cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11494 commits 4 branches 1 tag 499 MiB
Commit graph

1618 commits

Author SHA1 Message Date
Andy Allan
5f59845575 Move the api trace methods into a separate controller under the api namespace 2019-02-28 17:12:28 +01:00
Andy Allan
d7dd618d8f Fix test file name 2019-02-28 17:12:28 +01:00
Andy Allan
46bc4650d2 Move the amf and swf controllers into the api namespace 2019-02-28 17:12:28 +01:00
Andy Allan
b4dbf6233c Move the notes api methods into a controller in the api namespace 2019-02-28 17:12:28 +01:00
Andy Allan
4b4c5aac2f Move the user api methods into a separate controller in the api namespace 2019-02-28 17:12:28 +01:00
Andy Allan
b38343e5bd Move node/way/relation/old_* controllers into the api namespace 2019-02-28 17:12:28 +01:00
Tom Hughes
d2ff1491b4 Avoid CSP issues with OpenID login 
To avoid Chrom getting upset about sending form data to sites
that our policy doesn't allow, even when it isn't, use Javascript
to jump straight to Omniauth as the direct OpenID based login
buttons were already doing.

Fixes #1909
 2019-02-25 11:46:12 +00:00
Andy Allan
9186a6155c Move the user preferences controller into the api namespace 2019-02-24 12:47:26 +01:00
Andy Allan
2b81437fcd Move the search controller to the api namespace 2019-02-24 12:42:07 +01:00
Andy Allan
947a41edee Move the api methods from changeset_comments_controller into the api namespaced controller 2019-02-24 12:38:09 +01:00
Andy Allan
1778fa3d9c Move the api methods from changesets_controller into the api namespaced controller 2019-02-24 12:18:31 +01:00
Andy Allan
f4e2990526 Move map method to its own controller 2019-02-24 11:44:10 +01:00
Andy Allan
d887252eeb Move the changes api to its own controller 2019-02-24 11:00:28 +01:00
Andy Allan
8383fd0928 Move the permissions call out of api_controller 2019-02-24 11:00:28 +01:00
Andy Allan
b96391e456 Rename api controller test files 2019-02-24 11:00:28 +01:00
Andy Allan
317b8f9d45 Move the trackpoints call into its own controller (and rename to tracepoints) 2019-02-24 11:00:28 +01:00
Andy Allan
6a4092bc16 Move the capabilities call out of api_controller 2019-02-24 11:00:20 +01:00
Tom Hughes
f7694a94c1 Update tests for changes in FactoryBot 5.x 2019-02-07 20:21:40 +00:00
Tom Hughes
908324323e Merge remote-tracking branch 'upstream/pull/2136' 2019-02-06 18:30:41 +00:00
Andy Allan
d43315f738 Output both the local simplecov html and the coveralls report 
Fixes #2066
 2019-02-06 18:15:46 +01:00
Andy Allan
35a2d66e19 Remove require_terms_agreed configuration option 
This has been set to true for 6 years in production. Refs #2097

As per other user settings, we set the terms as seen by default for tests,
and we can override that when necessary for specific tests.
 2019-02-06 15:50:57 +01:00
Andy Allan
3795da4014 Remove the require_terms_seen configuration option 
This option has been set to 'true' for over six years in production.

Refs #2097
 2019-02-06 14:54:56 +01:00
Andy Allan
65e8bbd5f8 Remove unnecessary requires from tests 2019-02-06 11:44:34 +01:00
Tom Hughes
db1094c114 Clear notifications after trace import tests 2019-01-29 00:00:46 +00:00
Tom Hughes
3e7bc943fe Merge remote-tracking branch 'upstream/pull/2120' 2019-01-28 19:04:02 +00:00
Andy Allan
d02e4ad461 Write some basic functionality tests for trace.import 2019-01-23 16:47:54 +01:00
Andy Allan
3b96bbc809 Basic tests for the trace jobs 2019-01-23 14:47:49 +01:00
Andy Allan
8a2df0e0b5 More resourceful routing for nodes, ways, relations and changesets controllers 2019-01-16 13:10:11 +01:00
Tom Hughes
6fb660f0af Merge remote-tracking branch 'upstream/pull/2111' 2019-01-16 10:15:34 +00:00
Tom Hughes
df232ec96f Add noopener and noreferer to links in user generated content 2019-01-16 10:10:51 +00:00
Andy Allan
e59f1b6108 Sketch out how to use the jobs queue for trace insertion and deletion 
Refs #1852
 2019-01-16 10:49:11 +01:00
Tom Hughes
62637645bf Add basic tests for browse#new_note and browse#query 2019-01-09 21:12:33 +00:00
Andy Allan
c7a7d29813 Require terms agreement for abilities and capabilities related to api write methods 2019-01-02 17:40:43 +01:00
Andy Allan
ca596106f5 Refactor users_controller to use CanCanCan for authorisation 2018-12-12 16:17:24 +01:00
Andy Allan
981e4a34b5 Use only token capabilities when a token is provided 
The Authenticate#allow? method (from oauth-plugin) sets current_user as a side
effect of checking the token. But this allows a valid token to access
all actions that are available to that user, beyond the capabilities for
that token.
 2018-12-12 16:16:23 +01:00
Andy Allan
a3a10237f7 Use CanCanCan for user_roles auth 2018-11-28 21:39:26 +01:00
Tom Hughes
a790c47923 Merge remote-tracking branch 'upstream/pull/2072' 2018-11-28 18:24:04 +00:00
Paul Dexter-Sobkowiak
74d2c4336b Split browse_helper.rb into two modules due to rubocop ModuleLength 2018-11-28 18:18:14 +00:00
Tom Hughes
b99b192697 Merge remote-tracking branch 'upstream/pull/2075' 2018-11-28 18:09:20 +00:00
Andy Allan
ed8e15c8f0 Remove user_roles integration test since it is not meaningful 
This test has not been meaningful for a long while, since both check_success and check_fail contain exactly the same code.

Additionally, the test doesn't cover any integrations (beyond logging in), and so it is only covering the same ground as the controller test.
 2018-11-28 17:22:31 +01:00
Andy Allan
ea766ec57d Use CanCanCan for notes authorization 2018-11-28 15:59:47 +01:00
Andy Allan
8f70fb2114 Use CanCanCan for changeset comments 
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
 2018-11-28 12:35:45 +01:00
Paul Dexter-Sobkowiak
5ba64efd7c Show tel: links for multiple phone numbers separated by ; 
Closes #2069
 2018-11-27 00:06:28 +00:00
Tom Hughes
6f2f9221ef Fix tests for rails 5.2.1 compatibility 
Rails 5.2.1 has changed how the request body is handled
internally for a test which means we can no longer cheat
by stashing it in the request environment and must instead
pass it properly to the request method.
 2018-11-15 00:46:53 +00:00
Tom Hughes
75189bd17d Merge remote-tracking branch 'upstream/pull/2060' 2018-11-14 13:13:56 +00:00
Andy Allan
234afb3f42 Remove custom deny_access handlers 
Since these pages are not accessed by normal users, except for url fiddling, it's fine to respond with a generic access denied.
 2018-11-14 14:10:51 +01:00
Tom Hughes
dd302f4f2c Merge remote-tracking branch 'upstream/pull/2061' 2018-11-14 12:43:35 +00:00
Andy Allan
c89b88c8d0 Add a changeset to exercise that part of the contact rendering 2018-11-14 12:25:21 +01:00
Andy Allan
0d55c40ca8 Ensure that the blocked template rendering works 2018-11-14 12:19:23 +01:00
Andy Allan
d7f41756f9 Check that a request that requires authentication is redirected when the user hasn't seen the terms 2018-11-14 12:19:23 +01:00