]>
git.openstreetmap.org Git - rails.git/log
Tom Hughes [Wed, 12 Dec 2018 22:41:29 +0000 (22:41 +0000)]
Allow abilities that require no login for token based access
Fixes #2085
Tom Hughes [Wed, 12 Dec 2018 18:40:13 +0000 (18:40 +0000)]
Merge remote-tracking branch 'upstream/pull/2084'
Tom Hughes [Wed, 12 Dec 2018 18:33:23 +0000 (18:33 +0000)]
Merge remote-tracking branch 'upstream/pull/2083'
Andy Allan [Wed, 12 Dec 2018 15:01:54 +0000 (16:01 +0100)]
Refactor users_controller to use CanCanCan for authorisation
Andy Allan [Wed, 12 Dec 2018 12:58:38 +0000 (13:58 +0100)]
Use only token capabilities when a token is provided
The Authenticate#allow? method (from oauth-plugin) sets current_user as a side
effect of checking the token. But this allows a valid token to access
all actions that are available to that user, beyond the capabilities for
that token.
translatewiki.net [Mon, 10 Dec 2018 07:19:29 +0000 (08:19 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 5 Dec 2018 12:54:55 +0000 (12:54 +0000)]
Only check IP addresses for anonymous note comments
Tom Hughes [Wed, 5 Dec 2018 08:23:54 +0000 (08:23 +0000)]
Merge remote-tracking branch 'upstream/pull/2080'
Bryan Housel [Wed, 5 Dec 2018 07:04:18 +0000 (02:04 -0500)]
Update to iD v2.12.1
Tom Hughes [Tue, 4 Dec 2018 20:41:34 +0000 (20:41 +0000)]
Merge remote-tracking branch 'upstream/pull/2079'
Tom Hughes [Tue, 4 Dec 2018 20:41:06 +0000 (20:41 +0000)]
Update to rails 5.2.2
Bryan Housel [Tue, 4 Dec 2018 03:25:48 +0000 (22:25 -0500)]
Update to iD v2.12.0
translatewiki.net [Mon, 3 Dec 2018 06:50:33 +0000 (07:50 +0100)]
Localisation updates from https://translatewiki.net.
translatewiki.net [Thu, 29 Nov 2018 17:01:06 +0000 (18:01 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 28 Nov 2018 21:11:32 +0000 (21:11 +0000)]
Merge remote-tracking branch 'upstream/pull/2078'
Andy Allan [Wed, 28 Nov 2018 16:20:13 +0000 (17:20 +0100)]
Use CanCanCan for user_roles auth
Tom Hughes [Wed, 28 Nov 2018 18:24:04 +0000 (18:24 +0000)]
Merge remote-tracking branch 'upstream/pull/2072'
Paul Dexter-Sobkowiak [Tue, 27 Nov 2018 01:08:57 +0000 (01:08 +0000)]
Split browse_helper.rb into two modules due to rubocop ModuleLength
Tom Hughes [Wed, 28 Nov 2018 18:09:20 +0000 (18:09 +0000)]
Merge remote-tracking branch 'upstream/pull/2075'
Tom Hughes [Wed, 28 Nov 2018 18:09:17 +0000 (18:09 +0000)]
Merge remote-tracking branch 'upstream/pull/2074'
Andy Allan [Wed, 28 Nov 2018 16:21:12 +0000 (17:21 +0100)]
Remove user_roles integration test since it is not meaningful
This test has not been meaningful for a long while, since both check_success and check_fail contain exactly the same code.
Additionally, the test doesn't cover any integrations (beyond logging in), and so it is only covering the same ground as the controller test.
Andy Allan [Wed, 28 Nov 2018 14:46:37 +0000 (15:46 +0100)]
Remove the unused require_moderator filter
Use of this filter has been refactored to use CanCanCan
Andy Allan [Wed, 28 Nov 2018 14:33:43 +0000 (15:33 +0100)]
Use CanCanCan for notes authorization
Tom Hughes [Wed, 28 Nov 2018 11:54:00 +0000 (11:54 +0000)]
Merge remote-tracking branch 'upstream/pull/2073'
Andy Allan [Wed, 14 Nov 2018 14:45:30 +0000 (15:45 +0100)]
Use CanCanCan for changeset comments
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
Tom Hughes [Tue, 27 Nov 2018 23:10:24 +0000 (23:10 +0000)]
Update to rails 5.2.1.1
Paul Dexter-Sobkowiak [Mon, 26 Nov 2018 22:15:19 +0000 (22:15 +0000)]
Show tel: links for multiple phone numbers separated by ;
Closes #2069
translatewiki.net [Mon, 26 Nov 2018 07:03:14 +0000 (08:03 +0100)]
Localisation updates from https://translatewiki.net.
translatewiki.net [Thu, 22 Nov 2018 06:38:17 +0000 (07:38 +0100)]
Localisation updates from https://translatewiki.net.
Mikel Maron [Tue, 20 Nov 2018 18:46:22 +0000 (18:46 +0000)]
Add links to Welcome Mat on /welcome and /help
Closes #2056
Tom Hughes [Mon, 19 Nov 2018 18:02:46 +0000 (18:02 +0000)]
Update Potlatch 2 to
2.5-59-gdd728d5e build
Tom Hughes [Mon, 19 Nov 2018 17:34:47 +0000 (17:34 +0000)]
Allow connect_src to match all sites in Potlatch
It seems that Safari matches connections made from a flash application
against connect_src while Firefox uses object_src instead.
Fixes #2067
translatewiki.net [Mon, 19 Nov 2018 07:48:39 +0000 (08:48 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Sat, 17 Nov 2018 17:47:51 +0000 (17:47 +0000)]
Fix issues with renaming of diary entry controller
Tom Hughes [Thu, 15 Nov 2018 18:47:15 +0000 (18:47 +0000)]
Take security policy URLs from the configuration file
translatewiki.net [Thu, 15 Nov 2018 07:24:40 +0000 (08:24 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Thu, 15 Nov 2018 00:46:53 +0000 (00:46 +0000)]
Fix tests for rails 5.2.1 compatibility
Rails 5.2.1 has changed how the request body is handled
internally for a test which means we can no longer cheat
by stashing it in the request environment and must instead
pass it properly to the request method.
Tom Hughes [Wed, 14 Nov 2018 22:35:44 +0000 (22:35 +0000)]
Update to rails 5.2.1
Tom Hughes [Wed, 14 Nov 2018 13:13:56 +0000 (13:13 +0000)]
Merge remote-tracking branch 'upstream/pull/2060'
Andy Allan [Wed, 14 Nov 2018 10:35:30 +0000 (11:35 +0100)]
Remove custom deny_access handlers
Since these pages are not accessed by normal users, except for url fiddling, it's fine to respond with a generic access denied.
Tom Hughes [Wed, 14 Nov 2018 12:43:35 +0000 (12:43 +0000)]
Merge remote-tracking branch 'upstream/pull/2061'
Andy Allan [Wed, 14 Nov 2018 11:25:21 +0000 (12:25 +0100)]
Add a changeset to exercise that part of the contact rendering
Andy Allan [Wed, 14 Nov 2018 11:18:53 +0000 (12:18 +0100)]
Ensure that the blocked template rendering works
Andy Allan [Wed, 14 Nov 2018 11:09:46 +0000 (12:09 +0100)]
Check that a request that requires authentication is redirected when the user hasn't seen the terms
Tom Hughes [Wed, 14 Nov 2018 10:48:18 +0000 (10:48 +0000)]
Merge remote-tracking branch 'upstream/pull/2058'
Andy Allan [Wed, 7 Nov 2018 16:12:23 +0000 (17:12 +0100)]
Pluralize changesets controller
Tom Hughes [Tue, 13 Nov 2018 13:17:19 +0000 (13:17 +0000)]
Skip CSRF verification for changeset comment actions
Fixes #2057
translatewiki.net [Mon, 12 Nov 2018 07:48:53 +0000 (08:48 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Fri, 9 Nov 2018 16:07:35 +0000 (16:07 +0000)]
Update Potlatch 2 to
2.5-57-gaa163622 build
Tom Hughes [Fri, 9 Nov 2018 14:33:00 +0000 (14:33 +0000)]
Update Potlatch 2 to
2.5-56-g550aab49 build
Tom Hughes [Thu, 8 Nov 2018 19:09:56 +0000 (19:09 +0000)]
Attempt to send pretty 403 errors to web browsers
Tom Hughes [Thu, 8 Nov 2018 17:51:23 +0000 (17:51 +0000)]
Merge remote-tracking branch 'upstream/pull/2051'
Tom Hughes [Thu, 8 Nov 2018 17:44:57 +0000 (17:44 +0000)]
Merge remote-tracking branch 'upstream/pull/2052'
Tom Hughes [Thu, 8 Nov 2018 17:31:30 +0000 (17:31 +0000)]
Merge remote-tracking branch 'upstream/pull/2050'
translatewiki.net [Thu, 8 Nov 2018 09:08:59 +0000 (10:08 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 7 Nov 2018 15:55:38 +0000 (15:55 +0000)]
Merge remote-tracking branch 'upstream/pull/2053'
Andy Allan [Wed, 7 Nov 2018 15:48:48 +0000 (16:48 +0100)]
Remove unnecessary include from redaction model test
Andy Allan [Wed, 7 Nov 2018 15:42:11 +0000 (16:42 +0100)]
Remove unnecessary require statements from tests
Andy Allan [Wed, 7 Nov 2018 15:31:04 +0000 (16:31 +0100)]
Pluralize diary entries controller
Andy Allan [Wed, 7 Nov 2018 15:02:22 +0000 (16:02 +0100)]
Pluralize old_ controllers
Andy Allan [Wed, 7 Nov 2018 14:53:04 +0000 (15:53 +0100)]
Pluralize nodes, ways and relations controllers
Andy Allan [Wed, 7 Nov 2018 12:28:58 +0000 (13:28 +0100)]
Use CanCanCan for redaction authorizations
Andy Allan [Wed, 7 Nov 2018 12:07:08 +0000 (13:07 +0100)]
Migrate UserBlocksController to use CanCanCan
Andy Allan [Wed, 7 Nov 2018 10:25:12 +0000 (11:25 +0100)]
Reduce the max class length after splitting the changeset comments controller tests out
Andy Allan [Wed, 7 Nov 2018 10:07:29 +0000 (11:07 +0100)]
Use relative translations for changeset comments
Andy Allan [Wed, 7 Nov 2018 09:51:43 +0000 (10:51 +0100)]
Rename hide_comment and unhide_comment to destroy and restore
This preserves the API endpoints and HTTP methods, which could be changed in the next API version
Andy Allan [Wed, 7 Nov 2018 08:58:21 +0000 (09:58 +0100)]
Rename comments_feed to index
Andy Allan [Wed, 31 Oct 2018 19:01:01 +0000 (20:01 +0100)]
Rename comment to create
Andy Allan [Wed, 31 Oct 2018 18:56:26 +0000 (19:56 +0100)]
Split changeset comment handling into a changeset_comments controller
Tom Hughes [Wed, 7 Nov 2018 09:16:14 +0000 (09:16 +0000)]
Fix rubocop warning
Tom Hughes [Wed, 7 Nov 2018 09:03:01 +0000 (09:03 +0000)]
Merge remote-tracking branch 'upstream/pull/2049'
Dominik Moritz [Wed, 7 Nov 2018 05:04:16 +0000 (21:04 -0800)]
Update leaflet.locate.js
Tom Hughes [Wed, 7 Nov 2018 08:57:14 +0000 (08:57 +0000)]
Avoid ordering points from public and private traces
Closes #2046
Tom Hughes [Mon, 5 Nov 2018 21:22:48 +0000 (21:22 +0000)]
Merge remote-tracking branch 'upstream/pull/2044'
Tom Hughes [Mon, 5 Nov 2018 19:07:26 +0000 (19:07 +0000)]
Use character validate to exclude URL characters for trace tags
Tom Hughes [Mon, 5 Nov 2018 18:58:08 +0000 (18:58 +0000)]
Improve character validator error messages
Tom Hughes [Mon, 5 Nov 2018 18:54:19 +0000 (18:54 +0000)]
Merge character validators
Tom Hughes [Mon, 5 Nov 2018 18:29:17 +0000 (18:29 +0000)]
Merge leading and trailing whitespace validators
Tom Hughes [Mon, 5 Nov 2018 17:06:48 +0000 (17:06 +0000)]
Improve consistency of text validations
J Guthrie [Mon, 5 Nov 2018 15:41:35 +0000 (15:41 +0000)]
Added tests for validators
J Guthrie [Mon, 5 Nov 2018 15:40:37 +0000 (15:40 +0000)]
Changed User model to not allow nil display_name (w/ tests)
J Guthrie [Mon, 5 Nov 2018 01:55:25 +0000 (01:55 +0000)]
Converted invalid_chars validator to use locale
J Guthrie [Sun, 4 Nov 2018 18:52:45 +0000 (18:52 +0000)]
Fix rubocop errors
J Guthrie [Sun, 4 Nov 2018 18:28:27 +0000 (18:28 +0000)]
Create invalid_char validators and apply to models
J Guthrie [Sun, 4 Nov 2018 16:47:02 +0000 (16:47 +0000)]
Added more non-ascii chars to validation (matching list of chars in other models)
J Guthrie [Sun, 4 Nov 2018 16:40:01 +0000 (16:40 +0000)]
Fix rubucop errors
J Guthrie [Sun, 4 Nov 2018 16:22:41 +0000 (16:22 +0000)]
Make invalid char list more explicit (between ascii and non ascii chars)
J Guthrie [Sun, 4 Nov 2018 16:17:44 +0000 (16:17 +0000)]
Added trailing/leading whitespace errors to locale
J Guthrie [Sun, 4 Nov 2018 16:06:23 +0000 (16:06 +0000)]
Specifiy invalid chars in username error message
- Refactored list of invalid chars out to constant
Tom Hughes [Mon, 5 Nov 2018 09:24:51 +0000 (09:24 +0000)]
Allow note comments with no body
translatewiki.net [Mon, 5 Nov 2018 07:57:46 +0000 (08:57 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Sun, 4 Nov 2018 14:50:14 +0000 (14:50 +0000)]
Merge remote-tracking branch 'upstream/pull/2009'
Tom Hughes [Sun, 4 Nov 2018 14:49:27 +0000 (14:49 +0000)]
Merge remote-tracking branch 'upstream/pull/2042'
mmd-osm [Sat, 3 Nov 2018 17:32:02 +0000 (18:32 +0100)]
Limit notes sizes to 2000 characters
Tom Hughes [Sat, 3 Nov 2018 14:34:18 +0000 (14:34 +0000)]
Merge remote-tracking branch 'upstream/pull/2023'
Tom Hughes [Sat, 3 Nov 2018 12:28:00 +0000 (12:28 +0000)]
Move abilities to a sepatarate top level directory
Tom Hughes [Sat, 3 Nov 2018 11:58:56 +0000 (11:58 +0000)]
Merge remote-tracking branch 'upstream/pull/2038'
Tom Hughes [Sat, 3 Nov 2018 11:57:25 +0000 (11:57 +0000)]
Only use DelayedJob in production
In development just let the default async adaptor be used so
that people don't need to run a daemon.
J Guthrie [Fri, 2 Nov 2018 01:23:37 +0000 (01:23 +0000)]
On hover, change border to a subtle darker orange, increase strokeWidth
Tom Hughes [Thu, 1 Nov 2018 22:29:27 +0000 (22:29 +0000)]
Update to sassc 2.x