCanCan makes no distinction, however, so the `granted_capabilities`
method is provided as a point that can be checked in rescue methods, so
that one can _attempt_ to continue to provide the more informative error
messages around permission refusals
2018-06-17 13:57:32 -04:00
Benjamin Reynolds
4d20a2c96a
Authorize actions on GeocoderController with CanCanCan Ability
2018-06-17 13:57:06 -04:00
Chris Flipse
464c7f863e
Update capabilities check to actually reflect the existing logic
...
The OAuth capabilities are essentially user permissions that have been
granted to the app. If the user authenticates through a non-oauth
method, they are assumed to have granted all capabilities to the app
2018-06-17 13:57:06 -04:00
Chris Flipse
060c686c19
Use cancancan to authorize user_preference_controller
2018-06-17 13:57:06 -04:00
Chris Flipse
5232914427
Implement the cancan filters for diary entries
...
Access logic is not _entirely_ exported from the controller,
unfortunately. For interface reasons, some actions which require admin
have to be listed within the controller's deny_access method.
This is required because, being a default-deny system, cancancan
_cannot_ tell you the reason you were denied access; and so
the "nice" feedback presenting next steps can't be gleaned from
the exception
2018-06-17 13:57:06 -04:00
Chris Flipse
6b44a1976c
use a controller method to handle cancan denials
...
This will let controllers override for specific circumstances
2018-06-17 13:57:06 -04:00
Chris Flipse
6da3ece683
use token in ability checks
2018-06-17 13:56:23 -04:00
Chris Flipse
b16aa11f65
fix tests for site controller
2018-06-17 13:56:23 -04:00
Chris Flipse
2ab3d56102
don't check authorization everywhere
2018-06-17 13:56:23 -04:00
Andy Allan
ffa65d4d72
Add cancancan and the first ability definitions for site_controller
2018-06-17 13:56:23 -04:00
Tom Hughes
727ee97a3f
Allow inline javascript and CSS in better_errors pages
2018-06-17 11:33:51 +01:00
Tom Hughes
e5604ce98e
Assign vandalism reports for users to moderators
2018-06-17 11:14:19 +01:00
Tom Hughes
6c225bd01c
Only include issues visible to the current user in the count
2018-06-17 01:01:24 +01:00
Tom Hughes
0071025400
Avoid using "other" as a translation key
2018-06-16 16:21:07 +01:00
Tom Hughes
1392e63272
Show count of open issues in the header
2018-06-16 12:40:15 +01:00
Tom Hughes
5ea1ba8d84
Set the locale for issue and report views
2018-06-16 12:14:58 +01:00
Tom Hughes
27679356af
Default to only showing open issues
2018-06-10 19:11:25 +01:00
Tom Hughes
5e2c567b7f
Make report type a required field
2018-06-10 17:16:33 +01:00
Tom Hughes
f7d0a60fc1
Make reportable item titles translatable
2018-06-10 17:05:21 +01:00
Tom Hughes
d3700e6201
Merge branch 'master' into next
2018-06-10 17:02:12 +01:00
Tom Hughes
2aca6920dc
Use lazy lookups for translations in issues
2018-06-10 16:59:58 +01:00
Tom Hughes
5effa0a6d6
Avoid losing filter settings when an invalid user is entered
2018-06-10 15:42:35 +01:00
Tom Hughes
e8942437c0
Use select_tag for issue filter fields instead of abusing select
2018-06-10 15:32:27 +01:00