cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11604 commits 4 branches 1 tag 499 MiB
Commit graph

53 commits

Author SHA1 Message Date
Andy Allan
6c1d73a509 Allow users to delete their own accounts 
This PR allows users to delete their own accounts. The logic implemented matches
that currently used by the admins when they manually close accounts, although
there is room to be more complex in future e.g. completely removing accounts
with no content.

The error handling has been slightly adapted for namespaced controllers, by
anchoring the controller name with a leading forward slash.
 2022-02-09 16:15:24 +00:00
Andy Allan
4bed9c12a0 Fix display of suspension message when a user is suspended mid-session 
Without the ability defined, the user is still logged out, but then
the deny_access check redirects to the login page. The re-login attempt
would then fail anyway, with an error message, but let's fix the abilities
and use the intended page.
 2022-01-05 18:21:42 +00:00
Andy Allan
a8e8ba1a64 Refactor the account edit/update pages out into a separate accounts controller 2021-12-08 15:17:50 +00:00
Andy Allan
cb7b79a58f Split the non-public information off of the profile page 
This opens up many possibilities for more interesting things to be
shown on the dashboard, as well as making it easier to find if
you have lots of content in your profile.
 2021-08-18 13:32:36 +01:00
Andy Allan
caf2e2a242 Move profile-related settings to their own form 
Refs #3167
 2021-07-14 17:45:19 +01:00
Andy Allan
2403630da8 Split user preferences into a separate page 
Refs #3167
 2021-07-14 17:40:20 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Andy Allan
094d6c8bb9 Move confirmation methods into ConfirmationsController 2021-04-07 16:05:32 +01:00
Andy Allan
7a66c6d4eb Split password reset functionality into PasswordsController 2021-04-07 16:05:28 +01:00
Andy Allan
f18baae22e Refactor login/logout into sessions controller 
Certain controller methods are shared with oauth-based logins, and these have been
moved to a concern.
 2021-03-24 11:32:46 +00:00
Andy Allan
41d6f19a6b Rename the notes#mine action to index 2020-07-08 18:43:30 +02:00
Andy Allan
600812f6ad Rework user#set_status and #delete to avoid GET requests 
This renames the delete action to destroy, and starts using resourceful
routing for user actions.
 2020-06-10 11:49:18 +02:00
Andy Allan
8ebfdbc1ff Move make_friend and remove_friend to friendships controller 2020-06-03 18:23:07 +02:00
Andy Allan
44c6fdc273 Use the conventional 'destroy' method name for destroying traces 2019-12-04 11:59:18 +01:00
Tom Hughes
31edc7dff6 Merge remote-tracking branch 'upstream/pull/2226' 2019-06-18 21:10:07 +01:00
Andy Allan
fdffd22cca Allow admins to unhide diary comments, if they wish 2019-06-06 16:03:42 +02:00
Andy Allan
f2f3fbb1f1 Allow administrators to unhide diary entries, if they wish 2019-06-06 15:59:47 +02:00
Andy Allan
b7893df84e Refactor diary entries to use create and update methods 
This brings it slightly more into line with resourceful routing.
 2019-05-29 15:37:23 +02:00
Andy Allan
2142ff02c2 Allow moderators to hide diary entries and comments 2019-05-15 13:40:15 +02:00
Andy Allan
7b057545c0 Disentangle the api abilities from the web abilities 
This will allow us to rename api actions without causing permissions headaches. The choice of
abilities files is made by inheriting from either api_controller or application_controller.

Also rename capabilities to api_capabilites, for consistency.
 2019-03-27 18:07:29 +01:00
Tom Hughes
6600221fe3 Fix database offline mode 2019-03-17 11:15:34 +00:00
Andy Allan
f4e2990526 Move map method to its own controller 2019-02-24 11:44:10 +01:00
Andy Allan
d887252eeb Move the changes api to its own controller 2019-02-24 11:00:28 +01:00
Andy Allan
8383fd0928 Move the permissions call out of api_controller 2019-02-24 11:00:28 +01:00
Andy Allan
317b8f9d45 Move the trackpoints call into its own controller (and rename to tracepoints) 2019-02-24 11:00:28 +01:00
Andy Allan
6a4092bc16 Move the capabilities call out of api_controller 2019-02-24 11:00:20 +01:00
Andy Allan
35a2d66e19 Remove require_terms_agreed configuration option 
This has been set to true for 6 years in production. Refs #2097

As per other user settings, we set the terms as seen by default for tests,
and we can override that when necessary for specific tests.
 2019-02-06 15:50:57 +01:00
Andy Allan
8a2df0e0b5 More resourceful routing for nodes, ways, relations and changesets controllers 2019-01-16 13:10:11 +01:00
Tom Hughes
11806a676f Merge remote-tracking branch 'upstream/pull/2116' 2019-01-16 10:23:27 +00:00
Andy Allan
3e49e4a62a Use CanCanCan to control access to oauth controller actions 2019-01-16 10:17:55 +01:00
Andy Allan
e7f943c715 Use CanCanCan for nodes, ways, relations, old and api controllers 2019-01-16 10:12:19 +01:00
Tom Hughes
5c877e0fa4 Allow everybody to query features 2019-01-09 19:15:55 +00:00
Tom Hughes
99b380765a Allow everybody to create new notes 
Fixes #2110
 2019-01-09 18:13:55 +00:00
Tom Hughes
6c2432ae42 Merge remote-tracking branch 'upstream/pull/2109' 2019-01-09 17:27:16 +00:00
Tom Hughes
74e1d7336e Merge remote-tracking branch 'upstream/pull/2107' 2019-01-09 17:20:08 +00:00
Tom Hughes
09b6560e81 Merge remote-tracking branch 'upstream/pull/2106' 2019-01-09 17:16:01 +00:00
Andy Allan
b184b39f34 Use CanCanCan for oauth clients controller 2019-01-09 15:34:54 +01:00
Andy Allan
425f42dd80 Use CanCanCan for messages controller 2019-01-09 15:27:29 +01:00
Andy Allan
1774109311 Use CanCanCan for changesets controller 
The expand_bbox method now needs require_write_api capability on tokens.
 2019-01-09 12:41:33 +01:00
Andy Allan
414c4b2c36 Use CanCanCan for traces controller 2019-01-09 11:40:54 +01:00
Andy Allan
73201ca96b Use CanCanCan for swf controller 2019-01-09 10:32:57 +01:00
Andy Allan
7420479cde Use CanCanCan for directions controller 2019-01-09 10:12:14 +01:00
Andy Allan
1e30edba53 Use CanCanCan for browse controller 2019-01-09 10:10:12 +01:00
Andy Allan
44eea9dcaf Use CanCanCan for export controller 2019-01-02 19:21:10 +01:00
Andy Allan
ad68d4c634 Use CanCanCan for search controller 2019-01-02 19:17:32 +01:00
Andy Allan
c7a7d29813 Require terms agreement for abilities and capabilities related to api write methods 2019-01-02 17:40:43 +01:00
Andy Allan
ca596106f5 Refactor users_controller to use CanCanCan for authorisation 2018-12-12 16:17:24 +01:00
Andy Allan
a3a10237f7 Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
Andy Allan
ea766ec57d Use CanCanCan for notes authorization 2018-11-28 15:59:47 +01:00
Andy Allan
8f70fb2114 Use CanCanCan for changeset comments 
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
 2018-11-28 12:35:45 +01:00