aboutsummaryrefslogtreecommitdiffstats
path: root/app
Commit message (Collapse)AuthorAgeLines
...
* | | | | Enforce a lifetime on session cookiesLouise Crow2014-12-12-9/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem described in http://seclists.org/fulldisclosure/2013/Sep/145 Pattern taken from https://www.coffeepowered.net/2013/09/26/rails-session-cookies/
* | | | | Remove obsolete 'require' statementLouise Crow2014-12-12-2/+1
| | | | |
* | | | | Only mark email_subject_request as HTML safe when used in email subject.Louise Crow2014-12-12-13/+19
| |_|/ / |/| | | | | | | | | | | It's also used in the web interface and needs to be escaped there.
* | | | Merge branch '2022-fragmented-translation' into rails-3-developGareth Rees2014-12-11-2/+7
|\ \ \ \
| * | | | Improve translation on /details/request/:idGareth Rees2014-12-11-2/+7
| | |/ / | |/| | | | | | | | | | Better to translate the full string
* | | | Unify add annotation <title> and <h1>Gareth Rees2014-12-11-3/+4
| | | | | | | | | | | | | | | | | | | | Use the same msgids so that translators only have to translate one thing.
* | | | Translate annotation ‘to’ headingGareth Rees2014-12-11-2/+4
|/ / /
* | | Merge branch 'owasp-fixes' into rails-3-developLouise Crow2014-12-09-8/+8
|\ \ \
| * | | Don't display specific error messages in production.Louise Crow2014-12-05-4/+1
| | | |
| * | | Add secureheadersLouise Crow2014-12-05-0/+3
| | | | | | | | | | | | | | | | Issue some security-related headers by default.
| * | | Don't allow autocomplete.Louise Crow2014-12-05-4/+4
| | |/ | |/| | | | | | | This prevents browsers from storing and filling passwords.
* | | Remove unused "web analytics" section of admin pages - it's confusing!Henare Degan2014-12-09-5/+0
| | |
* | | Merge branch '1666-related-requests-search' into rails-3-developGareth Rees2014-12-08-25/+57
|\ \ \ | |_|/ |/| |
| * | Add slideUp/slideDown to related requests resultsGareth Rees2014-11-11-8/+17
| | |
| * | Add close button to similar requests on /new/:bodyGareth Rees2014-11-11-3/+11
| | |
| * | Limit typeahead similar requests on /new/:bodyGareth Rees2014-11-11-1/+3
| | | | | | | | | | | | | | | Only return 3 similar requests to prevent the suggestions swamping the page
| * | RequestController#search_typaahead limit resultsGareth Rees2014-11-11-1/+3
| | | | | | | | | | | | Use the per_page parameter to limit the results returned
| * | Don’t render search ahead results if no resultsGareth Rees2014-11-11-6/+4
| | | | | | | | | | | | | | | Only render the request_search_ahead_results div when a search has been made.
| * | Don’t render “search their website” if no resultsGareth Rees2014-11-11-3/+6
| | |
| * | Only attempt to render results if there are anyGareth Rees2014-11-11-5/+5
| | | | | | | | | | | | No point trying to render the results if there aren’t any to render
| * | Refactor request/_search_ahead partialGareth Rees2014-11-11-4/+8
| | | | | | | | | | | | | | | | | | | | | Each instead of for Unless instead of if ! .any? instead of size > 0 Line length
| * | Filter related requests by body on /new/:bodyGareth Rees2014-11-11-1/+1
| | |
| * | RequestController#search_typeahead filter by bodyGareth Rees2014-11-11-4/+10
| | | | | | | | | | | | | | | Action now supports the `request_from` param as per the Xapian filtering system to filter search typeaheads by public body
* | | Don't translate validation messages for models created/edited in admin interfacerelease/0.20Louise Crow2014-12-02-8/+8
| | |
* | | Fix for interpolation bug introduced in ↵Louise Crow2014-12-01-1/+11
| | | | | | | | | | | | | | | | | | | | | 7a3b462f41321034cbdd2c83707f739a442e83c6. The string with the unsubstituted variable pattern was being made available for translation, instead of the translatable version.
* | | Merge branch '2000-validate-category-description' into rails-3-developLouise Crow2014-12-01-0/+1
|\ \ \
| * | | Validate the presence of the description.Louise Crow2014-12-01-0/+1
| | | | | | | | | | | | | | | | It's required in [PublicBody#type_of_authority]( https://github.com/mysociety/alaveteli/blob/rails-3-develop/app/models/public_body.rb#L343-L347)
* | | | Merge branch '1965-censor-rule-creation-failure' into rails-3-developLouise Crow2014-12-01-23/+54
|\ \ \ \ | |/ / / |/| | |
| * | | Remove redundant hidden fieldsGareth Rees2014-12-01-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that the form submits to a URL containing the parent object’s id these are no longer required See: - 259a0fd588e198d2a826ef4ac09284c610005387 - d5c7e08d58dc5ad52f16eccd9c456543503e4360
| * | | Use instance variable for CensorRule in #destroyGareth Rees2014-11-19-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | Easier to check against the assigned variable, but the spec still fails because an internal error is raised if the rule is not associated with a User or InfoRequest
| * | | Use new routes for creating censor rulesGareth Rees2014-11-19-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Use resource-oriented form style, building against the censor rule instance created in the controller - Use the URL assigned by the controller based on what the censor rule is being created against - Use the new route for the buttons directing the admin to the form - Use consistent styling for button labelling - Use each instead of for
| * | | Tidy AdminCensorRuleController#updateGareth Rees2014-11-19-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | - Add linebreaks to break up sections - Remove unused parentheses - Use unless instead of if !
| * | | Set the form URL to POST to in #createGareth Rees2014-11-19-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | Direct the (re-rendered) form at the correct route for the association (or use the generic route if the rule is being created for some other reason)
| * | | Associate censor rule with something in #createGareth Rees2014-11-19-2/+17
| | | | | | | | | | | | | | | | | | | | Build the CensorRule against the object that is found by an additional parameter (either :info_request_id or :user_id)
| * | | Set the form URL to POST to in #newGareth Rees2014-11-19-0/+4
| | | | | | | | | | | | | | | | | | | | Direct the form at the correct route for the association (or use the generic route if the rule is being created for some other reason)
| * | | Associate censor rule with something in #newGareth Rees2014-11-19-0/+2
| | | | | | | | | | | | | | | | | | | | Build the CensorRule against the object that is found by an additional parameter (either :info_request_id or :user_id)
| * | | Initialize a new CensorRule in #newGareth Rees2014-11-19-0/+2
| | | |
* | | | Merge branch 'rails-3-develop' of ↵Louise Crow2014-11-27-37/+43
|\ \ \ \ | | | | | | | | | | | | | | | ssh://git.mysociety.org/data/git/public/alaveteli into rails-3-develop
| * | | | Add JS confirmation for deleting heading/categoryGareth Rees2014-11-20-2/+4
| | | | |
| * | | | Fix incorrect count for heading childrenGareth Rees2014-11-20-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Was initially counting the number of headings rather than the number of categories inside each heading.
| * | | | Tidy public body category management UIGareth Rees2014-11-20-36/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the forms for editing categories and category headings more uniform with other admin pages - Put the dangerous actions in a well - Remove large well for returning to the index page
* | | | | Merge branch 'close-update-public-body' into rails-3-developLouise Crow2014-11-27-0/+3
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | Adds button missing from 921ee9a19c267bb0e6e784091b985f3ba80d835bLouise Crow2014-11-18-0/+3
| | | | |
* | | | | Merge branch 'issues/1969-inconsistent-public-body-admin-interface' into ↵Gareth Rees2014-11-19-45/+38
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | rails-3-develop
| * | | | | Remove restricton on deleting PublicBodyHeadings with associated ↵lizconlan2014-11-19-28/+21
| | | | | | | | | | | | | | | | | | | | | | | | PublicBodyCategories
| * | | | | Fix view bug preventing PublicBodyCategories being deleted in the admin ↵lizconlan2014-11-19-17/+17
| |/ / / / | | | | | | | | | | | | | | | interface
* | / / / Use badge to show number of categories in headingGareth Rees2014-11-18-3/+6
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The chevron didn't illustrate that the heading had any category children. The app uses the badge pattern elsewhere. Adds minor style improvements: - Pad erb tags - Use each instead of for Fixes https://github.com/mysociety/alaveteli/issues/1962
* | | | Merge branch '1968-disable-category-tag-field' into rails-3-developGareth Rees2014-11-18-9/+16
|\ \ \ \
| * | | | Disable rather than hide form fields that can’t be modifiedGareth Rees2014-11-17-9/+16
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Not clear to the user why the form field is sometimes present and sometimes not present. The Category tag field may only be modified if authorities have not yet been assigned to the Category. This commit explains this and disables the field if this is true.
* | | | Use flash[:error] for error conditionGareth Rees2014-11-18-1/+1
| | | | | | | | | | | | Also use double quotes rather than string escaping
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 12:49:46 +0000