aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
Commit message (Collapse)AuthorAgeLines
* Reword View Requests to Browse Requests in navGareth Rees2014-08-21-1/+1
| | | | | | | User testing highlighted that it was easy to mistake "View Requests" for a Facebook-style wall rather than the list of all requests. [1] [1] https://github.com/mysociety/alaveteli/issues/1505
* Merge branch 'issues/1181-destroy-external-request' into rails-3-developGareth Rees2014-08-21-1/+2
|\
| * Interpolate rather than String#+Gareth Rees2014-08-18-1/+1
| | | | | | https://github.com/bbatsov/ruby-style-guide#concat-strings
| * Use different flash for fully_destroy external InfoRequestGareth Rees2014-08-18-1/+2
| | | | | | | | Uses a different flash message to avoid trying to fetch a non existent user record
* | Add honeypot spam protection to body update formGareth Rees2014-08-21-0/+12
|/ | | | | Intercepts the request and redirects to the homepage if the comment field is filled in on the public body update form.
* Use since_event_id to restrict query, not just data displayed.Louise Crow2014-08-11-16/+26
| | | | | Allow the same params (since_event_id, since_date) for both formats. There doesn't seem to be a particular reason not to treat them the same.
* Merge branch 'issues/1709-eager-load-for-api-speed' into rails-3-developLouise Crow2014-08-04-24/+11
|\
| * Try some eager loading to speed up body_request_eventsLouise Crow2014-08-04-24/+11
| |
* | whitespacelizconlan2014-07-28-31/+24
| | | | | | | | includes various code layout fixes
* | Sending an invalid state value to add_correspondence now aborts the entire ↵lizconlan2014-07-28-3/+12
| | | | | | | | operation
* | Refactor state update API, better error handlinglizconlan2014-07-28-51/+37
| | | | | | | | Filters; more 403s, fewer 500s; added logging; less duplication
* | Extend add_correspondence API method to optionally accept a state paramlizconlan2014-07-28-7/+22
| |
* | New API method for updating request statelizconlan2014-07-28-0/+34
| |
* | Merge branch 'issues/1415-bulk-update-public-bodies' into rails-3-developGareth Rees2014-06-25-12/+22
|\ \
| * | Move PublicBody domain logic from controllerGareth Rees2014-06-06-2/+2
| | | | | | | | | | | | | | | | | | Moves the magic 'site_administration' tag logic to the PublicBody model. Easier to make the string passed to `PublicBody#has_tag?` configurable if we want to allow this to be set per install.
| * | Extract public body CSV export to its own classGareth Rees2014-06-06-11/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - SRP: Do one thing. PublicBodyCSV converts a collection of bodies in to a CSV formatted String - Adds some parenthesis around parameters in PublicBodyController#list_all_csv - Let the controller handle what records to pull out for the CSV export Arguably this doesn't really need to be anything to do with PublicBody, but it allows us to set nice defaults.
| * | Remove FasterCSV dependencyGareth Rees2014-06-04-1/+0
| | | | | | | | | | | | The last remaining usage was removed in c1ee22fe
* | | Handle unhelpful stemmingGareth Rees2014-06-25-2/+10
| | | | | | | | | | | | | | | | | | | | | Stemming returns 'bore' as the word to highlight which can't be matched in the original phrase. Also removes duplicates from the results
* | | Use regex based highlightingGareth Rees2014-06-25-2/+2
| | |
* | | Rename XXX comments with TODO:Gareth Rees2014-06-10-22/+22
|/ / | | | | | | Picks these up in `rake notes` and adds semantic meaning
* | Fix operator precedenceLouise Crow2014-06-02-1/+1
| | | | | | | | | | Was switched to && for style but in fact for control flow, and is what we want.
* | Merge branch 'issues/1448-no-error-on-spam' into rails-3-developLouise Crow2014-06-02-0/+6
|\ \
| * | Redirect to the frontpage rather than error on invalid paramsLouise Crow2014-06-02-0/+6
| |/ | | | | | | Fixes #1448.
* | Merge remote-tracking branch 'origin/password-change-subject-typo' into ↵Louise Crow2014-06-02-1/+1
|\ \ | | | | | | | | | rails-3-develop
| * | Fix typo in password change email subject.Matthew Somerville2014-05-30-1/+1
| |/
* | Merge branch 'issues/1363-version-api-stats' into rails-3-developGareth Rees2014-06-02-1/+3
|\ \
| * | Add confirmed_user_count to /version.jsonGareth Rees2014-05-23-1/+2
| | |
| * | Add visible_request_count to /version.jsonGareth Rees2014-05-23-1/+2
| |/
* | Support simple searching of bodies by short_nameGareth Rees2014-05-28-4/+6
| |
* | Minor tidying of PublicBodyController#listGareth Rees2014-05-28-19/+19
|/ | | Spacing, parenthesis, etc
* Merge branch 'issues/337-attachment-title' into rails-3-developGareth Rees2014-04-14-9/+8
|\
| * Update gubbins to call AttachmentToHTMLGareth Rees2014-04-07-13/+8
| |
| * Use AttachmentToHTML to generate FoiAttachment#body_as_htmlGareth Rees2014-03-28-8/+12
| |
* | Merge branch 'issues/1343-ip-spoofing-error' into rails-3-developGareth Rees2014-04-14-1/+5
|\ \
| * | Rescue from IpSpoofAttackError when using remote IPGareth Rees2014-04-14-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some proxies seem to be setting the Client-IP HTTP header to 127.0.0.1. Rails checks that Client-IP is contained in X-Forwarded-For and raises the error. We decided to rescue in this individual case rather than adding a middleware to strip Client-IP (http://writeheavy.com/2011/07/31/when-its-ok-to-turn-of-rails-ip-spoof-checking.html#well_thats_stupid_can_we_turn_it_off) so that we don't introduce unexpected behaviour. If we start to do anything more with request.remote_ip, then we should look at doing so. See http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection for an in-depth look at this issue.
* | | Rescue from non-numeric page parameter exceptionsGareth Rees2014-04-10-1/+1
|/ / | | | | | | | | | | will_paginate intentionally throws an ArgumentError when a non-numeric page parameter is used. Conveniently, they tag it with WillPaginate::InvalidPage, so here we rescue with a 404.
* | Merge branch 'issues/1317-holding-pen-spam' into rails-3-developGareth Rees2014-04-07-0/+27
|\ \
| * | Add AdminSpamAddressesController and UIGareth Rees2014-03-28-0/+27
| |/
* | Merge branch 'rails-3-develop' of ↵Louise Crow2014-04-04-0/+10
|\ \ | | | | | | | | | ssh://git.mysociety.org/data/git/public/alaveteli into rails-3-develop
| * \ Merge branch 'issues/1406-render-exception-error' into rails-3-developGareth Rees2014-04-02-0/+10
| |\ \
| | * | URL Encode the path parameter for render_exceptionGareth Rees2014-03-31-0/+10
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a request is made and path is something like /%d3 we rescue this with a custom 404 template. This gets unescaped as {"path"=>"\323"}. In the case of a RouteNotFound, ApplicationController#render_exception renders the general/exception_caught template in to the default layout, which renders the general/_locale_switcher partial. This partial calls url_for – sending the full params hash as the argument – so that a user may return to the existing page in their chosen locale. The problem is that url_for tries to construct the url with the hash {:action=>"not_found", :controller=>"general", :path=>"\323"}. ApplicationController#sanitize_params re-encodes the path parameter so that it can be passed through to url_for without trouble.
* | | Merge branch 'feature/1310-better-track-translation' into rails-3-developLouise Crow2014-04-04-16/+3
|\ \ \ | |/ / |/| | | | | | | | Conflicts: spec/factories.rb
| * | Add notices for unsubscribing from things.Louise Crow2014-03-24-1/+1
| | | | | | | | | | | | | | | These are full sentences, not composed on the fly, so should be easier to translate.
| * | Add notices for subscribing to something.Louise Crow2014-03-24-5/+1
| | | | | | | | | | | | | | | These notices are complete sentences, not composed on the fly, so should be easier to translate.
| * | Add notices for subscribing something you're subscribed to.Louise Crow2014-03-24-1/+1
| | | | | | | | | | | | | | | These notices are full sentences, rather than being composed of phrases, which should make them easier to translate.
| * | Remove obsolete line.Louise Crow2014-03-24-1/+0
| | | | | | | | | | | | | | | Should have been removed in https://github.com/mysociety/alaveteli/commit/b236d4f113187b0e5d87867fc6512e5486f9764f.
| * | Remove old unused code.Louise Crow2014-03-24-8/+0
| | |
* | | Add honeypot spam protection to contact formGareth Rees2014-03-31-0/+9
| |/ |/| | | | | | | Intercepts the request and redirects to the homepage if the comment field is filled in on the contact form.
* | Controller code to hide/unhide annotationsAndrew Black2014-03-25-0/+6
| | | | | | | | The UI provides a list of comment_ids and a newstate="visible" or "hide"
* | Merge branch 'rails-3-develop' of ↵Louise Crow2014-03-13-26/+41
|\ \ | | | | | | | | | ssh://git.mysociety.org/data/git/public/alaveteli into rails-3-develop
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-01 03:30:45 +0000