aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers/admin_controller.rb
Commit message (Collapse)AuthorAgeLines
* Add global protect_from_forgeryGareth Rees2014-12-18-1/+0
| | | | | | | Grepping the git logs didn’t bring up a good reason for this to be excluded. Seems like it came along after the app was initially created so it never got fully added for fear of regressions. The specs pass for this commit.
* Return a list of all cache directories for the requestLouise Crow2014-09-01-2/+1
|
* Merge branch 'feature/hide-individual-responses' into rails-3-developLouise Crow2013-09-17-2/+1
|\ | | | | | | | | | | | | | | | | | | | | Conflicts: Gemfile app/views/admin_request/edit_outgoing.html.erb config/packages doc/CHANGES.md doc/INSTALL.md spec/models/info_request_spec.rb spec/models/public_body_spec.rb
| * Move some download methods to InfoRequest.Louise Crow2013-09-16-2/+1
| | | | | | | | | | | | Use send_file to send zips. Also adds 'all_can_view_all_correspondence?' - is this request completely cachable, or do we need to cache different versions for different levels of privilege?
* | Make method name clearerHenare Degan2013-08-10-1/+1
|/
* Change email address in header of source code to hello@mysociety.orgMatthew Landauer2013-03-26-1/+1
|
* Update Configuration references to new name.Louise Crow2013-03-19-1/+1
|
* Merge branch 'develop' into rails-3-developLouise Crow2013-03-19-2/+1
|\ | | | | | | | | | | | | | | Conflicts: Gemfile Gemfile.lock app/views/admin_request/show.html.erb config/environment.rb
| * Allow the emergency user account to be disabled.Louise Crow2013-03-19-2/+1
| |
* | Rename Configuration class to avoid conflict with ActiveSupport::ConfigurableHenare Degan2013-03-03-3/+3
|/
* Remove any download zip files when a request's cached files are expired.Louise Crow2012-12-13-0/+4
|
* Move methods used only in admin controllers to admin_controller.rbLouise Crow2012-10-30-0/+24
|
* If we're doing admin authentication internally, don't bother with the ↵Louise Crow2012-10-30-3/+4
| | | | request environment, set the admin_name on the session instead.
* Remove svn tags that are out of date as we are now using gitMatthew Landauer2012-10-09-2/+0
|
* Extract configuration with defaults into one moduleMatthew Landauer2012-09-25-4/+2
|
* Fix typo in comment.Louise Crow2012-08-16-1/+1
|
* Don't allow non-superusers to access admin interface (eek!) Fixes #515Seb Bacon2012-06-27-2/+5
|
* Improve administrative user account support:Seb Bacon2012-05-14-14/+31
| | | | | | * Allow users with `super` admin level to use the administrative interface. * Allow bootstrapping these users with an Emergency User over HTTP Basic Auth * Introduce new `SKIP_ADMIN_AUTH` setting to allow all admin auth to be bypassed (used by mySociety)
* first stab at sending PURGE requests to upstream varnish for request pages. ↵Seb Bacon2012-03-13-0/+2
| | | | Next step: making it asynchronous, e.g. with a queue of things to purge via a cron job.
* Username from users logged in as ADMIN_USERNAME should appear in ↵seb2011-11-21-0/+1
| | | | administrative interface event logs. Fixes #287.
* Respect admin password and username. Fixes #245.Seb Bacon2011-09-30-5/+9
|
* Don't treat CSRF tokens as optional session data for administrators (they're ↵Seb Bacon2011-07-27-0/+3
| | | | | | needed to allow them to edit anything! Fixes #95 (Also change wording of test namess to match usual rspec convention)
* Authentication should only apply to admin interface when *both* email *and* ↵Seb Bacon2011-07-27-1/+1
| | | | password are unset
* fix up basic auth for admin settings: get credentials from config, cause ↵Seb Bacon2011-07-06-5/+8
| | | | default (where no config) to skip authorization completely, add tests for these
* Specific code for our requirements (kosovo law, our request etc..)Faton Selishta2011-06-02-1/+8
|
* Add CSRF protection on state changing actions. Use default handler ↵Louise Crow2011-02-28-4/+5
| | | | handle_unverified_request which clears session.
* Adding CSRF protection for admin forms.Louise Crow2011-02-24-0/+5
|
* Edit interface for user level censor rules.Francis Irving2010-08-04-0/+7
|
* Do the cacheing ourselves.Francis Irving2010-05-19-13/+3
|
* Generate path for fragment cache in central placeFrancis Irving2010-05-18-1/+1
|
* Store only clipped attachment text in database.francis2009-09-17-1/+5
|
* Replace expires_fragment with actual fast alternative!francis2009-09-15-13/+15
|
* Reindex in Xapian when censor rules change.francis2009-08-21-1/+3
|
* Use caching that allows pre-authentication.francis2009-06-30-17/+15
| | | | | Add test code for hidden requests. Make super users able to view hidden requests.
* "hidden" option to completely hide requests (from everyone except ↵francis2009-06-23-1/+22
| | | | administrator screens).
* Derive from right classfrancis2009-01-29-2/+2
|
* Always give full stack trace for admin interfacefrancis2009-01-29-56/+9
|
* Remove tracks by medium display in admin.francis2008-11-17-2/+1
|
* Factor out an SQL fragment.francis2008-09-11-4/+3
|
* *** empty log message ***francis2008-09-08-1/+2
|
* Let adapter compute booleans, so works with sqlite as well as postgresqlfrancis2008-07-30-2/+2
|
* Now we remind after 1 week, only put in admin after 10 daysfrancis2008-07-14-2/+2
|
* Store incoming messages which aren't to a valid request in a holding pen, andfrancis2008-07-08-1/+2
| | | | let people move them from admin interface.
* Date and order for things needing classification.francis2008-06-10-4/+5
|
* Admin classify after 1 week, not 2 weeks.francis2008-05-21-2/+2
|
* 2 day timelinefrancis2008-04-18-3/+7
|
* last_updated gets knackered by various track email things etc. so do queryfrancis2008-04-17-2/+2
| | | | on actual last new event for admin interface.
* Stats page.francis2008-04-16-1/+7
|
* Debug page.francis2008-04-11-1/+5
|
* Show which user you are in the admin interfacefrancis2008-04-11-1/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-23 22:55:50 +0000