openstreetmap-website

Author	SHA1	Message	Date
Andy Allan	7b057545c0	Disentangle the api abilities from the web abilities This will allow us to rename api actions without causing permissions headaches. The choice of abilities files is made by inheriting from either api_controller or application_controller. Also rename capabilities to api_capabilites, for consistency.	2019-03-27 18:07:29 +01:00
Tom Hughes	6600221fe3	Fix database offline mode	2019-03-17 11:15:34 +00:00
Andy Allan	f4e2990526	Move map method to its own controller	2019-02-24 11:44:10 +01:00
Andy Allan	d887252eeb	Move the changes api to its own controller	2019-02-24 11:00:28 +01:00
Andy Allan	8383fd0928	Move the permissions call out of api_controller	2019-02-24 11:00:28 +01:00
Andy Allan	317b8f9d45	Move the trackpoints call into its own controller (and rename to tracepoints)	2019-02-24 11:00:28 +01:00
Andy Allan	6a4092bc16	Move the capabilities call out of api_controller	2019-02-24 11:00:20 +01:00
Andy Allan	35a2d66e19	Remove require_terms_agreed configuration option This has been set to true for 6 years in production. Refs #2097 As per other user settings, we set the terms as seen by default for tests, and we can override that when necessary for specific tests.	2019-02-06 15:50:57 +01:00
Andy Allan	8a2df0e0b5	More resourceful routing for nodes, ways, relations and changesets controllers	2019-01-16 13:10:11 +01:00
Tom Hughes	11806a676f	Merge remote-tracking branch 'upstream/pull/2116'	2019-01-16 10:23:27 +00:00
Andy Allan	3e49e4a62a	Use CanCanCan to control access to oauth controller actions	2019-01-16 10:17:55 +01:00
Andy Allan	e7f943c715	Use CanCanCan for nodes, ways, relations, old and api controllers	2019-01-16 10:12:19 +01:00
Tom Hughes	5c877e0fa4	Allow everybody to query features	2019-01-09 19:15:55 +00:00
Tom Hughes	99b380765a	Allow everybody to create new notes Fixes #2110	2019-01-09 18:13:55 +00:00
Tom Hughes	6c2432ae42	Merge remote-tracking branch 'upstream/pull/2109'	2019-01-09 17:27:16 +00:00
Tom Hughes	74e1d7336e	Merge remote-tracking branch 'upstream/pull/2107'	2019-01-09 17:20:08 +00:00
Tom Hughes	09b6560e81	Merge remote-tracking branch 'upstream/pull/2106'	2019-01-09 17:16:01 +00:00
Andy Allan	b184b39f34	Use CanCanCan for oauth clients controller	2019-01-09 15:34:54 +01:00
Andy Allan	425f42dd80	Use CanCanCan for messages controller	2019-01-09 15:27:29 +01:00
Andy Allan	1774109311	Use CanCanCan for changesets controller The expand_bbox method now needs require_write_api capability on tokens.	2019-01-09 12:41:33 +01:00
Andy Allan	414c4b2c36	Use CanCanCan for traces controller	2019-01-09 11:40:54 +01:00
Andy Allan	73201ca96b	Use CanCanCan for swf controller	2019-01-09 10:32:57 +01:00
Andy Allan	7420479cde	Use CanCanCan for directions controller	2019-01-09 10:12:14 +01:00
Andy Allan	1e30edba53	Use CanCanCan for browse controller	2019-01-09 10:10:12 +01:00
Andy Allan	44eea9dcaf	Use CanCanCan for export controller	2019-01-02 19:21:10 +01:00
Andy Allan	ad68d4c634	Use CanCanCan for search controller	2019-01-02 19:17:32 +01:00
Andy Allan	c7a7d29813	Require terms agreement for abilities and capabilities related to api write methods	2019-01-02 17:40:43 +01:00
Andy Allan	ca596106f5	Refactor users_controller to use CanCanCan for authorisation	2018-12-12 16:17:24 +01:00
Andy Allan	a3a10237f7	Use CanCanCan for user_roles auth	2018-11-28 21:39:26 +01:00
Andy Allan	ea766ec57d	Use CanCanCan for notes authorization	2018-11-28 15:59:47 +01:00
Andy Allan	8f70fb2114	Use CanCanCan for changeset comments This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.	2018-11-28 12:35:45 +01:00
Andy Allan	79207ee594	Use CanCanCan for redaction authorizations	2018-11-07 13:28:58 +01:00
Andy Allan	368ce0000d	Migrate UserBlocksController to use CanCanCan	2018-11-07 13:07:08 +01:00
Tom Hughes	8c269aba4e	Move abilities to a sepatarate top level directory	2018-11-03 12:56:50 +00:00

34 commits