can [:account, :go_public], User
if user.moderator?
- can [:hide, :hidecomment], DiaryEntry
+ can [:hide, :unhide, :hidecomment, :unhidecomment], DiaryEntry
can [:index, :show, :resolve, :ignore, :reopen], Issue
can :create, IssueComment
can [:new, :create, :edit, :update, :destroy], Redaction
});
if (Cookies.get("_osm_welcome") !== "hide") {
- $(".welcome").addClass("visible");
+ $(".welcome").removeAttr("hidden");
}
$(".welcome .btn-close").on("click", function () {
- $(".welcome").removeClass("visible");
+ $(".welcome").hide();
Cookies.set("_osm_welcome", "hide", { secure: true, expires: expiry, path: "/", samesite: "lax" });
});
}
$("#embed_html").val(
- "<iframe width=\"425\" height=\"350\" frameborder=\"0\" scrolling=\"no\" marginheight=\"0\" marginwidth=\"0\" src=\"" +
+ "<iframe width=\"425\" height=\"350\" src=\"" +
escapeHTML(OSM.SERVER_PROTOCOL + "://" + OSM.SERVER_URL + "/export/embed.html?" + $.param(params)) +
"\" style=\"border: 1px solid black\"></iframe><br/>" +
"<small><a href=\"" + escapeHTML(map.getUrl(marker)) + "\">" +
display: inline-block;
}
- .overlay-sidebar #sidebar .welcome.visible {
+ .overlay-sidebar #sidebar .welcome {
display: none;
}
> div {
position: relative;
- float: left;
- clear: both;
- width: 100%;
}
}
}
.welcome {
- display: none;
-
- &.visible {
- display: block;
- }
+ display: block;
}
#sidebar_content {
if @user
@title = t ".user_title", :user => @user.display_name
- @entries = @user.diary_entries
+ entries = @user.diary_entries
else
render_unknown_user params[:display_name]
return
elsif params[:friends]
if current_user
@title = t ".title_friends"
- @entries = DiaryEntry.where(:user_id => current_user.friends)
+ entries = DiaryEntry.where(:user_id => current_user.friends)
else
require_user
return
elsif params[:nearby]
if current_user
@title = t ".title_nearby"
- @entries = DiaryEntry.where(:user_id => current_user.nearby)
+ entries = DiaryEntry.where(:user_id => current_user.nearby)
else
require_user
return
end
else
- @entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] })
+ entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] })
if params[:language]
@title = t ".in_language_title", :language => Language.find(params[:language]).english_name
- @entries = @entries.where(:language_code => params[:language])
+ entries = entries.where(:language_code => params[:language])
else
@title = t ".title"
end
end
+ entries = entries.visible unless can? :unhide, DiaryEntry
+
@params = params.permit(:display_name, :friends, :nearby, :language)
- @page = (params[:page] || 1).to_i
- @page_size = 20
+ @entries = if params[:before]
+ entries.where("diary_entries.id < ?", params[:before]).order(:id => :desc)
+ elsif params[:after]
+ entries.where("diary_entries.id > ?", params[:after]).order(:id => :asc)
+ else
+ entries.order(:id => :desc)
+ end
- @entries = @entries.visible unless can? :unhide, DiaryEntry
- @entries = @entries.order("created_at DESC")
- @entries = @entries.offset((@page - 1) * @page_size)
- @entries = @entries.limit(@page_size)
+ @entries = @entries.limit(20)
@entries = @entries.includes(:user, :language)
+ @entries = @entries.sort.reverse
+
+ @newer_entries = @entries.count.positive? && entries.exists?(["diary_entries.id > ?", @entries.first.id])
+ @older_entries = @entries.count.positive? && entries.exists?(["diary_entries.id < ?", @entries.last.id])
end
def show
- @entry = @user.diary_entries.visible.where(:id => params[:id]).first
+ entries = @user.diary_entries
+ entries = entries.visible unless can? :unhide, DiaryEntry
+ @entry = entries.where(:id => params[:id]).first
if @entry
@title = t ".title", :user => params[:display_name], :title => @entry.title
@comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments
validate :allowed_scopes
+ def authorized_scopes_for(user)
+ authorized_tokens.where(:resource_owner_id => user).sum(Doorkeeper::OAuth::Scopes.new, &:scopes)
+ end
+
private
def allowed_scopes
-<div class="d-flex w-100">
+<div class="d-flex">
<h2 class="flex-grow-1 text-break"><%= title %></h2>
<div>
<button type="button" class="btn-close" aria-label="<%= t("javascripts.close") %>"></button>
<nav>
<ul class="pagination">
- <% if @entries.size >= @page_size -%>
+ <% if @older_entries -%>
<li class="page-item">
- <%= link_to t(".older_entries"), @params.merge(:page => @page + 1), :class => "page-link" %>
+ <%= link_to t(".older_entries"), @params.merge(:before => @entries.last.id), :class => "page-link" %>
</li>
<% else -%>
<li class="page-item disabled">
</li>
<% end -%>
- <% if @page > 1 -%>
+ <% if @newer_entries -%>
<li class="page-item">
- <%= link_to t(".newer_entries"), @params.merge(:page => @page - 1), :class => "page-link" %>
+ <%= link_to t(".newer_entries"), @params.merge(:after => @entries.first.id), :class => "page-link" %>
</li>
<% else -%>
<li class="page-item disabled">
</div>
<% unless current_user %>
- <div class="welcome p-3">
+ <div class="welcome p-3" hidden>
<%= render "sidebar_header", :title => t("layouts.intro_header") %>
<div>
<p><%= t "layouts.intro_text" %></p>
</td>
<td class="align-middle">
<ul class="list-unstyled mb-0">
- <% application.scopes.each do |scope| -%>
+ <% application.authorized_scopes_for(current_user).each do |scope| -%>
<li><%= t "oauth.scopes.#{scope}" %></li>
<% end -%>
</ul>
</div>
</div>
<div class='row'>
- <div class="w-100 px-5 py-4 bg-dark">
+ <div class="px-5 py-4 bg-dark">
<h1 class="text-white fw-light"><%= t ".used_by_html", :name => tag.span("OpenStreetMap", :class => "user-name") %></h1>
</div>
</div>
get diary_entries_path
assert_response :success
assert_select "div.diary_post", :count => 20
+ assert_select "li.page-item a.page-link", :text => "Older Entries", :count => 1
+ assert_select "li.page-item.disabled span.page-link", :text => "Newer Entries", :count => 1
# Try and get the second page
- get diary_entries_path(:page => 2)
+ get css_select("li.page-item a.page-link").first["href"]
assert_response :success
assert_select "div.diary_post", :count => 20
+ assert_select "li.page-item a.page-link", :text => "Older Entries", :count => 1
+ assert_select "li.page-item a.page-link", :text => "Newer Entries", :count => 1
+
+ # Try and get the third page
+ get css_select("li.page-item a.page-link").first["href"]
+ assert_response :success
+ assert_select "div.diary_post", :count => 10
+ assert_select "li.page-item.disabled span.page-link", :text => "Older Entries", :count => 1
+ assert_select "li.page-item a.page-link", :text => "Newer Entries", :count => 1
+
+ # Go back to the second page
+ get css_select("li.page-item a.page-link").last["href"]
+ assert_response :success
+ assert_select "div.diary_post", :count => 20
+ assert_select "li.page-item a.page-link", :text => "Older Entries", :count => 1
+ assert_select "li.page-item a.page-link", :text => "Newer Entries", :count => 1
+
+ # Go back to the first page
+ get css_select("li.page-item a.page-link").last["href"]
+ assert_response :success
+ assert_select "div.diary_post", :count => 20
+ assert_select "li.page-item a.page-link", :text => "Older Entries", :count => 1
+ assert_select "li.page-item.disabled span.page-link", :text => "Newer Entries", :count => 1
end
def test_rss
assert_response :not_found
# Try an entry by a suspended user
- diary_entry_suspended = create(:diary_entry, :user => suspended_user)
- get diary_entry_path(:display_name => suspended_user.display_name, :id => diary_entry_suspended)
+ diary_entry_suspended_user = create(:diary_entry, :user => suspended_user)
+ get diary_entry_path(:display_name => suspended_user.display_name, :id => diary_entry_suspended_user)
assert_response :not_found
# Try an entry by a deleted user
- diary_entry_deleted = create(:diary_entry, :user => deleted_user)
- get diary_entry_path(:display_name => deleted_user.display_name, :id => diary_entry_deleted)
+ diary_entry_deleted_user = create(:diary_entry, :user => deleted_user)
+ get diary_entry_path(:display_name => deleted_user.display_name, :id => diary_entry_deleted_user)
assert_response :not_found
+
+ # Now try as a moderator
+ session_for(create(:moderator_user))
+ get diary_entry_path(:display_name => user.display_name, :id => diary_entry_deleted)
+ assert_response :success
+ assert_template :show
+
+ # Finally try as an administrator
+ session_for(create(:administrator_user))
+ get diary_entry_path(:display_name => user.display_name, :id => diary_entry_deleted)
+ assert_response :success
+ assert_template :show
end
def test_show_hidden_comments
session_for(create(:moderator_user))
post unhide_diary_entry_path(:display_name => user.display_name, :id => diary_entry)
assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_not DiaryEntry.find(diary_entry.id).visible
+ assert_redirected_to :action => :index, :display_name => user.display_name
+ assert DiaryEntry.find(diary_entry.id).visible
+
+ # Reset
+ diary_entry.reload.update(:visible => true)
# Finally try as an administrator
session_for(create(:administrator_user))
session_for(create(:moderator_user))
post unhide_diary_comment_path(:display_name => user.display_name, :id => diary_entry, :comment => diary_comment)
assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_not DiaryComment.find(diary_comment.id).visible
+ assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
+ assert DiaryComment.find(diary_comment.id).visible
+
+ # Reset
+ diary_comment.reload.update(:visible => true)
# Finally try as an administrator
session_for(create(:administrator_user))
assert_select "tbody tr", 2
end
+ def test_index_scopes
+ user = create(:user)
+ application1 = create(:oauth_application, :scopes => %w[read_prefs write_prefs write_diary read_gpx write_gpx])
+ create(:oauth_access_grant, :resource_owner_id => user.id, :application => application1, :scopes => %w[read_prefs write_prefs])
+ create(:oauth_access_token, :resource_owner_id => user.id, :application => application1, :scopes => %w[read_prefs write_prefs])
+ create(:oauth_access_grant, :resource_owner_id => user.id, :application => application1, :scopes => %w[read_prefs write_diary])
+ create(:oauth_access_token, :resource_owner_id => user.id, :application => application1, :scopes => %w[read_prefs write_diary])
+
+ get oauth_authorized_applications_path
+ assert_response :redirect
+ assert_redirected_to login_path(:referer => oauth_authorized_applications_path)
+
+ session_for(user)
+
+ get oauth_authorized_applications_path
+ assert_response :success
+ assert_template "oauth2_authorized_applications/index"
+ assert_select "tbody tr", 1
+ assert_select "tbody tr td ul" do
+ assert_select "li", :count => 3
+ assert_select "li", :text => "Read user preferences"
+ assert_select "li", :text => "Modify user preferences"
+ assert_select "li", :text => "Create diary entries, comments and make friends"
+ end
+ end
+
def test_destroy
user = create(:user)
application1 = create(:oauth_application)
projects / rails.git / commitdiff