cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11776 commits 4 branches 1 tag 499 MiB
Commit graph

6047 commits

Author SHA1 Message Date
J Guthrie
c299bd42ef No trace description now redirects to /new 2018-07-25 01:49:51 +01:00
Frederik Ramm
b9f9d9df88 allow moderators to read hidden notes through API 2018-07-22 15:42:14 +02:00
Tom Hughes
28b48cf583 Add issues link to "More" menu for intermediate sized screens 
Fixes #1928
 2018-07-18 18:59:52 +01:00
Frederik Ramm
1aa0e35a7a do not allow anonymous users to comment on notes 2018-07-17 12:41:49 +02:00
Tom Hughes
b4106383d9 Add /api/0.6/users to fetch multiple users 
Fixes #1921
 2018-07-09 22:26:55 +01:00
Tom Hughes
f70edc02f0 Return the "large" image from the user details API call 
Closes #1923
 2018-07-09 20:26:37 +01:00
Tom Hughes
73637b285d Remove expired banners 2018-06-22 12:05:45 +01:00
Francesco Frassinelli
99856a7717 Add SotM 2018 banner 
Closes #1905
 2018-06-22 12:05:45 +01:00
Tom Hughes
98de681e47 Update to rails 5.2.0 2018-06-19 00:16:24 +01:00
Tom Hughes
f7a35c5895 Fix new rubocop warnings 2018-06-18 09:00:49 +01:00
Chris Flipse
25256a4849 Make rubocop happy 2018-06-17 20:40:48 -04:00
Chris Flipse
91fc65a2e3 separate ability and capability 
These are asking fundamentally different questions;

Abilities are asking the application if the user has a role that allows
the user to take a certain action
Capabilities are asking if the user has granted the application to
perform a certain type of action

CanCanCan makes no distinction, however, so the `granted_capabilities`
method is provided as a point that can be checked in rescue methods, so
that one can _attempt_ to continue to provide the more informative error
messages around permission refusals
 2018-06-17 13:57:32 -04:00
Benjamin Reynolds
4d20a2c96a Authorize actions on GeocoderController with CanCanCan Ability 2018-06-17 13:57:06 -04:00
Chris Flipse
464c7f863e Update capabilities check to actually reflect the existing logic 
The OAuth capabilities are essentially user permissions that have been
granted to the app.  If the user authenticates through a non-oauth
method, they are assumed to have granted all capabilities to the app
 2018-06-17 13:57:06 -04:00
Chris Flipse
060c686c19 Use cancancan to authorize user_preference_controller 2018-06-17 13:57:06 -04:00
Chris Flipse
5232914427 Implement the cancan filters for diary entries 
Access logic is not _entirely_ exported from the controller,
unfortunately.  For interface reasons, some actions which require admin
have to be listed within the controller's deny_access method.

This is required because, being a default-deny system, cancancan
_cannot_ tell you the reason you were denied access; and so
the "nice" feedback presenting next steps can't be gleaned from
the exception
 2018-06-17 13:57:06 -04:00
Chris Flipse
6b44a1976c use a controller method to handle cancan denials 
This will let controllers override for specific circumstances
 2018-06-17 13:57:06 -04:00
Chris Flipse
6da3ece683 use token in ability checks 2018-06-17 13:56:23 -04:00
Chris Flipse
b16aa11f65 fix tests for site controller 2018-06-17 13:56:23 -04:00
Chris Flipse
2ab3d56102 don't check authorization everywhere 2018-06-17 13:56:23 -04:00
Andy Allan
ffa65d4d72 Add cancancan and the first ability definitions for site_controller 2018-06-17 13:56:23 -04:00
Tom Hughes
727ee97a3f Allow inline javascript and CSS in better_errors pages 2018-06-17 11:33:51 +01:00
Tom Hughes
e5604ce98e Assign vandalism reports for users to moderators 2018-06-17 11:14:19 +01:00
Tom Hughes
6c225bd01c Only include issues visible to the current user in the count 2018-06-17 01:01:24 +01:00
Tom Hughes
0071025400 Avoid using "other" as a translation key 2018-06-16 16:21:07 +01:00
Tom Hughes
1392e63272 Show count of open issues in the header 2018-06-16 12:40:15 +01:00
Tom Hughes
5ea1ba8d84 Set the locale for issue and report views 2018-06-16 12:14:58 +01:00
Tom Hughes
27679356af Default to only showing open issues 2018-06-10 19:11:25 +01:00
Tom Hughes
5e2c567b7f Make report type a required field 2018-06-10 17:16:33 +01:00
Tom Hughes
f7d0a60fc1 Make reportable item titles translatable 2018-06-10 17:05:21 +01:00
Tom Hughes
d3700e6201 Merge branch 'master' into next 2018-06-10 17:02:12 +01:00
Tom Hughes
2aca6920dc Use lazy lookups for translations in issues 2018-06-10 16:59:58 +01:00
Tom Hughes
5effa0a6d6 Avoid losing filter settings when an invalid user is entered 2018-06-10 15:42:35 +01:00
Tom Hughes
e8942437c0 Use select_tag for issue filter fields instead of abusing select 2018-06-10 15:32:27 +01:00
Tom Hughes
f227804093 Add some extra indexes on issues 2018-06-10 15:25:53 +01:00
Tom Hughes
ba9a00b10c Merge remote-tracking branch 'upstream/pull/1892' 2018-06-06 14:51:30 +01:00
Tom Hughes
beec16232d Update style for change of name for message controller 2018-06-06 14:45:19 +01:00
Tom Hughes
4df0fe72e2 Merge remote-tracking branch 'upstream/pull/1893' 2018-06-06 14:33:36 +01:00
Tom Hughes
3da3b93f80 Merge remote-tracking branch 'upstream/pull/1894' 2018-06-06 14:30:27 +01:00
Tom Hughes
a516d13d33 Allow iD to access ESRI imagery metadata 2018-06-06 14:25:52 +01:00
Andy Allan
e276bea2ff Prefer the helper in controllers 
This avoids future gotchas with conversion to lazy lookups.
 2018-06-06 13:34:34 +08:00
Andy Allan
25c2feaec9 Fix lazy i18n lookups for browse error pages 
`I18n.t` doesn't support lazy lookups, whereas the equivalent
rails `t` helper does. The code can also be simplified to avoid the
lookup table.

Fixes 1877
 2018-06-06 13:25:40 +08:00
Andy Allan
3e5a953e8f Fix missing message translation strings 2018-06-06 11:53:05 +08:00
Andy Allan
88ff81b694 Refactor messages show action to be resourceful 2018-06-06 11:51:52 +08:00
Andy Allan
9b36021ec5 Refactor inbox and outbox paths to avoid display names in urls. 2018-06-06 11:33:33 +08:00
Andy Allan
57d3b3af55 Refactor trace creation pages 
Split the trace creation into new and create methods, with standard resourceful routing. Provide a redirect for external requests to the old url.
 2018-06-06 10:22:42 +08:00
Tom Hughes
4a6779abf7 Avoid using inline javascript to update message list 2018-05-30 15:30:23 +01:00
David Abián
ed1f441ef3 Concept URIs for Wikidata entities 
Wikidata entities should be linked using concept URIs, which are
permanent. This is the right way of linking web resources according
to the Linked Data principles.

Closes #1884
 2018-05-28 13:02:47 +01:00
J Guthrie
30756f72ca Change language immediately after updating settings 
Closes #1883
 2018-05-27 15:12:34 +01:00
Benoît
e1f37fcc84 Improve HOT layer attribution 
The style is by HOT and the server is provided by OpenStreetMap France.

Closes #1882
 2018-05-25 10:22:56 +01:00