cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openstreetmap-website/app/models
History
Andy Allan 71b21ec473 Rework capabilities to avoid assumptions about missing tokens 
The logic about missing tokens implying logged in users (and that
all logged in users have access to any method protected by a token
capability) is correct. However, I believe it is both confusing and
brittle, and leaves a security-related door ajar for future foot-gun
incidents.

Instead, apply Abilities as normal, and keep the Capabilities
involvement only for situations where a token is provided. This
reduces the cognitive burden when considering Abilities in isolation.
2018-10-24 12:07:00 +02:00
..
ability.rb Rework capabilities to avoid assumptions about missing tokens 2018-10-24 12:07:00 +02:00
access_token.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
acl.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
capability.rb Rework capabilities to avoid assumptions about missing tokens 2018-10-24 12:07:00 +02:00
changeset.rb Fix Style/SafeNavigation rubocop warnings 2018-09-22 17:21:06 +01:00
changeset_comment.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
changeset_tag.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
client_application.rb Fix Style/SafeNavigation rubocop warnings 2018-09-22 17:21:06 +01:00
diary_comment.rb Exclude hidden diary entries and comments from spam scoring 2018-02-26 22:35:06 +00:00
diary_entry.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
diary_entry_subscription.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
friend.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
issue.rb Assign vandalism reports for users to moderators 2018-06-17 11:14:19 +01:00
issue_comment.rb Remove cascading deletes, add another foreign key, and switch index around. 2018-03-14 16:15:39 +08:00
language.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
message.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
node.rb Fix new rubocop warnings 2018-09-22 17:12:29 +01:00
node_tag.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
note.rb Hide note comments made by deleted users 2018-09-04 22:22:39 +01:00
note_comment.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
notifier.rb Merge remote-tracking branch 'upstream/pull/2014' 2018-10-03 18:59:33 +01:00
oauth2_token.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
oauth2_verifier.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
oauth_nonce.rb Fix new rubocop warnings 2018-09-22 17:12:29 +01:00
oauth_token.rb Fix new rubocop warnings 2018-03-26 19:00:03 +01:00
old_node.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
old_node_tag.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
old_relation.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
old_relation_member.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
old_relation_tag.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
old_way.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
old_way_node.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
old_way_tag.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
redaction.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
relation.rb Fix any_relations always being false 2018-09-22 17:46:00 +01:00
relation_member.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
relation_tag.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
report.rb Remove cascading deletes, add another foreign key, and switch index around. 2018-03-14 16:15:39 +08:00
request_token.rb Fix new rubocop warnings 2018-09-22 17:12:29 +01:00
trace.rb Fix Style/NumericPredicate rubocop warnings 2018-09-22 17:34:58 +01:00
tracepoint.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
tracetag.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
user.rb Update to rails 5.2.0 2018-06-19 00:16:24 +01:00
user_block.rb Fix new rubocop warnings 2018-03-26 19:00:03 +01:00
user_preference.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
user_role.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
user_token.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
way.rb Fix Style/NumericPredicate rubocop warnings 2018-09-22 17:34:58 +01:00
way_node.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00
way_tag.rb Add annotate gem and associated rake task. Annotate models. 2017-10-22 22:18:26 +01:00