openstreetmap-website

History

Andy Allan 71b21ec473 Rework capabilities to avoid assumptions about missing tokens The logic about missing tokens implying logged in users (and that all logged in users have access to any method protected by a token capability) is correct. However, I believe it is both confusing and brittle, and leaves a security-related door ajar for future foot-gun incidents. Instead, apply Abilities as normal, and keep the Capabilities involvement only for situations where a token is provided. This reduces the cognitive burden when considering Abilities in isolation.		2018-10-24 12:07:00 +02:00
..
abilities_test.rb	Rework capabilities to avoid assumptions about missing tokens	2018-10-24 12:07:00 +02:00
acl_test.rb	Update for rubocop 0.54.0	2018-05-17 19:39:25 +01:00
capability_test.rb	Rework capabilities to avoid assumptions about missing tokens	2018-10-24 12:07:00 +02:00
changeset_comment_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
changeset_tag_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
changeset_test.rb	Resolve 96 Rubocop Lint/AmbiguousRegexpLiteral conflicts	2018-09-10 11:28:16 +08:00
client_application_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
diary_comment_test.rb	Refactor diary entry tests to use User factory	2017-02-19 16:43:32 +00:00
diary_entry_test.rb	Refactor diary entry tests to use User factory	2017-02-19 16:43:32 +00:00
friend_test.rb	Remove the api_fixtures helper	2017-06-01 10:59:48 +01:00
issue_comment_test.rb	Made rubocop happy by formatting and minor syntax tweaks.	2016-08-22 17:24:10 +01:00
issue_test.rb	Assign vandalism reports for users to moderators	2018-06-17 11:14:19 +01:00
language_test.rb	Fix rubocop warnings	2017-10-05 19:18:38 +01:00
message_test.rb	Resolve 96 Rubocop Lint/AmbiguousRegexpLiteral conflicts	2018-09-10 11:28:16 +08:00
node_tag_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
node_test.rb	Resolve 96 Rubocop Lint/AmbiguousRegexpLiteral conflicts	2018-09-10 11:28:16 +08:00
note_comment_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
note_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
oauth_nonce_test.rb	Remove the api_fixtures helper	2017-06-01 10:59:48 +01:00
oauth_token_test.rb	Use user factory for oauth_token model test.	2017-03-09 11:04:29 +00:00
old_node_tag_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
old_node_test.rb	Resolve 96 Rubocop Lint/AmbiguousRegexpLiteral conflicts	2018-09-10 11:28:16 +08:00
old_relation_tag_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
old_relation_test.rb	Remove the api_fixtures helper	2017-06-01 10:59:48 +01:00
old_way_tag_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
old_way_test.rb	Remove the api_fixtures helper	2017-06-01 10:59:48 +01:00
redaction_test.rb	Remove arguments from assert_nothing_raised	2017-06-02 16:33:34 +01:00
relation_member_test.rb	Remove the api_fixtures helper	2017-06-01 10:59:48 +01:00
relation_tag_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
relation_test.rb	Fix any_relations always being false	2018-09-22 17:46:00 +01:00
report_test.rb	Merge branch 'master' into next	2018-06-10 17:02:12 +01:00
request_token_test.rb	Remove the api_fixtures helper	2017-06-01 10:59:48 +01:00
trace_test.rb	Use user factory for trace model tests.	2017-03-09 10:53:11 +00:00
tracepoint_test.rb	Resolve 96 Rubocop Lint/AmbiguousRegexpLiteral conflicts	2018-09-10 11:28:16 +08:00
tracetag_test.rb	Replace trace-related fixtures with factories.	2016-10-29 16:23:04 +02:00
user_preference_test.rb	Use user factory for user_preference model tests.	2017-03-09 10:57:57 +00:00
user_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
user_token_test.rb	Remove unused user_tokens fixture and pointless test.	2017-01-25 16:43:04 +00:00
way_node_test.rb	Remove the api_fixtures helper	2017-06-01 10:59:48 +01:00
way_tag_test.rb	Fix new rubocop warnings	2018-06-18 09:00:49 +01:00
way_test.rb	Resolve 96 Rubocop Lint/AmbiguousRegexpLiteral conflicts	2018-09-10 11:28:16 +08:00