openstreetmap-website

Author	SHA1	Message	Date
Paul Dexter-Sobkowiak	74d2c4336b	Split browse_helper.rb into two modules due to rubocop ModuleLength	2018-11-28 18:18:14 +00:00
Paul Dexter-Sobkowiak	5ba64efd7c	Show tel: links for multiple phone numbers separated by ; Closes #2069	2018-11-27 00:06:28 +00:00
Tom Hughes	6f2f9221ef	Fix tests for rails 5.2.1 compatibility Rails 5.2.1 has changed how the request body is handled internally for a test which means we can no longer cheat by stashing it in the request environment and must instead pass it properly to the request method.	2018-11-15 00:46:53 +00:00
Tom Hughes	75189bd17d	Merge remote-tracking branch 'upstream/pull/2060'	2018-11-14 13:13:56 +00:00
Andy Allan	234afb3f42	Remove custom deny_access handlers Since these pages are not accessed by normal users, except for url fiddling, it's fine to respond with a generic access denied.	2018-11-14 14:10:51 +01:00
Tom Hughes	dd302f4f2c	Merge remote-tracking branch 'upstream/pull/2061'	2018-11-14 12:43:35 +00:00
Andy Allan	c89b88c8d0	Add a changeset to exercise that part of the contact rendering	2018-11-14 12:25:21 +01:00
Andy Allan	0d55c40ca8	Ensure that the blocked template rendering works	2018-11-14 12:19:23 +01:00
Andy Allan	d7f41756f9	Check that a request that requires authentication is redirected when the user hasn't seen the terms	2018-11-14 12:19:23 +01:00
Andy Allan	252b9ef08a	Pluralize changesets controller	2018-11-14 10:34:28 +01:00
Tom Hughes	ccdec3ed4c	Attempt to send pretty 403 errors to web browsers	2018-11-08 19:09:56 +00:00
Tom Hughes	6ca22de4f2	Merge remote-tracking branch 'upstream/pull/2051'	2018-11-08 17:51:23 +00:00
Tom Hughes	70d6880e10	Merge remote-tracking branch 'upstream/pull/2052'	2018-11-08 17:44:57 +00:00
Tom Hughes	10294f4849	Merge remote-tracking branch 'upstream/pull/2050'	2018-11-08 17:31:30 +00:00
Andy Allan	d70529f12b	Remove unnecessary include from redaction model test	2018-11-07 16:48:48 +01:00
Andy Allan	efa37f6a83	Remove unnecessary require statements from tests	2018-11-07 16:42:11 +01:00
Andy Allan	26777c4464	Pluralize diary entries controller	2018-11-07 16:31:04 +01:00
Andy Allan	e85c56d151	Pluralize old_ controllers	2018-11-07 16:05:56 +01:00
Andy Allan	05117aa928	Pluralize nodes, ways and relations controllers	2018-11-07 15:55:26 +01:00
Andy Allan	79207ee594	Use CanCanCan for redaction authorizations	2018-11-07 13:28:58 +01:00
Andy Allan	368ce0000d	Migrate UserBlocksController to use CanCanCan	2018-11-07 13:07:08 +01:00
Andy Allan	04afeeb32f	Rename hide_comment and unhide_comment to destroy and restore This preserves the API endpoints and HTTP methods, which could be changed in the next API version	2018-11-07 10:51:43 +01:00
Andy Allan	4b0d56f7e1	Rename comments_feed to index	2018-11-07 10:22:07 +01:00
Andy Allan	b7e871cb46	Rename comment to create	2018-11-07 10:22:07 +01:00
Andy Allan	19c2b92fb7	Split changeset comment handling into a changeset_comments controller	2018-11-07 10:20:14 +01:00
Tom Hughes	d73a5d4bc0	Merge character validators	2018-11-05 18:54:19 +00:00
Tom Hughes	b4ef61a9f3	Merge leading and trailing whitespace validators	2018-11-05 18:29:17 +00:00
J Guthrie	1e57189366	Added tests for validators	2018-11-05 16:23:30 +00:00
J Guthrie	6cde8c9b0c	Changed User model to not allow nil display_name (w/ tests)	2018-11-05 15:40:37 +00:00
Tom Hughes	16bef0c8ec	Merge remote-tracking branch 'upstream/pull/2023'	2018-11-03 14:34:18 +00:00
Tom Hughes	8c269aba4e	Move abilities to a sepatarate top level directory	2018-11-03 12:56:50 +00:00
Tom Hughes	391fb933f5	Merge remote-tracking branch 'upstream/pull/2038'	2018-11-03 11:58:56 +00:00
Tom Hughes	6142980d07	Fix new rubocop warnings	2018-10-31 19:14:39 +00:00
Andy Allan	b54362d458	Use deliver_later for all email sending	2018-10-31 16:38:12 +01:00
Andy Allan	7a177cb03f	Fix error messages when users should not be able to do things	2018-10-31 11:42:49 +01:00
Andy Allan	41619593df	Add testing for moderator users and issues	2018-10-31 11:41:32 +01:00
Andy Allan	149c07fd2b	Remove unnecessary token granting from the user_preferences tests Sufficient permissions are granted by the basic authorisation, so this isn't testing anything.	2018-10-31 11:36:24 +01:00
Andy Allan	f11221f05b	Merge branch 'master' into cancancan	2018-10-31 11:16:47 +01:00
Andy Allan	0888f43d7b	Check the oauth token and then use the capabilities directly	2018-10-24 16:48:54 +02:00
Andy Allan	71b21ec473	Rework capabilities to avoid assumptions about missing tokens The logic about missing tokens implying logged in users (and that all logged in users have access to any method protected by a token capability) is correct. However, I believe it is both confusing and brittle, and leaves a security-related door ajar for future foot-gun incidents. Instead, apply Abilities as normal, and keep the Capabilities involvement only for situations where a token is provided. This reduces the cognitive burden when considering Abilities in isolation.	2018-10-24 12:07:00 +02:00
Tom Hughes	a5124ed409	Update translation keys for renaming of user to users Fixes #2031	2018-10-22 11:00:03 +01:00
Simon Poole	07ffb4c3f6	Calculate bounding box when deleting relations Closes #2030 Fixes #2020	2018-10-21 19:32:12 +01:00
Tom Hughes	db13180c70	Use "user" as user id parameter for notes searches	2018-10-11 18:30:53 +01:00
Andy Allan	f8f7ab1568	Change abilities based on upstream renamings	2018-10-10 11:41:16 +02:00
Andy Allan	420a7289a0	Merge branch 'authz' of https://github.com/rubyforgood/openstreetmap-website into rubyforgood-authz	2018-10-10 11:26:30 +02:00
ENT8R	083500f056	Merge branch 'master' into notes-search	2018-10-09 11:41:22 +02:00
Tom Hughes	b8a8a88004	Merge remote-tracking branch 'upstream/pull/2014'	2018-10-03 18:59:33 +01:00
Andy Allan	3ec67ea2d3	Rename user_controller to users_controller	2018-10-03 15:31:10 +02:00
Andy Allan	5e407dfb34	Merge branch 'master' into messages	2018-10-03 14:04:12 +02:00
Xuyang Jia	d0e45c7c8e	Fix any_relations always being false Closes #1976	2018-09-22 17:46:00 +01:00

1 2 3 4 5 ...

1276 commits