From: Tom Hughes Date: Sat, 3 Nov 2018 14:34:18 +0000 (+0000) Subject: Merge remote-tracking branch 'upstream/pull/2023' X-Git-Tag: live~3734 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/16bef0c8ecad24ac0ca93963196bc844adbb57de?ds=inline;hp=-c Merge remote-tracking branch 'upstream/pull/2023' --- 16bef0c8ecad24ac0ca93963196bc844adbb57de diff --combined Gemfile index d60f1ba94,b559027c2..05bfc6cbd --- a/Gemfile +++ b/Gemfile @@@ -45,8 -45,8 +45,9 @@@ gem "image_optim_rails # Load rails plugins gem "actionpack-page_caching" + gem "cancancan" gem "composite_primary_keys", "~> 11.0.0" +gem "delayed_job_active_record" gem "dynamic_form" gem "http_accept_language", "~> 2.0.0" gem "i18n-js", ">= 3.0.0" diff --combined Gemfile.lock index 5ddadc3e0,cd94df5e1..72f769929 --- a/Gemfile.lock +++ b/Gemfile.lock @@@ -21,7 -21,7 +21,7 @@@ GE rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionpack-page_caching (1.1.0) + actionpack-page_caching (1.1.1) actionpack (>= 4.0.0, < 6) actionview (5.2.0) activesupport (= 5.2.0) @@@ -66,6 -66,7 +66,7 @@@ bootsnap (1.3.2) msgpack (~> 1.0) builder (3.2.3) + cancancan (2.1.3) canonical-rails (0.2.4) rails (>= 4.1, < 5.3) capybara (2.18.0) @@@ -97,13 -98,8 +98,13 @@@ crack (0.4.3) safe_yaml (~> 1.0.0) crass (1.0.4) - dalli (2.7.8) + dalli (2.7.9) debug_inspector (0.0.3) + delayed_job (4.1.5) + activesupport (>= 3.0, < 5.3) + delayed_job_active_record (4.1.3) + activerecord (>= 3.0, < 5.3) + delayed_job (>= 3.0, < 5) docile (1.3.1) dynamic_form (1.1.4) erubi (1.7.1) @@@ -114,7 -110,7 +115,7 @@@ factory_bot_rails (4.11.1) factory_bot (~> 4.11.1) railties (>= 3.0.0) - faraday (0.12.2) + faraday (0.15.3) multipart-post (>= 1.2, < 3) ffi (1.9.25) fspath (3.1.0) @@@ -127,9 -123,9 +128,9 @@@ http_accept_language (2.0.5) i18n (0.9.5) concurrent-ruby (~> 1.0) - i18n-js (3.0.11) + i18n-js (3.1.0) i18n (>= 0.6.6, < 2) - image_optim (0.26.2) + image_optim (0.26.3) exifr (~> 1.2, >= 1.2.2) fspath (~> 3.0) image_size (>= 1.5, < 3) @@@ -165,14 -161,14 +166,14 @@@ rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) logstash-event (1.2.02) - logstasher (1.2.2) + logstasher (1.3.0) activesupport (>= 4.0) logstash-event (~> 1.2.0) request_store - loofah (2.2.2) + loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.0) + mail (2.7.1) mini_mime (>= 0.1.1) marcel (0.3.3) mimemagic (~> 0.3.2) @@@ -189,19 -185,19 +190,19 @@@ multi_xml (0.6.0) multipart-post (2.0.0) nio4r (2.3.1) - nokogiri (1.8.4) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) - nokogumbo (1.5.0) - nokogiri + nokogumbo (2.0.0) + nokogiri (~> 1.8, >= 1.8.4) oauth (0.4.7) oauth-plugin (0.5.1) multi_json oauth (~> 0.4.4) oauth2 (>= 0.5.0) rack - oauth2 (1.4.0) - faraday (>= 0.8, < 0.13) - jwt (~> 1.0) + oauth2 (1.4.1) + faraday (>= 0.8, < 0.16.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) @@@ -240,7 -236,7 +241,7 @@@ mimemagic (~> 0.3.0) terrapin (~> 0.6.0) parallel (1.12.1) - parser (2.5.1.2) + parser (2.5.3.0) ast (~> 2.4.0) pg (0.21.0) poltergeist (1.18.1) @@@ -248,8 -244,8 +249,8 @@@ cliver (~> 0.3.1) websocket-driver (>= 0.2.0) powerpack (0.1.2) - progress (3.4.0) - psych (3.0.2) + progress (3.5.0) + psych (3.0.3) public_suffix (3.0.3) puma (3.12.0) quad_tile (1.0.1) @@@ -305,31 -301,36 +306,31 @@@ request_store (1.4.1) rack (>= 1.4) rinku (2.0.4) - rotp (3.3.1) - rubocop (0.59.1) + rotp (4.0.2) + addressable (~> 2.5) + rubocop (0.60.0) jaro_winkler (~> 1.5.1) parallel (~> 1.10) parser (>= 2.5, != 2.5.1.1) powerpack (~> 0.1) rainbow (>= 2.2.2, < 4.0) ruby-progressbar (~> 1.7) - unicode-display_width (~> 1.0, >= 1.0.1) + unicode-display_width (~> 1.4.0) ruby-openid (2.7.0) ruby-progressbar (1.10.0) ruby_dep (1.5.0) safe_yaml (1.0.4) - sanitize (4.6.6) + sanitize (5.0.0) crass (~> 1.0.2) - nokogiri (>= 1.4.4) - nokogumbo (~> 1.4) - sass (3.6.0) - sass-listen (~> 4.0.0) - sass-listen (4.0.0) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - sassc (1.12.1) + nokogiri (>= 1.8.0) + nokogumbo (~> 2.0) + sassc (2.0.0) ffi (~> 1.9.6) - sass (>= 3.3.0) - sassc-rails (1.3.0) + rake + sassc-rails (2.0.0) railties (>= 4.0.0) - sass - sassc (~> 1.9) - sprockets (> 2.11) + sassc (>= 2.0) + sprockets (> 3.0) sprockets-rails tilt secure_headers (6.0.0) @@@ -355,7 -356,7 +356,7 @@@ thor (0.19.4) thread_safe (0.3.6) tilt (2.0.8) - tins (1.16.3) + tins (1.17.0) tzinfo (1.2.5) thread_safe (~> 0.1) uglifier (4.1.19) @@@ -363,7 -364,7 +364,7 @@@ unicode-display_width (1.4.0) validates_email_format_of (1.6.3) i18n - vendorer (0.1.16) + vendorer (0.2.0) webmock (3.4.2) addressable (>= 2.3.6) crack (>= 0.3.2) @@@ -371,7 -372,7 +372,7 @@@ websocket-driver (0.7.0) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.3) - xpath (3.1.0) + xpath (3.2.0) nokogiri (~> 1.8) PLATFORMS @@@ -387,13 -388,13 +388,14 @@@ DEPENDENCIE bigdecimal (~> 1.1.0) binding_of_caller bootsnap (>= 1.1.0) + cancancan canonical-rails capybara (~> 2.13) coffee-rails (~> 4.2) composite_primary_keys (~> 11.0.0) coveralls dalli + delayed_job_active_record dynamic_form factory_bot_rails faraday diff --combined app/controllers/diary_entry_controller.rb index 6a3ec6755,cff57920b..70cb1654d --- a/app/controllers/diary_entry_controller.rb +++ b/app/controllers/diary_entry_controller.rb @@@ -3,11 -3,12 +3,12 @@@ class DiaryEntryController < Applicatio before_action :authorize_web before_action :set_locale - before_action :require_user, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe] + + authorize_resource + before_action :lookup_user, :only => [:show, :comments] before_action :check_database_readable before_action :check_database_writable, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe] - before_action :require_administrator, :only => [:hide, :hidecomment] before_action :allow_thirdparty_images, :only => [:new, :edit, :index, :show, :comments] def new @@@ -65,7 -66,7 +66,7 @@@ # Notify current subscribers of the new comment @entry.subscribers.visible.each do |user| - Notifier.diary_comment_notification(@diary_comment, user).deliver_now if current_user != user + Notifier.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user end # Add the commenter to the subscribers if necessary @@@ -215,6 -216,22 +216,22 @@@ private + # This is required because, being a default-deny system, cancancan + # _cannot_ tell you the reason you were denied access; and so + # the "nice" feedback presenting next steps can't be gleaned from + # the exception + ## + # for the hide actions, require that the user is a administrator, or fill out + # a helpful error message and return them to the user page. + def deny_access(exception) + if current_user && exception.action.in?([:hide, :hidecomment]) + flash[:error] = t("users.filter.not_an_administrator") + redirect_to :action => "show" + else + super + end + end + ## # return permitted diary entry parameters def entry_params @@@ -229,16 -246,6 +246,6 @@@ params.require(:diary_comment).permit(:body) end - ## - # require that the user is a administrator, or fill out a helpful error message - # and return them to the user page. - def require_administrator - unless current_user.administrator? - flash[:error] = t("users.filter.not_an_administrator") - redirect_to :action => "show" - end - end - ## # decide on a location for the diary entry map def set_map_location