cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11604 commits 4 branches 1 tag 499 MiB
Commit graph

935 commits

Author SHA1 Message Date
Andy Allan
8938ab7997 Remove redundant presence validation on belongs_to 
There's no need for us to have it when rails does this for us.
 2022-03-01 10:01:16 +00:00
Andy Allan
619ac4c5b2 Enable active_record.belongs_to_required_by_default 
This switches the logic so that belongs_to parent objects must exist
by default, and marks the optional ones explicitly. This is reflected
in the null/not_null status on the relevant db columns.
 2022-02-23 20:33:28 +00:00
Andy Allan
3cf3b3ce4e Specify inverse_of for trace tags and points 
Rails can't automatically detect bi-directional relationships when
`:foreign_key` is present. Adding the `inverse_of` helps when validating
traces and tags that haven't yet been saved.
 2022-02-23 15:15:07 +00:00
Andy Allan
2fabc46421
Merge pull request #3440 from mmd-osm/relationmemberlimit 
Introduce relation member limit
 2022-02-16 14:58:30 +00:00
Tom Hughes
53aa7259bb Merge remote-tracking branch 'upstream/pull/3345' 2022-02-13 18:39:21 +00:00
Andy Allan
2d47d6b4f8 Ensure that deactivate isn't available in production 
It's only used as a workaround for factories not being able to create
pending users while keeping active as the default
 2022-02-02 17:48:17 +00:00
Andy Allan
2731e7244a Add extra user transitions needed by the administrators 2022-02-02 16:37:50 +00:00
mmd-osm
2efd73c672 Introduce relation member limit 
Adds a new parameter `max_number_of_relation_members` in settings.yml
 2022-02-02 13:15:40 +01:00
Andy Allan
1a11c4dc19 Use a state machine for user status 
The user status is a bit complex, since there are various states and
not all transitions between them make sense.

Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
 2022-01-12 18:16:14 +00:00
Tom Hughes
fea1b5b88d Fix new rubocop warnings 2021-12-28 19:47:51 +00:00
Tom Hughes
0ca2e10b1d Merge remote-tracking branch 'upstream/pull/3404' 2021-12-22 15:36:25 +00:00
Tom Hughes
5a70476d38 Merge remote-tracking branch 'upstream/pull/3403' 2021-12-22 15:26:23 +00:00
Andy Allan
99a64ba8c1 Remove unused require statement 
The corresponding code was removed in a65cb84288
 2021-12-22 15:08:06 +00:00
Andy Allan
40e8482825 Alias the user creation_time column 
This allows rails to set the created_at automatically, and so avoids
us from having to do so in a callback. It also hides the unusual
db column name from the rest of the app.
 2021-12-22 14:48:07 +00:00
Andy Allan
a863be8831 Rename User#delete to User#destroy 
"delete" is generally used for immediate SQL deletion without running
any callbacks or other ruby code, whereas "destroy" will trigger callbacks.

Although we don't currently use any callbacks, let's rename this method to
align better with the convention.
 2021-12-22 11:32:33 +00:00
Tom Hughes
b244905cd2 Add a rake task to migrate trace data to ActiveStorage 2021-12-16 18:45:31 +00:00
Tom Hughes
0410596908 Switch traces to use ActiveStorage 2021-12-16 18:45:31 +00:00
Tom Hughes
ef85e8c7b3 Make the storage service to use for avatars configurable 2021-12-16 18:45:31 +00:00
Tom Hughes
5966acc207 Merge remote-tracking branch 'upstream/pull/3300' 2021-10-07 17:45:07 +01:00
Tom Hughes
cb10c10ea3 Merge remote-tracking branch 'upstream/pull/3332' 2021-09-29 19:10:22 +01:00
Tom Hughes
22377cbdd4 Fix new rubocop warning 2021-09-29 18:54:56 +01:00
Andy Allan
9ab15f38ea Move the tracepoint coordinate format test to the controller test 
This allows us to remove the model method
 2021-09-29 15:25:28 +01:00
Andy Allan
dfcecb0118 Remove the ObjectMetadata concern, since it's only used in tests now 2021-09-15 17:05:50 +01:00
Andy Allan
baea8dc10e Remove unused to_xml and to_xml_node methods from models 2021-09-15 17:05:50 +01:00
Tom Hughes
6c6e8883f7 Introduce privileged scopes that only an administrator can enable 2021-08-26 17:22:24 +01:00
Tom Hughes
f1935b1c57 Merge remote-tracking branch 'upstream/pull/3257' 2021-07-21 19:24:31 +01:00
Tom Hughes
cd9a72e669 Merge remote-tracking branch 'upstream/pull/3263' 2021-07-21 12:16:08 +01:00
Tom Hughes
377f394a7c Treat association between users and OAuth 2 applications as polymorphic 2021-07-21 11:52:10 +01:00
Andy Allan
37b03e47c6 Fix various code comments 
These were found as part of #3233
 2021-07-21 11:24:23 +01:00
Tom Hughes
4d47cff5e1 Merge remote-tracking branch 'upstream/pull/3237' 2021-07-21 11:24:17 +01:00
Andy Allan
9b8f2bbcbe Remove code complexity around resetting language preferences 
This was originally introduced since we saved the user and showed
the result on the same action. Now that the preferences controller
saves and redirects, the user model and associated language preferences
are reloaded between requests, and this code is no longer required.
 2021-07-14 17:40:20 +01:00
Tom Hughes
da546af22e Allow acls to match on parent domains 2021-07-06 10:13:33 +01:00
Tom Hughes
b4a1e41968 Switch web site to use OAuth 2 2021-06-27 19:00:36 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
9603d718c2 Fix calculation of friendship rate limit 2021-05-11 15:49:48 +01:00
Tom Hughes
84c601460f Add rate limiting to user friendships 2021-05-11 12:10:36 +01:00
Tom Hughes
25510b6616 Add additional limits on sending messages 
Additional limits apply to new accounts and accounts with
unresolved issues reported against them.

Fixes #3135
 2021-03-31 22:40:34 +01:00
Tom Hughes
2d50a84004 Fix new rubocop warnings 2021-02-16 21:14:54 +00:00
Tom Hughes
3c4f32a760 Validate avatar images 
Closes #3097
 2021-02-16 17:37:18 +00:00
Tom Hughes
0654be27f9 Fix new rubocop warnings 2021-01-11 19:17:31 +00:00
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Tom Hughes
384ac46102 Convert id column for oauth_nonces to bigint 2020-12-14 14:48:59 +00:00
Tom Hughes
88ba316abe Merge remote-tracking branch 'upstream/pull/2999' 2020-12-09 14:51:04 +00:00
Tom Hughes
bfffe7ed96 Prefer string interpolation to concatenation 2020-11-13 11:32:28 +00:00
Tom Hughes
582402ba8f Prefer keyword arguments when method has optional boolean arguments 2020-11-13 10:22:55 +00:00
Andy Allan
a65cb84288 Remove unused code 2020-11-11 16:43:58 +00:00
Tom Hughes
7db541d697 Invalidate existing sessions when changing email or password 
As we don't have any way to actually find the active sessions for
an account we instead store a fingerprint in the session, and refuse
to use any session with a different fingerprint.
 2020-09-29 14:34:08 +01:00
Tom Hughes
c694c78c9a Delete any outstanding tokens when a user changes their email 
This ensures that any tokens previously sent to the old email address
can no longer be used if somebody were able to access that address.
 2020-09-29 13:47:40 +01:00
Tom Hughes
18b9b9f14c Fix new rubocop warnings 2020-09-07 07:11:22 +01:00
Tom Hughes
c2af89c00e Fix rubocop Style/SoleNestedConditional warnings 2020-09-02 18:54:55 +01:00