cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8935 commits 4 branches 1 tag 499 MiB
Commit graph

407 commits

Author SHA1 Message Date
Andy Allan
ca596106f5 Refactor users_controller to use CanCanCan for authorisation 2018-12-12 16:17:24 +01:00
Andy Allan
981e4a34b5 Use only token capabilities when a token is provided 
The Authenticate#allow? method (from oauth-plugin) sets current_user as a side
effect of checking the token. But this allows a valid token to access
all actions that are available to that user, beyond the capabilities for
that token.
 2018-12-12 16:16:23 +01:00
Andy Allan
a3a10237f7 Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
Tom Hughes
6f2f9221ef Fix tests for rails 5.2.1 compatibility 
Rails 5.2.1 has changed how the request body is handled
internally for a test which means we can no longer cheat
by stashing it in the request environment and must instead
pass it properly to the request method.
 2018-11-15 00:46:53 +00:00
Tom Hughes
75189bd17d Merge remote-tracking branch 'upstream/pull/2060' 2018-11-14 13:13:56 +00:00
Andy Allan
234afb3f42 Remove custom deny_access handlers 
Since these pages are not accessed by normal users, except for url fiddling, it's fine to respond with a generic access denied.
 2018-11-14 14:10:51 +01:00
Tom Hughes
dd302f4f2c Merge remote-tracking branch 'upstream/pull/2061' 2018-11-14 12:43:35 +00:00
Andy Allan
c89b88c8d0 Add a changeset to exercise that part of the contact rendering 2018-11-14 12:25:21 +01:00
Andy Allan
0d55c40ca8 Ensure that the blocked template rendering works 2018-11-14 12:19:23 +01:00
Andy Allan
d7f41756f9 Check that a request that requires authentication is redirected when the user hasn't seen the terms 2018-11-14 12:19:23 +01:00
Andy Allan
252b9ef08a Pluralize changesets controller 2018-11-14 10:34:28 +01:00
Tom Hughes
ccdec3ed4c Attempt to send pretty 403 errors to web browsers 2018-11-08 19:09:56 +00:00
Tom Hughes
6ca22de4f2 Merge remote-tracking branch 'upstream/pull/2051' 2018-11-08 17:51:23 +00:00
Tom Hughes
70d6880e10 Merge remote-tracking branch 'upstream/pull/2052' 2018-11-08 17:44:57 +00:00
Tom Hughes
10294f4849 Merge remote-tracking branch 'upstream/pull/2050' 2018-11-08 17:31:30 +00:00
Andy Allan
efa37f6a83 Remove unnecessary require statements from tests 2018-11-07 16:42:11 +01:00
Andy Allan
26777c4464 Pluralize diary entries controller 2018-11-07 16:31:04 +01:00
Andy Allan
e85c56d151 Pluralize old_ controllers 2018-11-07 16:05:56 +01:00
Andy Allan
05117aa928 Pluralize nodes, ways and relations controllers 2018-11-07 15:55:26 +01:00
Andy Allan
79207ee594 Use CanCanCan for redaction authorizations 2018-11-07 13:28:58 +01:00
Andy Allan
368ce0000d Migrate UserBlocksController to use CanCanCan 2018-11-07 13:07:08 +01:00
Andy Allan
04afeeb32f Rename hide_comment and unhide_comment to destroy and restore 
This preserves the API endpoints and HTTP methods, which could be changed in the next API version
 2018-11-07 10:51:43 +01:00
Andy Allan
4b0d56f7e1 Rename comments_feed to index 2018-11-07 10:22:07 +01:00
Andy Allan
b7e871cb46 Rename comment to create 2018-11-07 10:22:07 +01:00
Andy Allan
19c2b92fb7 Split changeset comment handling into a changeset_comments controller 2018-11-07 10:20:14 +01:00
Tom Hughes
391fb933f5 Merge remote-tracking branch 'upstream/pull/2038' 2018-11-03 11:58:56 +00:00
Tom Hughes
6142980d07 Fix new rubocop warnings 2018-10-31 19:14:39 +00:00
Andy Allan
b54362d458 Use deliver_later for all email sending 2018-10-31 16:38:12 +01:00
Tom Hughes
a5124ed409 Update translation keys for renaming of user to users 
Fixes #2031
 2018-10-22 11:00:03 +01:00
Tom Hughes
db13180c70 Use "user" as user id parameter for notes searches 2018-10-11 18:30:53 +01:00
ENT8R
083500f056 Merge branch 'master' into notes-search 2018-10-09 11:41:22 +02:00
Tom Hughes
b8a8a88004 Merge remote-tracking branch 'upstream/pull/2014' 2018-10-03 18:59:33 +01:00
Andy Allan
3ec67ea2d3 Rename user_controller to users_controller 2018-10-03 15:31:10 +02:00
Andy Allan
5e407dfb34
Merge branch 'master' into messages 2018-10-03 14:04:12 +02:00
Tom Hughes
de29e9b3f5 Fix Style/NumericPredicate rubocop warnings 2018-09-22 17:34:58 +01:00
Tom Hughes
b4d90ec7f4 Test that friends are shown correctly on the user profile 
Fixes #1992
 2018-09-12 18:03:12 +01:00
Tom Hughes
297b0a0e16 Merge remote-tracking branch 'upstream/pull/1987' 2018-09-10 19:09:31 +01:00
Tom Hughes
276599d34f Merge remote-tracking branch 'upstream/pull/1986' 2018-09-10 19:01:28 +01:00
Tom Hughes
0e0c89b95c Merge remote-tracking branch 'upstream/pull/1985' 2018-09-10 18:58:27 +01:00
Tom Hughes
995a5f89c2 Merge remote-tracking branch 'upstream/pull/1984' 2018-09-10 18:53:13 +01:00
Wil
1d2a3841ab Resolve 34 Rubocop Lint/AmbiguousOperator conflicts 2018-09-10 11:43:50 +08:00
Wil
a182820139 Resolve 96 Rubocop Lint/AmbiguousRegexpLiteral conflicts 2018-09-10 11:28:16 +08:00
Andy Allan
100babbe6c Just pass the object, rather than the id, to _path methods where possible 2018-09-10 11:09:30 +08:00
Andy Allan
4dd4831c0a Just pass the user object, rather than the display_name, to the user_path helper 2018-09-10 10:54:29 +08:00
Andy Allan
3f2ba044e5 Rename diary_entry#list to #index 2018-09-10 10:26:28 +08:00
Andy Allan
a3606e00b4 Rename user#list to user#index 2018-09-10 10:03:34 +08:00
Andy Allan
a8ecb1bf4b Use full url escaping when required in trace tests 2018-09-10 09:37:52 +08:00
Tom Hughes
5a2d2f97ce Update changeset browse view for renaming of changeset#list to changeset#index 2018-09-09 12:36:34 +01:00
Tom Hughes
bc4e65394f Improve tests for trace RSS feeds 2018-09-09 11:50:05 +01:00
Tom Hughes
983e21db2e Merge remote-tracking branch 'upstream/pull/1974' 2018-09-05 19:06:16 +01:00