cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11604 commits 4 branches 1 tag 499 MiB
Commit graph

1639 commits

Author SHA1 Message Date
Andy Allan
0888f43d7b Check the oauth token and then use the capabilities directly 2018-10-24 16:48:54 +02:00
Andy Allan
71b21ec473 Rework capabilities to avoid assumptions about missing tokens 
The logic about missing tokens implying logged in users (and that
all logged in users have access to any method protected by a token
capability) is correct. However, I believe it is both confusing and
brittle, and leaves a security-related door ajar for future foot-gun
incidents.

Instead, apply Abilities as normal, and keep the Capabilities
involvement only for situations where a token is provided. This
reduces the cognitive burden when considering Abilities in isolation.
 2018-10-24 12:07:00 +02:00
Tom Hughes
a5124ed409 Update translation keys for renaming of user to users 
Fixes #2031
 2018-10-22 11:00:03 +01:00
Simon Poole
07ffb4c3f6 Calculate bounding box when deleting relations 
Closes #2030
Fixes #2020
 2018-10-21 19:32:12 +01:00
Tom Hughes
db13180c70 Use "user" as user id parameter for notes searches 2018-10-11 18:30:53 +01:00
Andy Allan
f8f7ab1568 Change abilities based on upstream renamings 2018-10-10 11:41:16 +02:00
Andy Allan
420a7289a0 Merge branch 'authz' of https://github.com/rubyforgood/openstreetmap-website into rubyforgood-authz 2018-10-10 11:26:30 +02:00
ENT8R
083500f056 Merge branch 'master' into notes-search 2018-10-09 11:41:22 +02:00
Tom Hughes
b8a8a88004 Merge remote-tracking branch 'upstream/pull/2014' 2018-10-03 18:59:33 +01:00
Andy Allan
3ec67ea2d3 Rename user_controller to users_controller 2018-10-03 15:31:10 +02:00
Andy Allan
5e407dfb34
Merge branch 'master' into messages 2018-10-03 14:04:12 +02:00
Xuyang Jia
d0e45c7c8e Fix any_relations always being false 
Closes #1976
 2018-09-22 17:46:00 +01:00
Tom Hughes
de29e9b3f5 Fix Style/NumericPredicate rubocop warnings 2018-09-22 17:34:58 +01:00
Tom Hughes
b4d90ec7f4 Test that friends are shown correctly on the user profile 
Fixes #1992
 2018-09-12 18:03:12 +01:00
Tom Hughes
297b0a0e16 Merge remote-tracking branch 'upstream/pull/1987' 2018-09-10 19:09:31 +01:00
Tom Hughes
276599d34f Merge remote-tracking branch 'upstream/pull/1986' 2018-09-10 19:01:28 +01:00
Tom Hughes
0e0c89b95c Merge remote-tracking branch 'upstream/pull/1985' 2018-09-10 18:58:27 +01:00
Tom Hughes
995a5f89c2 Merge remote-tracking branch 'upstream/pull/1984' 2018-09-10 18:53:13 +01:00
Wil
1d2a3841ab Resolve 34 Rubocop Lint/AmbiguousOperator conflicts 2018-09-10 11:43:50 +08:00
Wil
a182820139 Resolve 96 Rubocop Lint/AmbiguousRegexpLiteral conflicts 2018-09-10 11:28:16 +08:00
Andy Allan
100babbe6c Just pass the object, rather than the id, to _path methods where possible 2018-09-10 11:09:30 +08:00
Andy Allan
4dd4831c0a Just pass the user object, rather than the display_name, to the user_path helper 2018-09-10 10:54:29 +08:00
Andy Allan
3f2ba044e5 Rename diary_entry#list to #index 2018-09-10 10:26:28 +08:00
Andy Allan
a3606e00b4 Rename user#list to user#index 2018-09-10 10:03:34 +08:00
Andy Allan
a8ecb1bf4b Use full url escaping when required in trace tests 2018-09-10 09:37:52 +08:00
Tom Hughes
5a2d2f97ce Update changeset browse view for renaming of changeset#list to changeset#index 2018-09-09 12:36:34 +01:00
Tom Hughes
bc4e65394f Improve tests for trace RSS feeds 2018-09-09 11:50:05 +01:00
Tom Hughes
983e21db2e Merge remote-tracking branch 'upstream/pull/1974' 2018-09-05 19:06:16 +01:00
Tom Hughes
70cca71f38 Merge remote-tracking branch 'upstream/pull/1973' 2018-09-05 19:01:24 +01:00
Andy Allan
de6aa3f015 Rename changeset#list to changeset#index 2018-09-05 15:17:11 +08:00
Andy Allan
5a06a3dffe Rename diary_entry#view to diary_entry#show 2018-09-05 14:52:36 +08:00
Andy Allan
19c26e70a3 Rename user#view to user#show 2018-09-05 14:21:01 +08:00
Andy Allan
dfe21fec82 Use resourceful routing for message replies 2018-09-05 13:22:43 +08:00
Andy Allan
db30ea642e Use a resourceful path for message marking 2018-09-05 11:23:53 +08:00
Andy Allan
5405dde6ec Use resourceful destroy method for messages 2018-09-05 10:38:36 +08:00
Tom Hughes
6027c42ee7 Hide note comments made by deleted users 
Fixes #1970
 2018-09-04 22:22:39 +01:00
Tom Hughes
a1b179fa38 Merge remote-tracking branch 'upstream/pull/1964' 2018-08-30 18:26:05 +01:00
Andy Allan
d0089f0ce8 Rename traces#list to traces#index 2018-08-29 17:58:37 +08:00
Andy Allan
16fef14b61 Rename traces#view to traces#show 2018-08-29 17:43:38 +08:00
Andy Allan
b745126b6e Split out updating a trace into an update action 2018-08-29 17:31:12 +08:00
Tom Hughes
05514ced0c Merge remote-tracking branch 'upstream/pull/1962' 2018-08-29 08:46:44 +01:00
Andy Allan
942e62117f
Merge pull request #1938 from jguthrie100/fix_no_trace_description_error 
Fixes "new trace" validation error
 2018-08-29 14:49:26 +08:00
Andy Allan
f38e03f0ed Refactor message creation to use a create action 
This makes it more conventional, rather than handling posts to the new action. The posting of the form was also reworked to use a hidden field for the displayname, rather than in the url, again for convention.
 2018-08-29 14:18:20 +08:00
Tom Hughes
06915a77b5 Fix FactoryBot deprecation warnings 2018-08-28 19:12:01 +01:00
Ilya Zverev
a46ecae757 Reverse coordinates order only when called with two nondescript numbers 2018-08-28 15:16:26 +03:00
ENT8R
e8cb7ac8f1
Add some more tests, better error handling for dates 2018-08-27 16:44:46 +02:00
Ilya Zverev
5b4a8ba587 Adjust test for latlon searching 2018-08-27 14:40:11 +03:00
ENT8R
5f1f8f3c91
Add some more tests 2018-08-26 19:06:01 +02:00
ENT8R
98402908b0
Improve code style, fix tests 2018-08-26 16:04:09 +02:00
Tom Hughes
5fa0aebe9f Use dynamic error pages built through the asset pipeline 
Fixes #1241
 2018-08-01 19:13:04 +01:00