]>
git.openstreetmap.org Git - rails.git/log
Chris Flipse [Mon, 18 Jun 2018 00:27:17 +0000 (20:27 -0400)]
Make rubocop happy
Chris Flipse [Sun, 17 Jun 2018 17:15:49 +0000 (13:15 -0400)]
separate ability and capability
These are asking fundamentally different questions;
Abilities are asking the application if the user has a role that allows
the user to take a certain action
Capabilities are asking if the user has granted the application to
perform a certain type of action
CanCanCan makes no distinction, however, so the `granted_capabilities`
method is provided as a point that can be checked in rescue methods, so
that one can _attempt_ to continue to provide the more informative error
messages around permission refusals
Benjamin Reynolds [Sun, 10 Jun 2018 16:09:32 +0000 (12:09 -0400)]
Authorize actions on GeocoderController with CanCanCan Ability
Chris Flipse [Sun, 10 Jun 2018 17:06:10 +0000 (13:06 -0400)]
Update capabilities check to actually reflect the existing logic
The OAuth capabilities are essentially user permissions that have been
granted to the app. If the user authenticates through a non-oauth
method, they are assumed to have granted all capabilities to the app
Chris Flipse [Sun, 10 Jun 2018 15:31:54 +0000 (11:31 -0400)]
fix and improve ability coverage to account for tokens
Chris Flipse [Sat, 9 Jun 2018 23:53:45 +0000 (19:53 -0400)]
Use cancancan to authorize user_preference_controller
Chris Flipse [Sat, 9 Jun 2018 23:53:17 +0000 (19:53 -0400)]
add test helper to set oauth tokens
Chris Flipse [Sat, 9 Jun 2018 20:35:17 +0000 (16:35 -0400)]
Implement the cancan filters for diary entries
Access logic is not _entirely_ exported from the controller,
unfortunately. For interface reasons, some actions which require admin
have to be listed within the controller's deny_access method.
This is required because, being a default-deny system, cancancan
_cannot_ tell you the reason you were denied access; and so
the "nice" feedback presenting next steps can't be gleaned from
the exception
Chris Flipse [Sat, 9 Jun 2018 20:20:21 +0000 (16:20 -0400)]
use a controller method to handle cancan denials
This will let controllers override for specific circumstances
Chris Flipse [Fri, 8 Jun 2018 20:58:49 +0000 (16:58 -0400)]
use token in ability checks
Chris Flipse [Fri, 8 Jun 2018 20:57:35 +0000 (16:57 -0400)]
fix tests for site controller
Chris Flipse [Fri, 8 Jun 2018 14:21:19 +0000 (10:21 -0400)]
don't check authorization everywhere
Andy Allan [Thu, 1 Mar 2018 02:24:35 +0000 (10:24 +0800)]
Add cancancan and the first ability definitions for site_controller
Tom Hughes [Sun, 17 Jun 2018 10:33:04 +0000 (11:33 +0100)]
Allow inline javascript and CSS in better_errors pages
Tom Hughes [Sun, 17 Jun 2018 10:14:19 +0000 (11:14 +0100)]
Assign vandalism reports for users to moderators
Tom Hughes [Sun, 17 Jun 2018 00:01:24 +0000 (01:01 +0100)]
Only include issues visible to the current user in the count
Tom Hughes [Sat, 16 Jun 2018 15:21:07 +0000 (16:21 +0100)]
Avoid using "other" as a translation key
Tom Hughes [Sat, 16 Jun 2018 11:52:23 +0000 (12:52 +0100)]
Fix typoed expansion variable in translation
Tom Hughes [Sat, 16 Jun 2018 11:40:15 +0000 (12:40 +0100)]
Show count of open issues in the header
Tom Hughes [Sat, 16 Jun 2018 11:14:58 +0000 (12:14 +0100)]
Set the locale for issue and report views
Tom Hughes [Sat, 16 Jun 2018 10:45:23 +0000 (11:45 +0100)]
Merge remote-tracking branch 'upstream/pull/1576'
Benjamin Reynolds [Thu, 14 Jun 2018 17:25:35 +0000 (18:25 +0100)]
Remove quad_tile library and extract to gem
Quad tile functions are now installed via a gem with native extension
automatically. This improves the run time of the test suite by ~30% for
users that didn't bother to build the C version of the functions.
Closes #1314
Closes #1899
Bryan Housel [Thu, 14 Jun 2018 12:45:39 +0000 (08:45 -0400)]
Update to iD v2.9.0
translatewiki.net [Thu, 14 Jun 2018 10:35:47 +0000 (12:35 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Sun, 10 Jun 2018 18:11:25 +0000 (19:11 +0100)]
Default to only showing open issues
Tom Hughes [Sun, 10 Jun 2018 18:03:33 +0000 (19:03 +0100)]
Improve system tests for issues
Tom Hughes [Sun, 10 Jun 2018 16:59:15 +0000 (17:59 +0100)]
Improve model tests for issues
Tom Hughes [Sun, 10 Jun 2018 16:48:47 +0000 (17:48 +0100)]
Improve controller tests for issues
Tom Hughes [Sun, 10 Jun 2018 16:16:33 +0000 (17:16 +0100)]
Make report type a required field
Tom Hughes [Sun, 10 Jun 2018 16:05:21 +0000 (17:05 +0100)]
Make reportable item titles translatable
Tom Hughes [Sun, 10 Jun 2018 16:02:12 +0000 (17:02 +0100)]
Merge branch 'master' into next
Tom Hughes [Sun, 10 Jun 2018 15:03:38 +0000 (16:03 +0100)]
Use lazy lookups for translations in issues
Tom Hughes [Sun, 10 Jun 2018 14:42:35 +0000 (15:42 +0100)]
Avoid losing filter settings when an invalid user is entered
Tom Hughes [Sun, 10 Jun 2018 14:32:27 +0000 (15:32 +0100)]
Use select_tag for issue filter fields instead of abusing select
Tom Hughes [Sun, 10 Jun 2018 14:13:23 +0000 (15:13 +0100)]
Add some extra indexes on issues
translatewiki.net [Thu, 7 Jun 2018 09:23:59 +0000 (11:23 +0200)]
Localisation updates from https://translatewiki.net.
translatewiki.net [Thu, 7 Jun 2018 06:19:03 +0000 (08:19 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 6 Jun 2018 13:51:30 +0000 (14:51 +0100)]
Merge remote-tracking branch 'upstream/pull/1892'
Tom Hughes [Wed, 6 Jun 2018 13:45:19 +0000 (14:45 +0100)]
Update style for change of name for message controller
Tom Hughes [Wed, 6 Jun 2018 13:33:36 +0000 (14:33 +0100)]
Merge remote-tracking branch 'upstream/pull/1893'
Tom Hughes [Wed, 6 Jun 2018 13:30:27 +0000 (14:30 +0100)]
Merge remote-tracking branch 'upstream/pull/1894'
Tom Hughes [Wed, 6 Jun 2018 13:28:30 +0000 (14:28 +0100)]
Merge remote-tracking branch 'upstream/pull/1895'
Tom Hughes [Wed, 6 Jun 2018 13:25:52 +0000 (14:25 +0100)]
Allow iD to access ESRI imagery metadata
Tom Hughes [Wed, 6 Jun 2018 13:17:49 +0000 (14:17 +0100)]
Update Potlatch 2 to
2.5-37-ga38498b2 build
Andy Allan [Wed, 6 Jun 2018 05:54:09 +0000 (13:54 +0800)]
Speed up tests by making fewer random changes
The old_node_controller#test_version in particular was slow, since
it saves a huge number of tags when adding a tag 30 times over. Since
the tests are random and not based on the number of iterations, this
reduces the iteration counts.
Andy Allan [Wed, 6 Jun 2018 05:34:34 +0000 (13:34 +0800)]
Prefer the helper in controllers
This avoids future gotchas with conversion to lazy lookups.
Andy Allan [Wed, 6 Jun 2018 05:24:01 +0000 (13:24 +0800)]
Fix lazy i18n lookups for browse error pages
`I18n.t` doesn't support lazy lookups, whereas the equivalent
rails `t` helper does. The code can also be simplified to avoid the
lookup table.
Fixes 1877
Andy Allan [Wed, 6 Jun 2018 03:53:05 +0000 (11:53 +0800)]
Fix missing message translation strings
Andy Allan [Wed, 6 Jun 2018 03:51:52 +0000 (11:51 +0800)]
Refactor messages show action to be resourceful
Andy Allan [Wed, 6 Jun 2018 03:27:27 +0000 (11:27 +0800)]
Refactor inbox and outbox paths to avoid display names in urls.
Andy Allan [Wed, 6 Jun 2018 02:22:42 +0000 (10:22 +0800)]
Refactor trace creation pages
Split the trace creation into new and create methods, with standard resourceful routing. Provide a redirect for external requests to the old url.
translatewiki.net [Mon, 4 Jun 2018 06:05:07 +0000 (08:05 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Fri, 1 Jun 2018 17:26:21 +0000 (18:26 +0100)]
Revert to using ubuntu/xenial64 with virtualbox
The generic/ubuntu1604 box doesn't support the vbox extensions.
Tom Hughes [Thu, 31 May 2018 23:41:29 +0000 (00:41 +0100)]
Only set QT_QPA_PLATFORM if phantomjs fails without it
Tom Hughes [Thu, 31 May 2018 21:47:49 +0000 (22:47 +0100)]
Update vagrant configuration
Use a common box for all platforms and fix up various
issues with the provisioning script.
Tom Hughes [Thu, 31 May 2018 21:46:45 +0000 (22:46 +0100)]
Set QT_QPA_PLATFORM to offscreen in the test environment
Works around an issue with the weird way the debian/ubuntu
version of phantomjs is built:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817277
https://github.com/ariya/phantomjs/issues/14376
Tom Hughes [Mon, 7 May 2018 14:21:50 +0000 (15:21 +0100)]
Quote translations to stop them looking like numbers
translatewiki.net [Thu, 31 May 2018 06:32:14 +0000 (08:32 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 30 May 2018 14:30:23 +0000 (15:30 +0100)]
Avoid using inline javascript to update message list
David Abián [Mon, 28 May 2018 10:29:29 +0000 (12:29 +0200)]
Concept URIs for Wikidata entities
Wikidata entities should be linked using concept URIs, which are
permanent. This is the right way of linking web resources according
to the Linked Data principles.
Closes #1884
Tom Hughes [Mon, 7 May 2018 14:21:50 +0000 (15:21 +0100)]
Quote translations to stop them looking like numbers
translatewiki.net [Mon, 28 May 2018 09:02:50 +0000 (11:02 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Sun, 27 May 2018 19:48:30 +0000 (20:48 +0100)]
Update for final linear-gradient syntax
Tom Hughes [Sun, 27 May 2018 19:33:54 +0000 (20:33 +0100)]
Remove include of Mixin.Events
The Events mixin has been replaced by inherting from Evented and
the Layer class already inherits from that.
Tom Hughes [Sun, 27 May 2018 14:51:47 +0000 (15:51 +0100)]
Update bundle
J Guthrie [Sun, 27 May 2018 14:12:34 +0000 (15:12 +0100)]
Change language immediately after updating settings
Closes #1883
Tom Hughes [Mon, 7 May 2018 14:21:50 +0000 (15:21 +0100)]
Quote translations to stop them looking like numbers
translatewiki.net [Fri, 25 May 2018 09:57:39 +0000 (11:57 +0200)]
Localisation updates from https://translatewiki.net.
Benoît [Fri, 25 May 2018 08:39:19 +0000 (10:39 +0200)]
Improve HOT layer attribution
The style is by HOT and the server is provided by OpenStreetMap France.
Closes #1882
Tom Hughes [Thu, 24 May 2018 18:06:31 +0000 (19:06 +0100)]
Merge remote-tracking branch 'upstream/pull/1880'
Edward Betts [Thu, 24 May 2018 11:49:12 +0000 (12:49 +0100)]
Wrap the permission label with a <label> tag
Gives the user a larger target to toggle a permission.
Andrew Harvey [Thu, 24 May 2018 09:45:05 +0000 (19:45 +1000)]
update New Zealand copyright based on current attribution instructions from LINZ
Andy Allan [Thu, 24 May 2018 03:39:22 +0000 (11:39 +0800)]
Merge pull request #1871 from hikemaniac/browse-icon-typo
Fix a browse icon typo
Tom Hughes [Wed, 23 May 2018 11:50:10 +0000 (12:50 +0100)]
Don't override non-existent policy
Tom Hughes [Wed, 23 May 2018 11:21:24 +0000 (12:21 +0100)]
Use an empty array for ruby 2.3 compatibility
Apparently `false.dup` throws in ruby 2.3 and not in 2.5...
Tom Hughes [Wed, 23 May 2018 11:09:21 +0000 (12:09 +0100)]
Completely remove form-action restrictions for OAuth callbacks
The CSP3 draft only allows a * rule match network schemes and
mobile devices often use callbacks to custom URL schemes.
Tom Hughes [Mon, 7 May 2018 14:21:50 +0000 (15:21 +0100)]
Quote translations to stop them looking like numbers
Tom Hughes [Tue, 22 May 2018 07:41:13 +0000 (08:41 +0100)]
Allow CSP to be put in enforcing mode
Tom Hughes [Tue, 22 May 2018 07:40:41 +0000 (08:40 +0100)]
Update swfobject to use uncompressed source
translatewiki.net [Mon, 21 May 2018 14:16:17 +0000 (16:16 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Sat, 19 May 2018 10:15:56 +0000 (11:15 +0100)]
Add missing dependencies
Tom Hughes [Fri, 18 May 2018 19:28:09 +0000 (20:28 +0100)]
Allow inline styles in iD
hikemaniac [Fri, 18 May 2018 11:59:59 +0000 (13:59 +0200)]
Rebase to current master
Merge openstreetmap/openstreetmap-website into hikemaniac/openstreetmap-website
Peter Karich [Thu, 17 May 2018 19:47:58 +0000 (20:47 +0100)]
Use XHR instead of jsonp for GraphHopper
Closes #1872
Tom Hughes [Thu, 17 May 2018 18:39:25 +0000 (19:39 +0100)]
Update for rubocop 0.54.0
Tom Hughes [Thu, 17 May 2018 18:25:58 +0000 (19:25 +0100)]
Update bundle
Tom Hughes [Thu, 17 May 2018 18:10:39 +0000 (19:10 +0100)]
Configure manifest-src and worker-src in security policy
Tom Hughes [Thu, 17 May 2018 18:10:23 +0000 (19:10 +0100)]
Preserve schemes in security policy
Tom Hughes [Thu, 17 May 2018 17:37:52 +0000 (18:37 +0100)]
Quote translations to stop them looking like numbers
Tom Hughes [Mon, 7 May 2018 14:21:50 +0000 (15:21 +0100)]
Quote translations to stop them looking like numbers
Tom Hughes [Thu, 17 May 2018 10:29:28 +0000 (11:29 +0100)]
Convert note view to use server side conditions
Fixes #1869
Tom Hughes [Thu, 17 May 2018 10:29:06 +0000 (11:29 +0100)]
Add piwik to allowed URIs in connect-src
translatewiki.net [Thu, 17 May 2018 06:36:19 +0000 (08:36 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 16 May 2018 19:40:55 +0000 (20:40 +0100)]
Remove unsafe-inline form default style policy
Tom Hughes [Wed, 16 May 2018 19:27:35 +0000 (20:27 +0100)]
Remove some inline styles
Tom Hughes [Wed, 16 May 2018 17:57:34 +0000 (18:57 +0100)]
Merge remote-tracking branch 'upstream/pull/1866'
Tom Hughes [Wed, 16 May 2018 10:36:46 +0000 (11:36 +0100)]
Allow iD to access wikidata
Tom Hughes [Wed, 16 May 2018 09:43:26 +0000 (10:43 +0100)]
Revert "Remove unused POST method for message replies"
This reverts commit
40cab845fbabb3f0aa8131c16e48cd3d58b6dcb3 .
Tom Hughes [Wed, 16 May 2018 07:48:38 +0000 (08:48 +0100)]
Allow iD to access wikipedia
Andy Allan [Wed, 16 May 2018 05:05:20 +0000 (13:05 +0800)]
Remove if_user and similar methods
Rather than hiding features based on CSS, just avoid including them
in the output. Fixes #1862