openstreetmap-website

Author	SHA1	Message	Date
Andy Allan	5405dde6ec	Use resourceful destroy method for messages	2018-09-05 10:38:36 +08:00
Tom Hughes	6027c42ee7	Hide note comments made by deleted users Fixes #1970	2018-09-04 22:22:39 +01:00
Ilya Zverev	67925e6d98	Do not display two coordinates on 'where am I' click Closes #1968	2018-09-03 17:46:26 +01:00
Tom Hughes	a1b179fa38	Merge remote-tracking branch 'upstream/pull/1964'	2018-08-30 18:26:05 +01:00
Andy Allan	d0089f0ce8	Rename traces#list to traces#index	2018-08-29 17:58:37 +08:00
Andy Allan	16fef14b61	Rename traces#view to traces#show	2018-08-29 17:43:38 +08:00
Andy Allan	b745126b6e	Split out updating a trace into an update action	2018-08-29 17:31:12 +08:00
Tom Hughes	720da8b78c	Avoid multiple returns	2018-08-29 08:53:23 +01:00
Tom Hughes	05514ced0c	Merge remote-tracking branch 'upstream/pull/1962'	2018-08-29 08:46:44 +01:00
Tom Hughes	80a6e8da05	Tidy up control flow in trace creation	2018-08-29 08:34:38 +01:00
Andy Allan	942e62117f	Merge pull request #1938 from jguthrie100/fix_no_trace_description_error Fixes "new trace" validation error	2018-08-29 14:49:26 +08:00
Andy Allan	f38e03f0ed	Refactor message creation to use a create action This makes it more conventional, rather than handling posts to the new action. The posting of the form was also reworked to use a hidden field for the displayname, rather than in the url, again for convention.	2018-08-29 14:18:20 +08:00
Tom Hughes	08f0621d6f	Tidy whitespace	2018-08-28 17:56:34 +01:00
Ilya Zverev	a46ecae757	Reverse coordinates order only when called with two nondescript numbers	2018-08-28 15:16:26 +03:00
ENT8R	e8cb7ac8f1	Add some more tests, better error handling for dates	2018-08-27 16:44:46 +02:00
Ilya Zverev	d9d51fce9b	Add parsing coordinates in lon, lat format	2018-08-27 14:06:17 +03:00
ENT8R	98402908b0	Improve code style, fix tests	2018-08-26 16:04:09 +02:00
ENT8R	85324058f4	Enhanced the notes search endpoint with a few features	2018-08-25 23:00:11 +02:00
Tom Hughes	91194cf354	Set the locale when adding a comment to an issue	2018-08-01 21:35:51 +01:00
Tom Hughes	5fa0aebe9f	Use dynamic error pages built through the asset pipeline Fixes #1241	2018-08-01 19:13:04 +01:00
Tom Hughes	640ea955fe	Remove script sources which are no longer needed by iD	2018-07-26 17:44:16 +01:00
J Guthrie	07480996d7	Refactored and added new test	2018-07-26 16:27:28 +01:00
J Guthrie	a04b19a9ae	Return after rendering - stops further processing in controller	2018-07-25 02:30:59 +01:00
J Guthrie	4ae7bb4178	Switched if to unless to satisfy rubycop	2018-07-25 02:04:04 +01:00
J Guthrie	c299bd42ef	No trace description now redirects to /new	2018-07-25 01:49:51 +01:00
Frederik Ramm	b9f9d9df88	allow moderators to read hidden notes through API	2018-07-22 15:42:14 +02:00
Frederik Ramm	1aa0e35a7a	do not allow anonymous users to comment on notes	2018-07-17 12:41:49 +02:00
Tom Hughes	b4106383d9	Add /api/0.6/users to fetch multiple users Fixes #1921	2018-07-09 22:26:55 +01:00
Tom Hughes	f7a35c5895	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
Chris Flipse	25256a4849	Make rubocop happy	2018-06-17 20:40:48 -04:00
Chris Flipse	91fc65a2e3	separate ability and capability These are asking fundamentally different questions; Abilities are asking the application if the user has a role that allows the user to take a certain action Capabilities are asking if the user has granted the application to perform a certain type of action CanCanCan makes no distinction, however, so the `granted_capabilities` method is provided as a point that can be checked in rescue methods, so that one can _attempt_ to continue to provide the more informative error messages around permission refusals	2018-06-17 13:57:32 -04:00
Chris Flipse	060c686c19	Use cancancan to authorize user_preference_controller	2018-06-17 13:57:06 -04:00
Chris Flipse	5232914427	Implement the cancan filters for diary entries Access logic is not _entirely_ exported from the controller, unfortunately. For interface reasons, some actions which require admin have to be listed within the controller's deny_access method. This is required because, being a default-deny system, cancancan _cannot_ tell you the reason you were denied access; and so the "nice" feedback presenting next steps can't be gleaned from the exception	2018-06-17 13:57:06 -04:00
Chris Flipse	6b44a1976c	use a controller method to handle cancan denials This will let controllers override for specific circumstances	2018-06-17 13:57:06 -04:00
Chris Flipse	6da3ece683	use token in ability checks	2018-06-17 13:56:23 -04:00
Chris Flipse	b16aa11f65	fix tests for site controller	2018-06-17 13:56:23 -04:00
Chris Flipse	2ab3d56102	don't check authorization everywhere	2018-06-17 13:56:23 -04:00
Andy Allan	ffa65d4d72	Add cancancan and the first ability definitions for site_controller	2018-06-17 13:56:23 -04:00
Tom Hughes	727ee97a3f	Allow inline javascript and CSS in better_errors pages	2018-06-17 11:33:51 +01:00
Tom Hughes	e5604ce98e	Assign vandalism reports for users to moderators	2018-06-17 11:14:19 +01:00
Tom Hughes	6c225bd01c	Only include issues visible to the current user in the count	2018-06-17 01:01:24 +01:00
Tom Hughes	5ea1ba8d84	Set the locale for issue and report views	2018-06-16 12:14:58 +01:00
Tom Hughes	d3700e6201	Merge branch 'master' into next	2018-06-10 17:02:12 +01:00
Tom Hughes	2aca6920dc	Use lazy lookups for translations in issues	2018-06-10 16:59:58 +01:00
Tom Hughes	5effa0a6d6	Avoid losing filter settings when an invalid user is entered	2018-06-10 15:42:35 +01:00
Tom Hughes	e8942437c0	Use select_tag for issue filter fields instead of abusing select	2018-06-10 15:32:27 +01:00
Tom Hughes	ba9a00b10c	Merge remote-tracking branch 'upstream/pull/1892'	2018-06-06 14:51:30 +01:00
Tom Hughes	4df0fe72e2	Merge remote-tracking branch 'upstream/pull/1893'	2018-06-06 14:33:36 +01:00
Tom Hughes	3da3b93f80	Merge remote-tracking branch 'upstream/pull/1894'	2018-06-06 14:30:27 +01:00
Tom Hughes	a516d13d33	Allow iD to access ESRI imagery metadata	2018-06-06 14:25:52 +01:00

... 6 7 8 9 10 ...

2067 commits