aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers/user_controller.rb
Commit message (Collapse)AuthorAgeLines
* Fully prevent banned users editing their photoGareth Rees2015-02-24-0/+6
|
* Add specs to AboutMeValidatorGareth Rees2015-02-24-0/+6
|
* Merge branch 'hotfix/0.20.0.2' into rails-3-developLouise Crow2015-01-07-2/+2
|\
| * Fix unvalidated redirectsGareth Rees2014-12-22-2/+2
| |
* | Merge branch 'brakeman_fixes' into rails-3-developLouise Crow2014-12-18-7/+0
|\ \
| * | Add global protect_from_forgeryGareth Rees2014-12-18-7/+0
| |/ | | | | | | | | | | | | Grepping the git logs didn’t bring up a good reason for this to be excluded. Seems like it came along after the app was initially created so it never got fully added for fear of regressions. The specs pass for this commit.
* / Enforce a lifetime on session cookiesLouise Crow2014-12-12-9/+1
|/ | | | | | Problem described in http://seclists.org/fulldisclosure/2013/Sep/145 Pattern taken from https://www.coffeepowered.net/2013/09/26/rails-session-cookies/
* User profile option to filter requests by statusGareth Rees2014-10-14-0/+15
| | | | | Filters on `latest_status` because filtering by `status` searches all states a request has ever been in.
* Whitelist UserController#signup params0.19.0.3hotfix/0.19.0.3Gareth Rees2014-09-09-1/+5
| | | | Protects from mass-assignment exploit attempts
* Rename XXX comments with TODO:Gareth Rees2014-06-10-5/+5
| | | | Picks these up in `rake notes` and adds semantic meaning
* Fix typo in password change email subject.Matthew Somerville2014-05-30-1/+1
|
* Display batch requests for user on 'my requests' pageLouise Crow2013-12-04-0/+3
| | | | This is the most rudimentary possible way to give them access to the batch request urls, pending #1239
* Handle the case of a name that hits the character limits and has been ↵Louise Crow2013-07-29-2/+2
| | | | suffixed with a number.
* Merge commit '0.11.0.8' into rails-3-developLouise Crow2013-06-11-0/+1
|\
| * Cache a user's profile photo rather than repulling it each time.hotfix/0.11.0.8Louise Crow2013-06-11-0/+1
| |
* | Merge remote-tracking branch ↵Louise Crow2013-06-04-1/+5
|\ \ | |/ |/| | | 'openaustralia_github/inline_search_method_refactor' into rails-3-develop
| * Inline method InfoRequest.full_searchMatthew Landauer2013-03-25-1/+5
| |
* | Replace 'render_for_text data' with 'render :text => data'Mark Longair2013-05-28-2/+2
| | | | | | | | | | | | render_for_text no longer exists in Rails 3. Fixes #955
* | Change email address in header of source code to hello@mysociety.orgMatthew Landauer2013-03-26-1/+1
|/
* Merge remote-tracking branch 'mysociety/develop' into rails-3-developHenare Degan2013-03-14-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: Gemfile Gemfile.lock app/controllers/admin_request_controller.rb app/controllers/admin_track_controller.rb app/controllers/request_controller.rb app/controllers/services_controller.rb app/helpers/link_to_helper.rb app/mailers/request_mailer.rb app/models/application_mailer.rb app/models/info_request.rb app/views/admin_censor_rule/edit.html.erb app/views/admin_censor_rule/new.html.erb app/views/admin_public_body/_form.html.erb app/views/admin_public_body/_locale_selector.html.erb app/views/admin_public_body/_one_list.html.erb app/views/admin_public_body/edit.html.erb app/views/admin_public_body/list.html.erb app/views/admin_public_body/new.html.erb app/views/admin_request/_incoming_message_actions.html.erb app/views/admin_request/edit.html.erb app/views/admin_request/edit_comment.html.erb app/views/admin_request/edit_outgoing.html.erb app/views/admin_request/list.html.erb app/views/admin_request/list_old_unclassified.html.erb app/views/admin_request/show.html.erb app/views/admin_track/_some_tracks.html.erb app/views/admin_track/list.html.erb app/views/admin_user/edit.html.erb app/views/admin_user/list.html.erb app/views/admin_user/show.html.erb app/views/general/_footer.html.erb app/views/general/exception_caught.html.erb app/views/help/contact.html.erb app/views/layouts/default.html.erb app/views/public_body/_alphabet.html.erb app/views/request/_request_listing_single.html.erb app/views/request/_sidebar.html.erb app/views/request/new.html.erb app/views/request/show.html.erb app/views/request_mailer/external_response.rhtml app/views/request_mailer/fake_response.rhtml config/environment.rb config/environments/production.rb config/routes.rb spec/controllers/admin_censor_rule_controller_spec.rb spec/controllers/request_controller_spec.rb spec/controllers/track_controller_spec.rb spec/helpers/link_to_helper_spec.rb spec/mailers/request_mailer_spec.rb spec/models/info_request_spec.rb spec/spec_helper.rb spec/views/public_body/show.html.erb_spec.rb spec/views/request/show.html.erb_spec.rb vendor/plugins/rails_xss/lib/rails_xss/erubis.rb
| * Stop using main_url to generate absolute urls for the main siteMatthew Landauer2013-02-15-1/+1
| |
| * Redirects should be done with absolute urlsMatthew Landauer2013-02-15-7/+7
| |
| * Rename helper methodMatthew Landauer2013-02-15-8/+8
| |
* | Rename Configuration class to avoid conflict with ActiveSupport::ConfigurableHenare Degan2013-03-03-2/+2
| |
* | Rename ALL THE TEMPLATES!!1!!!one!!1!!Henare Degan2013-02-27-4/+4
| | | | | | | | .rhtml is deprecated in favour of .erb in Rails 3
* | Update to new mail sending APIHenare Degan2013-02-25-7/+7
|/
* If we're doing admin authentication internally, don't bother with the ↵Louise Crow2012-10-30-2/+3
| | | | request environment, set the admin_name on the session instead.
* Remove svn tags that are out of date as we are now using gitMatthew Landauer2012-10-09-2/+0
|
* Extract configuration with defaults into one moduleMatthew Landauer2012-09-25-2/+2
|
* Unset any "using_admin" flag when logging outSeb Bacon2012-06-27-0/+1
|
* Test for user turning email alerts off. Also includes a fix not to rely on ↵Seb Bacon2012-05-30-1/+1
| | | | HTTP_REFERER for subsequent redirect.
* Make it possible to view other people's activities on their own walls.Seb Bacon2012-05-30-5/+5
|
* Limit the number of results returned on the wallSeb Bacon2012-05-30-2/+2
|
* Support "following" functionality:Seb Bacon2012-05-30-0/+58
| | | | | | * Change "email me about stuff" wording to "follow" throughout * Introduce a new flag that the user can set, which controls if they get email alerts * Add a new link to a "wall" for logged in users where they can see a feed of all the things they're following
* Remove trailing whitespace (to make a cleaner forthcoming merge with ↵Seb Bacon2012-05-15-7/+7
| | | | wombleton:feature/440_sparkly_admin_css)
* Fix the "log in as" functionRobin Houston2012-03-20-1/+1
| | | | | | | | | | | | | | | Previously the "log in as" function after 3b6e5a692b852a88f55b21a7210f60a6f7cfc24b would attempt to log the admin user out before issuing the redirect. Unfortunately this approach does not work on WhatDoTheyKnow, where the admin pages are served via a different domain (secure.mysociety.org) and so do not share session information with the rest of the site. This commit changes it to mark the PostRedirect with circumstance == "login_as", which signals the user controller to log out the previous user even if they are an admin. In other words, the user is logged out on the main site rather than the admin site, skirting this problem. Closes #450.
* Let admin users use auto-login URLsRobin Houston2012-02-06-3/+5
| | | | | | Don't change logged-in user from an admin when visiting a auto-login URL. Closes #306.
* Return a 404 for missing user profile pictures. Fixes #363Seb Bacon2012-01-24-1/+2
|
* Don't give an error to users with an invalid postredirect token. Closes #334.Seb Bacon2012-01-11-2/+4
|
* Reintroduce a "my requests" link. Fixes #289.Seb Bacon2012-01-02-23/+35
|
* Merge branch 'develop' of github.com:sebbacon/alaveteli into developDavid Cabo2011-09-03-3/+10
|\
| * Provide a search function on the user profile pages. Closes #138.Seb Bacon2011-09-01-3/+10
| |
* | Merge branch 'asktheeu-new-design' into develop (update New Request workflow ↵David Cabo2011-09-01-1/+17
|\ \ | |/ |/| | | to match new wireframes)
| * Move log-in point to before Preview and fix modal sign-in and sign-up redirectsDavid Cabo2011-08-11-3/+6
| |
| * Select layout for User controller (modal/non-modal) using Rails baked-in ↵David Cabo2011-08-10-13/+13
| | | | | | | | mechanism, much cleaner and robust
| * New Request wireframe: implemente modal sign-in processDavid Cabo2011-08-02-5/+18
| |
| * Add cache headers to various pages (in three categories: short, medium, and ↵Seb Bacon2011-07-25-0/+1
| | | | | | | | long).
* | ensure recaptcha appears on register form, and move to end of formSeb Bacon2011-08-30-1/+1
| |
* | Merge branch 'develop' into feature/add-recaptchaSeb Bacon2011-08-30-3/+2
|\ \
| * | Additional changes omitted from commit ↵Seb Bacon2011-08-30-3/+2
| | | | | | | | | | | | 9d8388c03d0faeaca29d233a340c58bd65f28a97 (distinguish 404s and 500s), fixes #161.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-26 09:55:54 +0000