openstreetmap-website

9081 commits 4 branches 1 tag 499 MiB

Author	SHA1	Message	Date
Andy Allan	981e4a34b5	Use only token capabilities when a token is provided The Authenticate#allow? method (from oauth-plugin) sets current_user as a side effect of checking the token. But this allows a valid token to access all actions that are available to that user, beyond the capabilities for that token.	2018-12-12 16:16:23 +01:00
Tom Hughes	6f2f9221ef	Fix tests for rails 5.2.1 compatibility Rails 5.2.1 has changed how the request body is handled internally for a test which means we can no longer cheat by stashing it in the request environment and must instead pass it properly to the request method.	2018-11-15 00:46:53 +00:00
Andy Allan	9408ed6946	Pluralise user_preferences_controller This is the rails convention for controllers and can make route generation easier. http://guides.rubyonrails.org/action_controller_overview.html#controller-naming-convention	2018-04-18 11:26:00 +08:00

Author

SHA1

Message

Date

Andy Allan

981e4a34b5

Use only token capabilities when a token is provided

The Authenticate#allow? method (from oauth-plugin) sets current_user as a side
effect of checking the token. But this allows a valid token to access
all actions that are available to that user, beyond the capabilities for
that token.

2018-12-12 16:16:23 +01:00

Tom Hughes

6f2f9221ef

Fix tests for rails 5.2.1 compatibility

Rails 5.2.1 has changed how the request body is handled
internally for a test which means we can no longer cheat
by stashing it in the request environment and must instead
pass it properly to the request method.

2018-11-15 00:46:53 +00:00

Andy Allan

9408ed6946

Pluralise user_preferences_controller

This is the rails convention for controllers and can make route
generation easier.

http://guides.rubyonrails.org/action_controller_overview.html#controller-naming-convention

2018-04-18 11:26:00 +08:00

Renamed from test/controllers/user_preference_controller_test.rb (Browse further)

3 commits