cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13169 commits 4 branches 1 tag 499 MiB
Commit graph

136 commits

Author SHA1 Message Date
Tom Hughes
f08fb4f30f Prevent API tokens without write_notes creating attributed comments 
Fixes #4362
 2023-11-22 12:30:39 +00:00
Anton Khorev
f23993a4df Remove 'need to return bbox' comment on conditions_bbox 2023-11-21 13:55:35 +03:00
Tom Hughes
ba503e02d2 Enforce rate limit for API calls which make changes 2023-11-02 08:59:57 +00:00
Andy Allan
1700c23dd1 Prefer find_by() instead of where().first 
These are very similar, differing only if we would expect multiple
results and the sorting is important. However, in all our cases
we're only expecting one result to be returned, and so find_by is
easier to read.
 2023-10-04 17:53:58 +01:00
Tom Hughes
85b17a1f2a Merge remote-tracking branch 'upstream/pull/4240' 2023-09-14 17:42:04 +01:00
Anton Khorev
9c9edb6054 Remove authorize_web call from traces api controller 2023-09-09 19:40:28 +03:00
Anton Khorev
71654e563e Add show user block api endpoint 2023-09-09 15:53:22 +03:00
Tom Hughes
be3baea4de Merge remote-tracking branch 'upstream/pull/4222' 2023-09-03 18:54:18 +01:00
Anton Khorev
11df872c3e Add bbox parameter to notes search api 2023-09-03 11:26:05 +03:00
Anton Khorev
0ef4a299bb Check required bbox parameter presence outside of BoundingBox class 2023-09-03 09:47:27 +03:00
Tom Hughes
704781ad0b Add some additional preloads to notes#feed 2023-09-02 11:44:59 +01:00
Tom Hughes
f32b4bc044 Move changeset comment rate limit check to a predicate method 2023-08-30 18:36:33 +01:00
Andy Allan
f5db9cbb20 Avoid using _id in queries 
This makes the queries shorter and easier to read.
 2023-08-30 17:08:16 +01:00
Andy Allan
a1657f03a8
Merge pull request #4202 from tomhughes/changeset-comment-limit 
Add rate limiting for changeset comments
 2023-08-30 11:12:40 +01:00
Tom Hughes
c7a31ebc5d Restore ordering of results from the users#index API call 2023-08-26 17:41:22 +01:00
ENT8R
be96aa7cb4 Sort users by their ids 2023-08-26 10:14:40 +02:00
ENT8R
b9c85c2697 Use where instead of find to prevent 404 2023-08-26 00:31:18 +02:00
Tom Hughes
a274726f46 Add rate limiting for changeset comments 
Fixes #4196
 2023-08-25 19:53:04 +01:00
Anton Khorev
0bd5838f51 Respond with plaintext when user not found in changeset query 
The response used to be of type xml with empty body, which is not valid xml.
 2023-08-19 20:26:13 +03:00
Anton Khorev
bc9f081841 Move note query limit values to settings 2023-08-19 05:06:00 +03:00
Tom Hughes
c58f4e4813 Make the versions call default to XML 2023-08-18 19:26:53 +01:00
Anton Khorev
5016defff0 Add 'from' and 'to' changeset query parameters 2023-08-15 19:29:06 +03:00
Anton Khorev
86f254380b Revert misleading comment about time restriction 
Was added in afe8dd51ec (diff-22d3daaccac3ac960d6dbb47e9c6a9d15b0b4cffbbf9ad32d525600f562827f1R420)
 2023-08-15 19:29:06 +03:00
Anton Khorev
7bca06a3d3 Disallow changesets query with both time and order=oldest 2023-08-15 19:29:06 +03:00
Anton Khorev
b350c78bc8 Sort changesets by creation time 2023-08-15 19:29:06 +03:00
Tom Hughes
702c071e19 Sort changesets by close time to match selection 
This ensures that the sort can be optimised using the index
when selecting by time.
 2023-08-13 19:09:54 +01:00
Tom Hughes
f059045848 Make the capabilities call default to XML 2023-08-13 12:48:02 +01:00
Anton Khorev
0abab48f5d Add order parameter to changeset query api entry point 2023-08-12 03:57:48 +03:00
Anton Khorev
a5d14a1815 Move changeset query limit values to settings 2023-08-08 03:33:04 +03:00
Anton Khorev
e286ce515c Add limit parameter to api changesets query 2023-02-14 20:56:29 +03:00
Andy Allan
067b0de439
Merge pull request #3676 from harry-wood/notes-disappear-time 
Display how long until a note will disappear
 2022-11-23 15:44:26 +00:00
Andy Allan
22946d703a Enable the ActionOrder cop for remaining controllers 
Where actions were reordered, the rails standard actions were
also moved to the top of each controller.
 2022-11-02 11:06:00 +00:00
Tom Hughes
3d0b94abda Merge remote-tracking branch 'upstream/pull/3768' 2022-10-25 19:28:10 +01:00
Tom Hughes
460ed0c844 Fix new rubocop warnings 2022-10-25 19:19:57 +01:00
Anton Khorev
225b260640 Pass min/max lat/lon to notes index rss builder 2022-10-25 13:52:28 +03:00
Anton Khorev
0c8b9eabf3 Pass min/max lat/lon to notes rss feed builder 2022-10-25 13:35:18 +03:00
Robbendebiene
ed1112bcef Allow setting HTTP ACCEPT header for notes API 
Previously the notes API return type could only be specified by appending the file extension like .json or .rss
 2022-09-23 11:40:19 +02:00
Harry Wood
e057e1c479 Define a DEFAULT_FRESHLY_CLOSED_LIMIT constant 
Define DEFAULT_FRESHLY_CLOSED_LIMIT in the Note model to allow the 7 day limit to be referenced in the API controller and in the new `freshy_closed_until` logic. The default value is `7.days`. API users can still override this, but the website uses that default for the duration of the green "freshly closed" notes markers.
 2022-09-14 23:59:41 +01:00
Tom Hughes
1a4faa4507 There is no need to do setup_user_auth and authorize for the same action 2022-07-08 16:38:51 +01:00
Tom Hughes
7f619c6484 Check API status before authorizing access 
Fixes #3530
 2022-04-11 20:47:52 +01:00
mmd-osm
4ec85171fd JSON output added to changeset(s) endpoints 2022-03-14 15:52:49 +01:00
mmd-osm
c9e836a6cb JSON output added to permissions endpoint 2022-03-08 20:21:35 +01:00
Tom Hughes
cbcc7dc49f Fix some rubocop Naming/PredicateName warnings 2022-03-03 22:47:55 +00:00
Tom Hughes
b5f06e06c1 Fix rubocop Rails/TimeZone warnings 2022-03-01 22:55:10 +00:00
Tom Hughes
0410596908 Switch traces to use ActiveStorage 2021-12-16 18:45:31 +00:00
Andy Allan
3aa8292d6d Drop the trace_use_job_queue option 
This has been set as true by default, and in production, for many
years. I don't think there's much use in keeping the setting around
any longer.
 2021-11-24 15:23:27 +00:00
Andy Allan
95e5178bfb Refactor tracepoint index to use an xml builder view 
This avoids constructing xml by hand in both the controller and
the model, and opens the way for other rendering in future.

The complexity of deciding which point goes where, along with revisiting
previous tracks and tracksegs means that I've broken it down into
two parts - sorting the points into the right trksegs is done first,
before rendering them all as xml. I couldn't find a way to allow
revisiting using the builder.
 2021-09-29 15:14:53 +01:00
Andy Allan
76f1d7bc78 Use a builder to render changeset downloads 2021-09-15 16:33:04 +01:00
Tom Hughes
cc461b126d Correct policing of access to private user details 2021-08-24 17:49:08 +01:00
Andy Allan
37b03e47c6 Fix various code comments 
These were found as part of #3233
 2021-07-21 11:24:23 +01:00