cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9207 commits 4 branches 1 tag 499 MiB
Commit graph

5142 commits

Author SHA1 Message Date
Simon Poole
8937099429 Add support for FOSSGIS routing server 2019-01-29 20:19:36 +00:00
Tom Hughes
c583ca92ed Don't swallow exceptions deleting traces 2019-01-28 19:10:35 +00:00
Tom Hughes
3e7bc943fe Merge remote-tracking branch 'upstream/pull/2120' 2019-01-28 19:04:02 +00:00
Quincy Morgan
3f2a42bf77 Add passthrough of new locale, maprules, and presets URL hash parameters to iD 2019-01-23 12:13:27 -05:00
Tom Hughes
d021f7b625 Merge remote-tracking branch 'upstream/pull/2118' 2019-01-16 12:22:31 +00:00
Andy Allan
8a2df0e0b5 More resourceful routing for nodes, ways, relations and changesets controllers 2019-01-16 13:10:11 +01:00
Andy Allan
30a4fb85a9 Remove old authorization helpers 
These have been replaced by abilities and capabilities
 2019-01-16 11:55:01 +01:00
Andy Allan
131fd76cae Ensure authorization checks happen for all controller methods 2019-01-16 11:45:13 +01:00
Andy Allan
fc6209dc07 Skip authorization checks for the errors controller 2019-01-16 11:44:55 +01:00
Tom Hughes
11806a676f Merge remote-tracking branch 'upstream/pull/2116' 2019-01-16 10:23:27 +00:00
Tom Hughes
d2e11a327e Merge remote-tracking branch 'upstream/pull/2115' 2019-01-16 10:20:29 +00:00
Tom Hughes
6fb660f0af Merge remote-tracking branch 'upstream/pull/2111' 2019-01-16 10:15:34 +00:00
Andy Allan
581eca3bbe Add a configuration flag for using the job queue to import traces 
This will allow the code to be merged to master, even if osm.org
isn't ready to start using it yet.
 2019-01-16 11:13:55 +01:00
Tom Hughes
81b37f9263 Fix styling of nested lists in rich text 2019-01-16 10:10:51 +00:00
Andy Allan
e59f1b6108 Sketch out how to use the jobs queue for trace insertion and deletion 
Refs #1852
 2019-01-16 10:49:11 +01:00
Andy Allan
3e49e4a62a Use CanCanCan to control access to oauth controller actions 2019-01-16 10:17:55 +01:00
Andy Allan
bda8544d94 Mark non-action methods as protected 2019-01-16 10:17:55 +01:00
Andy Allan
e7f943c715 Use CanCanCan for nodes, ways, relations, old and api controllers 2019-01-16 10:12:19 +01:00
Tom Hughes
5c877e0fa4 Allow everybody to query features 2019-01-09 19:15:55 +00:00
Tom Hughes
99b380765a Allow everybody to create new notes 
Fixes #2110
 2019-01-09 18:13:55 +00:00
Tom Hughes
6c2432ae42 Merge remote-tracking branch 'upstream/pull/2109' 2019-01-09 17:27:16 +00:00
Tom Hughes
73fe5a13df Merge remote-tracking branch 'upstream/pull/2108' 2019-01-09 17:24:28 +00:00
Tom Hughes
74e1d7336e Merge remote-tracking branch 'upstream/pull/2107' 2019-01-09 17:20:08 +00:00
Tom Hughes
09b6560e81 Merge remote-tracking branch 'upstream/pull/2106' 2019-01-09 17:16:01 +00:00
Andy Allan
b184b39f34 Use CanCanCan for oauth clients controller 2019-01-09 15:34:54 +01:00
Andy Allan
425f42dd80 Use CanCanCan for messages controller 2019-01-09 15:27:29 +01:00
Andy Allan
58c101762e Use a builder view for the capabilities call 
This is easier to work with than building the XML document by hand
in the controller.
 2019-01-09 14:30:18 +01:00
Andy Allan
686fee43bf Use full list of osm xml root attributes in builder templates 2019-01-09 14:15:39 +01:00
Andy Allan
1774109311 Use CanCanCan for changesets controller 
The expand_bbox method now needs require_write_api capability on tokens.
 2019-01-09 12:41:33 +01:00
Andy Allan
414c4b2c36 Use CanCanCan for traces controller 2019-01-09 11:40:54 +01:00
Andy Allan
73201ca96b Use CanCanCan for swf controller 2019-01-09 10:32:57 +01:00
Andy Allan
18e418cc4c Skip authorization checks for amf controller 2019-01-09 10:26:12 +01:00
Andy Allan
89399c5ba1 Add missing authorize_resource declaration to geocoder controller 2019-01-09 10:14:52 +01:00
Andy Allan
7420479cde Use CanCanCan for directions controller 2019-01-09 10:12:14 +01:00
Andy Allan
1e30edba53 Use CanCanCan for browse controller 2019-01-09 10:10:12 +01:00
Tom Hughes
65d57a5bfa Fix new rubocop warning 2019-01-07 09:04:13 +00:00
Andy Allan
44eea9dcaf Use CanCanCan for export controller 2019-01-02 19:21:10 +01:00
Andy Allan
ad68d4c634 Use CanCanCan for search controller 2019-01-02 19:17:32 +01:00
Andy Allan
c7a7d29813 Require terms agreement for abilities and capabilities related to api write methods 2019-01-02 17:40:43 +01:00
Tom Hughes
4b0fed0aa4 Replace custom panning with new panInside leaflet method 2019-01-02 11:03:06 +00:00
Tom Hughes
801271363d Allow inline styling on pages that display the map 
Both leaflet itself and at least one of our plugins use inline
styling to style markers so we need to allow it.

Fixes #2093
 2018-12-31 09:32:13 +00:00
Tom Hughes
eb7c4cdedd Allow abilities that require no login for token based access 
Fixes #2085
 2018-12-12 22:41:29 +00:00
Tom Hughes
7bb15e02cc Merge remote-tracking branch 'upstream/pull/2084' 2018-12-12 18:40:13 +00:00
Tom Hughes
c203edda20 Merge remote-tracking branch 'upstream/pull/2083' 2018-12-12 18:33:23 +00:00
Andy Allan
ca596106f5 Refactor users_controller to use CanCanCan for authorisation 2018-12-12 16:17:24 +01:00
Andy Allan
981e4a34b5 Use only token capabilities when a token is provided 
The Authenticate#allow? method (from oauth-plugin) sets current_user as a side
effect of checking the token. But this allows a valid token to access
all actions that are available to that user, beyond the capabilities for
that token.
 2018-12-12 16:16:23 +01:00
Tom Hughes
cbc4c5352d Only check IP addresses for anonymous note comments 2018-12-05 12:54:55 +00:00
Andy Allan
a3a10237f7 Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
Tom Hughes
a790c47923 Merge remote-tracking branch 'upstream/pull/2072' 2018-11-28 18:24:04 +00:00
Paul Dexter-Sobkowiak
74d2c4336b Split browse_helper.rb into two modules due to rubocop ModuleLength 2018-11-28 18:18:14 +00:00