Merge branch 'master' into cancancan

diff --combined app/controllers/application_controller.rb
index 20fcc5f4739ff1bbb42054feec5c7042fa5fa28d,17658231f110c6684a11ece3284a7c9a9edd914a..1df6dd7d14cf41e1fad3ac04eb4512fe231eec13
--- 1/app/controllers/application_controller.rb
--- 2/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@@ -3,8 -3,6 +3,8 @@@ class ApplicationController < ActionCon
  
    protect_from_forgery :with => :exception
  
 +  rescue_from CanCan::AccessDenied, :with => :deny_access
 +
    before_action :fetch_body
    around_action :better_errors_allow_inline, :if => proc { Rails.env.development? }
  
@@@ -24,7 -22,7 +24,7 @@@
        # don't allow access to any auth-requiring part of the site unless
        # the new CTs have been seen (and accept/decline chosen).
        elsif !current_user.terms_seen && flash[:skip_terms].nil?
-         flash[:notice] = t "user.terms.you need to accept or decline"
+         flash[:notice] = t "users.terms.you need to accept or decline"
          if params[:referer]
            redirect_to :controller => "users", :action => "terms", :referer => params[:referer]
          else
@@@ -468,29 -466,6 +468,29 @@@
      raise
    end
  
 +  def current_ability
 +    # Add in capabilities from the oauth token if it exists and is a valid access token
 +    if Authenticator.new(self, [:token]).allow?
 +      Ability.new(current_user).merge(Capability.new(current_token))
 +    else
 +      Ability.new(current_user)
 +    end
 +  end
 +
 +  def deny_access(_exception)
 +    if current_token
 +      set_locale
 +      report_error t("oauth.permissions.missing"), :forbidden
 +    elsif current_user
 +      set_locale
 +      report_error t("application.permission_denied"), :forbidden
 +    elsif request.get?
 +      redirect_to :controller => "users", :action => "login", :referer => request.fullpath
 +    else
 +      head :forbidden
 +    end
 +  end
 +
    private
  
    # extract authorisation credentials from headers, returns user = nil if none

diff --combined config/locales/en.yml
index 6942c1720e58b996f330da83785719a5e951ddd4,f6d396f761ffc6d3a490bf1c399413a61bdef261..7b13a894bc860b3e09cddf1deee13f26e34b8a5a
--- 1/config/locales/en.yml
--- 2/config/locales/en.yml
+++ b/config/locales/en.yml
@@@ -1347,6 -1347,11 +1347,11 @@@ en
            <a href="https://creativecommons.org/licenses/by/3.0/at/deed.de">CC BY</a>),
            <a href="https://www.vorarlberg.at/vorarlberg/bauen_wohnen/bauen/vermessung_geoinformation/weitereinformationen/services/wmsdienste.htm">Land Vorarlberg</a> and
            Land Tirol (under <a href="https://www.tirol.gv.at/applikationen/e-government/data/nutzungsbedingungen/">CC BY AT with amendments</a>).
+         contributors_au_html: |
+           <strong>Australia</strong>: Contains data sourced from
+           <a href="https://www.psma.com.au/psma-data-copyright-and-disclaimer">PSMA Australia Limited</a>
+           licensed by the Commonwealth of Australia under
+           <a href="https://creativecommons.org/licenses/by/4.0/">CC BY 4.0</a>.
          contributors_ca_html: |
            <strong>Canada</strong>: Contains data from
            GeoBase&reg;, GeoGratis (&copy; Department of Natural
@@@ -1793,7 -1798,6 +1798,7 @@@
          other: "GPX file with %{count} points from %{user}"
        description_without_count: "GPX file from %{user}"
    application:
 +    permission_denied: You do not have permission to access that action
      require_cookies:
        cookies_needed: "You appear to have cookies disabled - please enable cookies in your browser before continuing."
      require_admin: