cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8942 commits 4 branches 1 tag 499 MiB
Commit graph

1776 commits

Author SHA1 Message Date
Tom Hughes
cbc4c5352d Only check IP addresses for anonymous note comments 2018-12-05 12:54:55 +00:00
Andy Allan
a3a10237f7 Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
Andy Allan
3fd083d9d4 Remove the unused require_moderator filter 
Use of this filter has been refactored to use CanCanCan
 2018-11-28 15:59:47 +01:00
Andy Allan
ea766ec57d Use CanCanCan for notes authorization 2018-11-28 15:59:47 +01:00
Andy Allan
8f70fb2114 Use CanCanCan for changeset comments 
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
 2018-11-28 12:35:45 +01:00
Tom Hughes
15c96081a6 Allow connect_src to match all sites in Potlatch 
It seems that Safari matches connections made from a flash application
against connect_src while Firefox uses object_src instead.

Fixes #2067
 2018-11-19 17:34:47 +00:00
Tom Hughes
dc6a5bc1a6 Take security policy URLs from the configuration file 2018-11-15 18:48:05 +00:00
Tom Hughes
75189bd17d Merge remote-tracking branch 'upstream/pull/2060' 2018-11-14 13:13:56 +00:00
Andy Allan
234afb3f42 Remove custom deny_access handlers 
Since these pages are not accessed by normal users, except for url fiddling, it's fine to respond with a generic access denied.
 2018-11-14 14:10:51 +01:00
Andy Allan
252b9ef08a Pluralize changesets controller 2018-11-14 10:34:28 +01:00
Tom Hughes
4deffa5e40 Skip CSRF verification for changeset comment actions 
Fixes #2057
 2018-11-13 13:17:19 +00:00
Tom Hughes
ccdec3ed4c Attempt to send pretty 403 errors to web browsers 2018-11-08 19:09:56 +00:00
Tom Hughes
6ca22de4f2 Merge remote-tracking branch 'upstream/pull/2051' 2018-11-08 17:51:23 +00:00
Tom Hughes
70d6880e10 Merge remote-tracking branch 'upstream/pull/2052' 2018-11-08 17:44:57 +00:00
Tom Hughes
10294f4849 Merge remote-tracking branch 'upstream/pull/2050' 2018-11-08 17:31:30 +00:00
Andy Allan
26777c4464 Pluralize diary entries controller 2018-11-07 16:31:04 +01:00
Andy Allan
e85c56d151 Pluralize old_ controllers 2018-11-07 16:05:56 +01:00
Andy Allan
05117aa928 Pluralize nodes, ways and relations controllers 2018-11-07 15:55:26 +01:00
Andy Allan
79207ee594 Use CanCanCan for redaction authorizations 2018-11-07 13:28:58 +01:00
Andy Allan
368ce0000d Migrate UserBlocksController to use CanCanCan 2018-11-07 13:07:08 +01:00
Andy Allan
04afeeb32f Rename hide_comment and unhide_comment to destroy and restore 
This preserves the API endpoints and HTTP methods, which could be changed in the next API version
 2018-11-07 10:51:43 +01:00
Andy Allan
4b0d56f7e1 Rename comments_feed to index 2018-11-07 10:22:07 +01:00
Andy Allan
b7e871cb46 Rename comment to create 2018-11-07 10:22:07 +01:00
Andy Allan
19c2b92fb7 Split changeset comment handling into a changeset_comments controller 2018-11-07 10:20:14 +01:00
Tom Hughes
cdb42d2a6c Avoid ordering points from public and private traces 
Closes #2046
 2018-11-07 08:57:14 +00:00
Tom Hughes
16bef0c8ec Merge remote-tracking branch 'upstream/pull/2023' 2018-11-03 14:34:18 +00:00
Andy Allan
b54362d458 Use deliver_later for all email sending 2018-10-31 16:38:12 +01:00
Andy Allan
f11221f05b Merge branch 'master' into cancancan 2018-10-31 11:16:47 +01:00
Tom Hughes
22af018298 Update translation keys for renaming of user to users 2018-10-29 12:48:20 +00:00
Andy Allan
0888f43d7b Check the oauth token and then use the capabilities directly 2018-10-24 16:48:54 +02:00
Andy Allan
a50ad1c895 Rework the default denied access handler to give different responses to tokens, logged in users and other users 2018-10-24 09:39:02 +02:00
Tom Hughes
aef5273e95 Tidy up notes#search 2018-10-11 18:32:31 +01:00
Tom Hughes
db13180c70 Use "user" as user id parameter for notes searches 2018-10-11 18:30:53 +01:00
Tom Hughes
57095bc6c0 Merge remote-tracking branch 'upstream/pull/1955' 2018-10-11 17:41:47 +01:00
Tom Hughes
45c464a69a Suppress changeset pagination for inactive users 
Fixes #2024
 2018-10-11 09:39:56 +01:00
ENT8R
caef5828f4
Fix Rubocop issue 2018-10-11 08:36:13 +02:00
ENT8R
b19e424112
Fix some issues and improve code 2018-10-10 19:29:11 +02:00
Andy Allan
b7baa2c10a Remove temporary development code 2018-10-10 16:54:16 +02:00
Andy Allan
dfb9e40820 Move issues and reports to authorization system 2018-10-10 16:34:44 +02:00
Andy Allan
901c29a820 Fix typo in method name 2018-10-10 11:55:00 +02:00
Andy Allan
fb2c1f6cfd Refactor site#welcome to use abilities instead of require_user 2018-10-10 11:49:45 +02:00
Andy Allan
f8f7ab1568 Change abilities based on upstream renamings 2018-10-10 11:41:16 +02:00
Andy Allan
420a7289a0 Merge branch 'authz' of https://github.com/rubyforgood/openstreetmap-website into rubyforgood-authz 2018-10-10 11:26:30 +02:00
ENT8R
0859748815
Fix Rubocop issue 2018-10-09 14:50:55 +02:00
ENT8R
3cdf4f3686
Fix an issue where the query did not work if a display name or an id was specified 2018-10-09 14:37:55 +02:00
ENT8R
083500f056 Merge branch 'master' into notes-search 2018-10-09 11:41:22 +02:00
Tom Hughes
b8a8a88004 Merge remote-tracking branch 'upstream/pull/2014' 2018-10-03 18:59:33 +01:00
Andy Allan
3ec67ea2d3 Rename user_controller to users_controller 2018-10-03 15:31:10 +02:00
Andy Allan
5e407dfb34
Merge branch 'master' into messages 2018-10-03 14:04:12 +02:00
Tom Hughes
de29e9b3f5 Fix Style/NumericPredicate rubocop warnings 2018-09-22 17:34:58 +01:00