aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/brakeman.ignore63
-rw-r--r--config/brakeman.yml4
-rw-r--r--config/httpd.conf-example7
-rw-r--r--config/initializers/alaveteli.rb1
-rw-r--r--config/initializers/secure_headers.rb24
-rw-r--r--config/locales/rw.yml212
-rw-r--r--config/routes.rb174
7 files changed, 308 insertions, 177 deletions
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
new file mode 100644
index 000000000..391013a5a
--- /dev/null
+++ b/config/brakeman.ignore
@@ -0,0 +1,63 @@
+{
+ "ignored_warnings": [
+ {
+ "location": {
+ "type": "method",
+ "method": "list_all_csv",
+ "class": "PublicBodyController"
+ },
+ "file": "app/controllers/public_body_controller.rb",
+ "warning_code": 16,
+ "render_path": null,
+ "link": "http://brakemanscanner.org/docs/warning_types/file_access/",
+ "warning_type": "File Access",
+ "code": "File.open(Tempfile.new(\"all-authorities.csv\", File.join(InfoRequest.download_zip_dir, \"download\")).path, \"w\")",
+ "line": 211,
+ "confidence": "Weak",
+ "user_input": "InfoRequest.download_zip_dir",
+ "message": "Model attribute used in file name",
+ "fingerprint": "00ce9cdd1d2c3f220bae94cb854393b5072ee1da064ca7a3af693fe2867d51c8",
+ "note": "InfoRequest.download_zip_dir does not contain user input"
+ },
+ {
+ "location": {
+ "type": "method",
+ "method": "list_all_csv",
+ "class": "PublicBodyController"
+ },
+ "file": "app/controllers/public_body_controller.rb",
+ "warning_code": 16,
+ "render_path": null,
+ "link": "http://brakemanscanner.org/docs/warning_types/file_access/",
+ "warning_type": "File Access",
+ "code": "File.rename(Tempfile.new(\"all-authorities.csv\", File.join(InfoRequest.download_zip_dir, \"download\")).path, File.join(File.join(InfoRequest.download_zip_dir, \"download\"), \"all-authorities.csv\"))",
+ "line": 213,
+ "confidence": "Weak",
+ "user_input": "InfoRequest.download_zip_dir",
+ "message": "Model attribute used in file name",
+ "fingerprint": "6078628aa47451d597e211629d80dcea0fdc7600dc066cabf2c0a4b9e07a75cc",
+ "note": "InfoRequest.download_zip_dir does not contain user input"
+ },
+ {
+ "location": {
+ "type": "method",
+ "method": "list_all_csv",
+ "class": "PublicBodyController"
+ },
+ "file": "app/controllers/public_body_controller.rb",
+ "warning_code": 16,
+ "render_path": null,
+ "link": "http://brakemanscanner.org/docs/warning_types/file_access/",
+ "warning_type": "File Access",
+ "code": "FileUtils.mkdir_p(File.join(InfoRequest.download_zip_dir, \"download\"))",
+ "line": 194,
+ "confidence": "Weak",
+ "user_input": "InfoRequest.download_zip_dir",
+ "message": "Model attribute used in file name",
+ "fingerprint": "5ed20f867c17c814cfe117906161a26f37b986d694996c9fd0089d4f971dc1d0",
+ "note": "InfoRequest.download_zip_dir does not contain user input"
+ }
+ ],
+ "updated": "Thu Oct 02 10:43:19 +0000 2014",
+ "brakeman_version": "2.6.2"
+}
diff --git a/config/brakeman.yml b/config/brakeman.yml
new file mode 100644
index 000000000..1f95903fd
--- /dev/null
+++ b/config/brakeman.yml
@@ -0,0 +1,4 @@
+---
+:output_files:
+- tmp/brakeman.html
+- tmp/brakeman.json
diff --git a/config/httpd.conf-example b/config/httpd.conf-example
index e010ac22f..00722fbdf 100644
--- a/config/httpd.conf-example
+++ b/config/httpd.conf-example
@@ -34,7 +34,7 @@
# Passenger's default MaxPoolSize is 6. At the time of writing
# normal instances of Alaveteli seem to take 150-200MB per
# process, so we've set this conservatively at 3. Read the guides
- # above to tune this for your system
+ # above to tune this for your system
PassengerMaxPoolSize 3
# The RAILS_ENV that the app is running in. This can be any of
@@ -97,6 +97,11 @@
#
# The condition means that the rule will fire only if the cached
# file exists.
+ #
+ # The second condition-rule pair handles the same transformation for
+ # files served from a non-default locale, 'cy'. You will need one
+ # set of rules for each non-default locale.
+
RewriteMap escape int:escape
RewriteCond %{DOCUMENT_ROOT}/views_cache/request/$2/$1/${escape:$3} -f
RewriteRule ^/request/((\d{1,3})\d*)/(response/\d+/attach/(html/)?\d+/.+) /views_cache/request/$2/$1/${escape:$3} [L]
diff --git a/config/initializers/alaveteli.rb b/config/initializers/alaveteli.rb
index 0db7155d7..9493d4a1e 100644
--- a/config/initializers/alaveteli.rb
+++ b/config/initializers/alaveteli.rb
@@ -56,6 +56,7 @@ require 'public_body_csv'
require 'category_and_heading_migrator'
require 'public_body_categories'
require 'routing_filters'
+require 'alaveteli_text_masker'
AlaveteliLocalization.set_locales(AlaveteliConfiguration::available_locales,
AlaveteliConfiguration::default_locale)
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
new file mode 100644
index 000000000..99730e6b2
--- /dev/null
+++ b/config/initializers/secure_headers.rb
@@ -0,0 +1,24 @@
+::SecureHeaders::Configuration.configure do |config|
+
+ # https://tools.ietf.org/html/rfc6797
+ if AlaveteliConfiguration::force_ssl
+ config.hsts = { :max_age => 20.years.to_i, :include_subdomains => true }
+ else
+ config.hsts = false
+ end
+ # https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-02
+ config.x_frame_options = "sameorigin"
+
+ # http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
+ config.x_content_type_options = "nosniff"
+
+ # http://msdn.microsoft.com/en-us/library/dd565647%28v=vs.85%29.aspx
+ config.x_xss_protection = { :value => 1 }
+
+ # https://w3c.github.io/webappsec/specs/content-security-policy/
+ config.csp = false
+
+ # https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions
+ config.x_download_options = false
+end
+
diff --git a/config/locales/rw.yml b/config/locales/rw.yml
index 58422f264..caf72b604 100644
--- a/config/locales/rw.yml
+++ b/config/locales/rw.yml
@@ -10,138 +10,138 @@ rw:
- Sat
abbr_month_names:
-
- - Jan
- - Feb
- - Mar
- - Apr
- - May
- - Jun
- - Jul
- - Aug
- - Sep
- - Oct
- - Nov
- - Dec
+ - Mutarama
+ - Gashyantare
+ - Werurwe
+ - Mata
+ - Gicurasi
+ - Kamena
+ - Nyakanga
+ - Kanama
+ - Nzeri
+ - Ukwakira
+ - Ugushyingo
+ - Ukuboza
day_names:
- - Sunday
- - Monday
- - Tuesday
- - Wednesday
- - Thursday
- - Friday
- - Saturday
+ - Ku cyumweru
+ - Kuwa mbere
+ - Kuwa kabiri
+ - Kuwa gatatu
+ - Kuwa kane
+ - Kuwa gatanu
+ - Kuwa gatandatu
formats:
default: ! '%Y-%m-%d'
long: ! '%B %d, %Y'
short: ! '%b %d'
month_names:
-
- - January
- - February
- - March
- - April
- - May
- - June
- - July
- - August
- - September
- - October
- - November
- - December
+ - Mutarama
+ - Gashyantare
+ - Werurwe
+ - Mata
+ - Gicurasi
+ - Kamena
+ - Nyakanga
+ - Kanama
+ - Nzeri
+ - Ukwakira
+ - Ugushyingo
+ - Ukuboza
order:
- - :year
- - :month
- - :day
+ - :umwaka
+ - :ukwezi
+ - :umunsi
datetime:
distance_in_words:
about_x_hours:
- one: about 1 hour
- other: about %{count} hours
+ one: isaha ugereranyije
+ other: amasaha %{count}
about_x_months:
- one: about 1 month
- other: about %{count} months
+ one: ukwezi ugereranyije
+ other: amezi %{count}
about_x_years:
- one: about 1 year
- other: about %{count} years
+ one: umwaka ugereranyije
+ other: imyaka %{count}
almost_x_years:
- one: almost 1 year
- other: almost %{count} years
- half_a_minute: half a minute
+ one: umwaka ugereranyije
+ other: hafi y'imyaka %{count}
+ half_a_minute: igice cy'umunota
less_than_x_minutes:
- one: less than a minute
- other: less than %{count} minutes
+ one: munsi y'umunota
+ other: munsi y'iminota %{count}
less_than_x_seconds:
- one: less than 1 second
- other: less than %{count} seconds
+ one: munsi y'isegonda
+ other: munsi y'amasegonda %{count}
over_x_years:
- one: over 1 year
- other: over %{count} years
+ one: hafi umwaka
+ other: imyaka %{count}
x_days:
- one: 1 day
- other: ! '%{count} days'
+ one: umunsi umwe
+ other: ! 'iminsi %{count}'
x_minutes:
- one: 1 minute
- other: ! '%{count} minutes'
+ one: umunota umwe
+ other: ! 'iminote %{count}'
x_months:
- one: 1 month
- other: ! '%{count} months'
+ one: ukwezi kumwe
+ other: ! 'amazi %{count}'
x_seconds:
- one: 1 second
- other: ! '%{count} seconds'
+ one: isegonda rimwe
+ other: ! 'amasegonda %{count}'
prompts:
- day: Day
- hour: Hour
- minute: Minute
- month: Month
- second: Seconds
- year: Year
+ day: Umunsi
+ hour: Isaha
+ minute: Umunota
+ month: Ukwezi
+ second: Isegonda
+ year: Umwaka
errors:
format: ! '%{attribute} %{message}'
messages:
- accepted: must be accepted
- blank: can't be blank
- present: must be blank
- confirmation: ! "doesn't match %{attribute}"
- empty: can't be empty
- equal_to: must be equal to %{count}
- even: must be even
+ accepted: bigomba kwemerwa
+ blank: hagomba kuzuzwa
+ present: ntuhuzuze
+ confirmation: ! "ntibihura na %{attribute}"
+ empty: hagomba kuzuzwa
+ equal_to: bigomba kungana na%{count}
+ even: umubare ugomba kugabanyika na kabiri
exclusion: is reserved
- greater_than: must be greater than %{count}
- greater_than_or_equal_to: must be greater than or equal to %{count}
- inclusion: is not included in the list
- invalid: is invalid
- less_than: must be less than %{count}
- less_than_or_equal_to: must be less than or equal to %{count}
- not_a_number: is not a number
- not_an_integer: must be an integer
- odd: must be odd
- record_invalid: ! 'Validation failed: %{errors}'
+ greater_than: bigomba kurenga %{count}
+ greater_than_or_equal_to: bigomba kurenga cyangwa kungana na %{count}
+ inclusion: ntibiri ku rutonde
+ invalid: sibyo
+ less_than: ntibirenge %{count}
+ less_than_or_equal_to: munsi cyangwa bingana na %{count}
+ not_a_number: si umubare
+ not_an_integer: hagomba kuba umubare
+ odd: hagomba kuba igiharwe
+ record_invalid: ! 'Kwemezwa byanze: %{errors}'
restrict_dependent_destroy:
- one: "Cannot delete record because a dependent %{record} exists"
- many: "Cannot delete record because dependent %{record} exist"
- taken: has already been taken
+ one: "Ntibyasibama kubera hari %{record} uwabyanditse"
+ many: "Ntibyasibama kubera hari %{record} uwabyanditse"
+ taken: byamaze gufatwa
too_long:
- one: is too long (maximum is 1 character)
- other: is too long (maximum is %{count} characters)
+ one: Nturenze inyuguti imwe
+ other: Nturenze %{count} inyuguti
too_short:
- one: is too short (minimum is 1 character)
- other: is too short (minimum is %{count} characters)
+ one: Byibura inyuguti imwe
+ other: Byibura %{count} inyuguti
wrong_length:
- one: is the wrong length (should be 1 character)
- other: is the wrong length (should be %{count} characters)
- other_than: "must be other than %{count}"
+ one: warengeje, inyuguti imwe gusa
+ other: warengeje, inyuguti %{count} gusa
+ other_than: "bitandukane na %{count}"
template:
- body: ! 'There were problems with the following fields:'
+ body: ! 'Havutse ibibazo kuri ibi bice:'
header:
- one: 1 error prohibited this %{model} from being saved
- other: ! '%{count} errors prohibited this %{model} from being saved'
+ one: ikibazo kimwe cyatumye %{model} itinjizwa
+ other: ! 'ibibazo %{count} byatumye %{model} itinjizwa'
helpers:
select:
- prompt: Please select
+ prompt: Hitamo
submit:
- create: Create %{model}
- submit: Save %{model}
- update: Update %{model}
+ create: Rema %{model}
+ submit: Bika %{model}
+ update: Hindura %{model}
number:
currency:
format:
@@ -162,10 +162,10 @@ rw:
decimal_units:
format: ! '%n %u'
units:
- billion: Billion
- million: Million
+ billion: Tiriyari
+ million: Miriyoni
quadrillion: Quadrillion
- thousand: Thousand
+ thousand: ibihumbi
trillion: Trillion
unit: ''
format:
@@ -187,13 +187,13 @@ rw:
format:
delimiter: ''
format: "%n%"
- precision:
- format:
- delimiter: ''
+ precision:
+ format:
+ delimiter: ''
support:
array:
- last_word_connector: ! ', and '
- two_words_connector: ! ' and '
+ last_word_connector: ! ', na '
+ two_words_connector: ! ' na '
words_connector: ! ', '
time:
am: am
@@ -201,4 +201,4 @@ rw:
default: ! '%a, %d %b %Y %H:%M:%S %z'
long: ! '%B %d, %Y %H:%M'
short: ! '%d %b %H:%M'
- pm: pm
+ pm: nyuma ya saa sita
diff --git a/config/routes.rb b/config/routes.rb
index 4b2eb5695..c975d6007 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -169,17 +169,15 @@ Alaveteli::Application.routes.draw do
####
#### AdminPublicBody controller
- match '/admin/missing_scheme' => 'admin_public_body#missing_scheme', :as => :admin_body_missing
- match '/admin/body' => 'admin_public_body#index', :as => :admin_body_index
- match '/admin/body/list' => 'admin_public_body#list', :as => :admin_body_list
- match '/admin/body/show/:id' => 'admin_public_body#show', :as => :admin_body_show
- match '/admin/body/new' => 'admin_public_body#new', :as => :admin_body_new
- match '/admin/body/edit/:id' => 'admin_public_body#edit', :as => :admin_body_edit
- match '/admin/body/update/:id' => 'admin_public_body#update', :as => :admin_body_update
- match '/admin/body/create' => 'admin_public_body#create', :as => :admin_body_create
- match '/admin/body/destroy/:id' => 'admin_public_body#destroy', :as => :admin_body_destroy
- match '/admin/body/import_csv' => 'admin_public_body#import_csv', :as => :admin_body_import_csv
- match '/admin/body/mass_tag_add' => 'admin_public_body#mass_tag_add', :as => :admin_body_mass_tag_add
+ scope '/admin', :as => 'admin' do
+ resources :bodies,
+ :controller => 'admin_public_body' do
+ get 'missing_scheme', :on => :collection
+ post 'mass_tag_add', :on => :collection
+ get 'import_csv', :on => :collection
+ post 'import_csv', :on => :collection
+ end
+ end
####
#### AdminPublicBodyCategory controller
@@ -200,9 +198,27 @@ Alaveteli::Application.routes.draw do
end
####
+ #### AdminHoliday controller
+ scope '/admin', :as => 'admin' do
+ resources :holidays,
+ :controller => 'admin_holidays'
+ end
+ ####
+
+ #### AdminHolidayImports controller
+ scope '/admin', :as => 'admin' do
+ resources :holiday_imports,
+ :controller => 'admin_holiday_imports',
+ :only => [:new, :create]
+ end
+ ####
+
#### AdminPublicBodyChangeRequest controller
- match '/admin/change_request/edit/:id' => 'admin_public_body_change_requests#edit', :as => :admin_change_request_edit
- match '/admin/change_request/update/:id' => 'admin_public_body_change_requests#update', :as => :admin_change_request_update
+ scope '/admin', :as => 'admin' do
+ resources :change_requests,
+ :controller => 'admin_public_body_change_requests',
+ :only => [:edit, :update]
+ end
####
#### AdminGeneral controller
@@ -213,81 +229,99 @@ Alaveteli::Application.routes.draw do
####
#### AdminRequest controller
- match '/admin/request' => 'admin_request#index', :as => :admin_request_index
- match '/admin/request/list' => 'admin_request#list', :as => :admin_request_list
- match '/admin/request/show/:id' => 'admin_request#show', :as => :admin_request_show
- match '/admin/request/resend' => 'admin_request#resend', :as => :admin_request_resend
- match '/admin/request/edit/:id' => 'admin_request#edit', :as => :admin_request_edit
- match '/admin/request/update/:id' => 'admin_request#update', :as => :admin_request_update
- match '/admin/request/destroy/:id' => 'admin_request#fully_destroy', :as => :admin_request_destroy
- match '/admin/request/edit_comment/:id' => 'admin_request#edit_comment', :as => :admin_request_edit_comment
- match '/admin/request/update_comment/:id' => 'admin_request#update_comment', :as => :admin_request_update_comment
- match '/admin/request/move_request' => 'admin_request#move_request', :as => :admin_request_move_request
- match '/admin/request/generate_upload_url/:id' => 'admin_request#generate_upload_url', :as => :admin_request_generate_upload_url
- match '/admin/request/show_raw_email/:id' => 'admin_request#show_raw_email', :as => :admin_request_show_raw_email
- match '/admin/request/download_raw_email/:id' => 'admin_request#download_raw_email', :as => :admin_request_download_raw_email
- match '/admin/request/mark_event_as_clarification' => 'admin_request#mark_event_as_clarification', :as => :admin_request_clarification
- match '/admin/request/hide/:id' => 'admin_request#hide_request', :as => :admin_request_hide
- ####
+ scope '/admin', :as => 'admin' do
+ resources :requests,
+ :controller => 'admin_request',
+ :except => [:new, :create] do
+ post 'move', :on => :member
+ post 'generate_upload_url', :on => :member
+ post 'hide', :on => :member
+ resources :censor_rules,
+ :controller => 'admin_censor_rule',
+ :only => [:new, :create],
+ :name_prefix => 'request_'
- #### AdminIncomingMessage controller
- match '/admin/incoming/destroy' => 'admin_incoming_message#destroy', :as => :admin_incoming_destroy
- match '/admin/incoming/redeliver' => 'admin_incoming_message#redeliver', :as => :admin_incoming_redeliver
- match '/admin/incoming/edit/:id' => 'admin_incoming_message#edit', :as => :admin_incoming_edit
- match '/admin/incoming/update/:id' => 'admin_incoming_message#update', :as => :admin_incoming_update
+ end
+ end
####
- #### AdminOutgoingMessage controller
- match '/admin/outgoing/edit/:id' => 'admin_outgoing_message#edit', :as => :admin_outgoing_edit
- match '/admin/outgoing/destroy/:id' => 'admin_outgoing_message#destroy', :as => :admin_outgoing_destroy
- match '/admin/outgoing/update/:id' => 'admin_outgoing_message#update', :as => :admin_outgoing_update
+ #### AdminComment controller
+ scope '/admin', :as => 'admin' do
+ resources :comments,
+ :controller => 'admin_comment',
+ :only => [:edit, :update]
+ end
####
- #### AdminUser controller
- match '/admin/user' => 'admin_user#index', :as => :admin_user_index
- match '/admin/user/list' => 'admin_user#list', :as => :admin_user_list
- match '/admin/user/banned' => 'admin_user#list_banned', :as => :admin_user_list_banned
- match '/admin/user/show/:id' => 'admin_user#show', :as => :admin_user_show
- match '/admin/user/edit/:id' => 'admin_user#edit', :as => :admin_user_edit
- match '/admin/user/show_bounce_message/:id' => 'admin_user#show_bounce_message', :as => :admin_user_show_bounce
- match '/admin/user/update/:id' => 'admin_user#update', :as => :admin_user_update
- match '/admin/user/clear_bounce/:id' => 'admin_user#clear_bounce', :as => :admin_user_clear_bounce
- match '/admin/user/destroy_track' => 'admin_user#destroy_track', :as => :admin_user_destroy_track
- match '/admin/user/login_as/:id' => 'admin_user#login_as', :as => :admin_user_login_as
- match '/admin/user/clear_profile_photo/:id' => 'admin_user#clear_profile_photo', :as => :admin_clear_profile_photo
- match '/admin/user/modify_comment_visibility/:id' => 'admin_user#modify_comment_visibility', :as => 'admin_user_modify_comment_visibility'
+ #### AdminRawEmail controller
+ scope '/admin', :as => 'admin' do
+ resources :raw_emails,
+ :controller => 'admin_raw_email',
+ :only => [:show]
+ end
####
- #### AdminTrack controller
- match '/admin/track/list' => 'admin_track#list', :as => :admin_track_list
- ####
+ #### AdminInfoRequestEvent controller
+ scope '/admin', :as => 'admin' do
+ resources :info_request_events,
+ :controller => 'admin_info_request_event',
+ :only => [:update]
+ end
- #### AdminCensorRule controller
- match '/admin/censor/new' => 'admin_censor_rule#new', :as => :admin_rule_new
- match '/admin/censor/create' => 'admin_censor_rule#create', :as => :admin_rule_create
- match '/admin/censor/edit/:id' => 'admin_censor_rule#edit', :as => :admin_rule_edit
- match '/admin/censor/update/:id' => 'admin_censor_rule#update', :as => :admin_rule_update
- match '/admin/censor/destroy/:censor_rule_id' => 'admin_censor_rule#destroy', :as => :admin_rule_destroy
+ #### AdminIncomingMessage controller
+ scope '/admin', :as => 'admin' do
+ resources :incoming_messages,
+ :controller => 'admin_incoming_message',
+ :only => [:edit, :update, :destroy] do
+ post 'redeliver', :on => :member
+ end
+ end
+ ####
+ #### AdminOutgoingMessage controller
scope '/admin', :as => 'admin' do
- resources :info_requests, :only => [] do
- resources :censor_rules,
- :controller => 'admin_censor_rule',
- :only => [:new, :create],
- :name_prefix => 'info_request_'
+ resources :outgoing_messages,
+ :controller => 'admin_outgoing_message',
+ :only => [:edit, :update, :destroy] do
+ post 'resend', :on => :member
end
end
+ ####
+ #### AdminUser controller
scope '/admin', :as => 'admin' do
- resources :users, :only => [] do
- resources :censor_rules,
- :controller => 'admin_censor_rule',
- :only => [:new, :create],
- :name_prefix => 'user_'
+ resources :users,
+ :controller => 'admin_user',
+ :except => [:new, :create, :destroy] do
+ get 'banned', :on => :collection
+ get 'show_bounce_message', :on => :member
+ post 'clear_bounce', :on => :member
+ post 'login_as', :on => :member
+ post 'clear_profile_photo', :on => :member
+ post 'modify_comment_visibility', :on => :collection
+ resources :censor_rules,
+ :controller => 'admin_censor_rule',
+ :only => [:new, :create],
+ :name_prefix => 'user_'
end
end
####
+ #### AdminTrack controller
+ scope '/admin', :as => 'admin' do
+ resources :tracks,
+ :controller => 'admin_track',
+ :only => [:index, :destroy]
+ end
+ ####
+
+ #### AdminCensorRule controller
+ scope '/admin', :as => 'admin' do
+ resources :censor_rules,
+ :controller => 'admin_censor_rule',
+ :except => [:index, :new, :create]
+ end
+
#### AdminSpamAddresses controller
scope '/admin', :as => 'admin' do
resources :spam_addresses,