moved authorization logic from comments controller to policy file. Additionally removed unused crud methods

moved logic for authorization out of answers controller into the policy

removed json and added authorization to answers_controller

removed themes_controller as it was never used

removed json and forced authorization for dmptemplates

removed json and forced authentication on guidance_groups

removed all json responces from guidances controller and forced authorization

removed authorization from home-controller as some users will not be logged in when request fielded

forced auth on organisations_controller. TODO: re-check parent, children, and templates after AJAX removed

modified organisations

added auth to home controller

removed verify_authorized out to individual controllers

forced all actions to be authenticated through pundit

removed unused actions and json from users controller

Merge branch 'development' of https://github.com/DMPRoadmap/roadmap into development

reverted back changes to user<-->org relationship. added missing api and magic strings sections to the other locale files.

Revert "Fix to bug in user model that was preventing the organisation association from working (#30)" ...

This reverts commit 03941c1.

Removal of ajax calls from the Create Plan page (#31)

Fix to bug in user model that was preventing the organisation association from working (#30) ...

* updated dragonfly max logo height/width to 160px to fit with current max size of DMPRoadmap logo

* updated organisation edit page's error messages so that errors are placed in the alert text section. Updated wording in locale files to reflect the 160x160 file size.

* removed height and width constraints to logo upload function. Added method that will resize the uploaded logo so that the width is 160px (maintaining aspect ratio) so that the logo fits within the layout properly

* changed logo size to a height of 100 and moved logo so that it appears alongside the DMPRoadmap logo per the current specifications

* Removed description field from organisation. Add contact email to the organisation. Change the way the logo is displayed on the organisation screen.

* commented out legacy user.organisation_id method in user model. Each user now belongs to one organisation

* Commented out other deprecated user<-->organisation methods so that they use the user.organisation_id field instead of the user.organisations structure. This needs to be cleaned up and overhauled in the user and organisation models so that user belongs to an organisation and organisations have many users, and any references to the old code need to be updated.

Commented out deprecated user.organisation_id method (#29) ...

* updated dragonfly max logo height/width to 160px to fit with current max size of DMPRoadmap logo

* updated organisation edit page's error messages so that errors are placed in the alert text section. Updated wording in locale files to reflect the 160x160 file size.

* removed height and width constraints to logo upload function. Added method that will resize the uploaded logo so that the width is 160px (maintaining aspect ratio) so that the logo fits within the layout properly

* changed logo size to a height of 100 and moved logo so that it appears alongside the DMPRoadmap logo per the current specifications

* Removed description field from organisation. Add contact email to the organisation. Change the way the logo is displayed on the organisation screen.

* commented out legacy user.organisation_id method in user model. Each user now belongs to one organisation

Merge branch 'master' into development

Merge branch 'master' of https://github.com/DMPRoadmap/roadmap

Fixed bug in logo branding view

rebuilt Gemfile.lock (#28) ...

* rebasing from master (#27)

* added data structures for testing

* renamed token_permission_type to plural to follow convention of fixtures

* added gem to allow testing of controllers

* began implimenting testing for projects controller

* fixed auth to reject empty string

* added data structures for testing

* added data structures for testing

* removed old unnecissary data structures from fixtures

* added forgotten view for org-admins giving user's api permissions

* updated .gitignore

* added gem to allow testing of controllers

* began implimenting testing for projects controller

* fixed auth to reject empty string

* added data structures for testing

* added data structures for testing

* removed old unnecissary data structures from fixtures

* added forgotten view for org-admins giving user's api permissions

* updated .gitignore

* fixed leftover merge conflict in .gitignore

* updated org-admin view of users for rails 4.2 compatability

* fiexed a bug where user's api token permissions wouldnt display

* fixed syntax error

* changed guidance_group to guidance_groups for consistancy with api spec

* fix roadmap route

* bugfixing auth for api

* removed token_permission as it was accidentially re-added by a merge

* added gem to allow testing of controllers

* began implimenting testing for projects controller

* fixed auth to reject empty string

* added data structures for testing

* added data structures for testing

* removed old unnecissary data structures from fixtures

* added forgotten view for org-admins giving user's api permissions

* updated .gitignore

* removed old unnecissary data structures from fixtures

* updated .gitignore

* updated org-admin view of users for rails 4.2 compatability

* fiexed a bug where user's api token permissions wouldnt display

* fixed syntax error

* changed guidance_group to guidance_groups for consistancy with api spec

* bugfixing auth for api

* modified schema

* removed admin interface to token_permission, another forgotten side-effect

* removed admin interface to token_permission, another forgotten side-effect

* modified return structure of guidance_groups API to reflect current spec

* removed guidances api endpoint as no longer necissary

* added templates api endpoint

* commit

* commit

* initial commit of untested statistics API

* updated Statistics API and added bugfixes

* added aditional seeds for api token_permission_types

* added docs for stats api, also passing tests

* added fucntionality to give org_admin priveleges through the org_admin interface

* corrected statistics API to handle null dates and filter projects correctly

* addedrestriction that users must be confirmed to be counted by stats api

* added documentation to dmptemplates api controller

* added org_id field to plans metadata as a returned plan can belong to somebody else's organisation

* initial passover of removing magic strings

* added comment to I18n_constant and fixed missing magic string

* fixed the magic strings function

* removed duplicate gem from gemfile

* migrations and routes tests

* changed gem dependancies and fixed syntax bug

* fixed bug where show plans view only displayed first letter of columns

* aliased

* added documentation to organisation, phase, and part of plans

* added documentation to organisation, phase, and part of plans

* added documentation to model for plan

* added documentation to project model

* added documentation to project_group model

*  added documentation to remaining models

* fixed admin logout bug

*  removed hard-coded references to DCC

* fixed bug in dmptemplate with magicstrings

* dropdown and org language setting

* test

* commit

* migrations and routes tests

* aliased

* dropdown and org language setting

* test

* remove typo

* fixed parentheses bug in api/projects_controller

* fix

* merging

* remove git merge conflicts artifacts

* added gemfile, environments, and an initaliser to allow merge

* fix locales picking

* installed new gem pundit

* super_admin area for languages, changes to langauge initializer to fix migrations issue and org language priority in user language picking

* added magic string and constant structure for auth

* add association between organisation and language

* proof of concept for pundit
-got the pundit policy file working
-verified that it blocked/allowed users with correct permissions
-fixed a bug in user model where the magic strings had been poorly defined
-

* added pundit authorization to users

* change how questions are displayed in plans to honour formatting

* added pundit to users controller

* added pundit auth to organisations controller

* removed depricated controller

*  bugfix to ensure organisations auth working

* added pundit auth to guidances

*  added pundit auth to guidance groups

* added pundit auth to dmptemplates controller

* added default redirect to 403 page for unauth

* changed empty? to blank? as it broke seedfile

* updated authorization for all controllers

-changed from passing through records as feature not supported
-changed 403 error to better reflect what's happening
-added scope to many of the indexes
-added organisation-scope to requests from old org-admin roles
-renamed guidance_groups_policy to guidance_group_policy.rb

* Merging current stable development branch into master (#23)

This is our unofficial v.0.1.0 release. It includes:
- Rails 4.2 migration
- Internationalization
- API
- Institutional logo upload (thanks to Weiwei and the Univ. of Alberta)
- Generic branding
- General cleanup of code and bug fixes

* finished implimenting new authorization scheme in dmptemplates

* updated seeds file

* installed new gem pundit

* added magic string and constant structure for auth

* proof of concept for pundit
-got the pundit policy file working
-verified that it blocked/allowed users with correct permissions
-fixed a bug in user model where the magic strings had been poorly defined
-

* added pundit authorization to users

* added pundit to users controller

* added pundit auth to organisations controller

* removed depricated controller

*  bugfix to ensure organisations auth working

* added pundit auth to guidances

*  added pundit auth to guidance groups

* added pundit auth to dmptemplates controller

* added default redirect to 403 page for unauth

* updated authorization for all controllers

-changed from passing through records as feature not supported
-changed 403 error to better reflect what's happening
-added scope to many of the indexes
-added organisation-scope to requests from old org-admin roles
-renamed guidance_groups_policy to guidance_group_policy.rb

* finished implimenting new authorization scheme in dmptemplates

* updated seeds file

* bugfixes to auth

* explicit bullet style for questions and raw questoin test in form

* implimenting auth changes in the views

* added granting api to orgs permission

* implimenting auth changes in the views

* added granting api to orgs permission

* removed cancancan and rollify

* updated documentation syntax for some models

* removed initalizer for rollify

* ensured users loose roles upon org changing and added depricated tags to roles

* added functionality to port users from old auth structure to new

* updated funciton to ensure no dupelicates

* updated the organisation_id = (new) in user model, was causing seed to fail

* fixed bug in can_<do permission>? functions

* turns out we do user user_org_roles to determine organisation, re-added

* added debug to update_user_permissions

* made changes to update user permissions

* made changed to user.rb

* finished changes to update_user_permissions

* added docs to new function

* added new permissions to api

* fix various issues to do with display of formatting in questions

* implimenting auth changes in the views

* added granting api to orgs permission

* removed cancancan and rollify

* updated documentation syntax for some models

* removed initalizer for rollify

* ensured users loose roles upon org changing and added depricated tags to roles

* added functionality to port users from old auth structure to new

* updated funciton to ensure no dupelicates

* updated the organisation_id = (new) in user model, was causing seed to fail

* fixed bug in can_<do permission>? functions

* turns out we do user user_org_roles to determine organisation, re-added

* added debug to update_user_permissions

* made changes to update user permissions

* overhaul of performance of users admin-index

* fixed a bug where users' api_tokens would display if they had none

* added ability to grant permissions to other users

* implimenting auth changes in the views

* added granting api to orgs permission

* removed cancancan and rollify

* updated documentation syntax for some models

* removed initalizer for rollify

* ensured users loose roles upon org changing and added depricated tags to roles

* added functionality to port users from old auth structure to new

* updated funciton to ensure no dupelicates

* updated the organisation_id = (new) in user model, was causing seed to fail

* fixed bug in can_<do permission>? functions

* turns out we do user user_org_roles to determine organisation, re-added

* added debug to update_user_permissions

* made changes to update user permissions

* made changed to user.rb

* finished changes to update_user_permissions

* added docs to new function

* added new permissions to api

* overhaul of performance of users admin-index

* fixed a bug where users' api_tokens would display if they had none

* added ability to grant permissions to other users

* updated efficiency of update_user_permissions

* rebuilt Gemfile.lock

rebuilt Gemfile.lock

Merge branch 'development' of https://github.com/DMPRoadmap/roadmap into development

Updated Gemfile.lock

rebasing from master (#27) ...

* added data structures for testing

* renamed token_permission_type to plural to follow convention of fixtures

* added gem to allow testing of controllers

* began implimenting testing for projects controller

* fixed auth to reject empty string

* added data structures for testing

* added data structures for testing

* removed old unnecissary data structures from fixtures

* added forgotten view for org-admins giving user's api permissions

* updated .gitignore

* added gem to allow testing of controllers

* began implimenting testing for projects controller

* fixed auth to reject empty string

* added data structures for testing

* added data structures for testing

* removed old unnecissary data structures from fixtures

* added forgotten view for org-admins giving user's api permissions

* updated .gitignore

* fixed leftover merge conflict in .gitignore

* updated org-admin view of users for rails 4.2 compatability

* fiexed a bug where user's api token permissions wouldnt display

* fixed syntax error

* changed guidance_group to guidance_groups for consistancy with api spec

* fix roadmap route

* bugfixing auth for api

* removed token_permission as it was accidentially re-added by a merge

* added gem to allow testing of controllers

* began implimenting testing for projects controller

* fixed auth to reject empty string

* added data structures for testing

* added data structures for testing

* removed old unnecissary data structures from fixtures

* added forgotten view for org-admins giving user's api permissions

* updated .gitignore

* removed old unnecissary data structures from fixtures

* updated .gitignore

* updated org-admin view of users for rails 4.2 compatability

* fiexed a bug where user's api token permissions wouldnt display

* fixed syntax error

* changed guidance_group to guidance_groups for consistancy with api spec

* bugfixing auth for api

* modified schema

* removed admin interface to token_permission, another forgotten side-effect

* removed admin interface to token_permission, another forgotten side-effect

* modified return structure of guidance_groups API to reflect current spec

* removed guidances api endpoint as no longer necissary

* added templates api endpoint

* commit

* commit

* initial commit of untested statistics API

* updated Statistics API and added bugfixes

* added aditional seeds for api token_permission_types

* added docs for stats api, also passing tests

* added fucntionality to give org_admin priveleges through the org_admin interface

* corrected statistics API to handle null dates and filter projects correctly

* addedrestriction that users must be confirmed to be counted by stats api

* added documentation to dmptemplates api controller

* added org_id field to plans metadata as a returned plan can belong to somebody else's organisation

* initial passover of removing magic strings

* added comment to I18n_constant and fixed missing magic string

* fixed the magic strings function

* removed duplicate gem from gemfile

* migrations and routes tests

* changed gem dependancies and fixed syntax bug

* fixed bug where show plans view only displayed first letter of columns

* aliased

* added documentation to organisation, phase, and part of plans

* added documentation to organisation, phase, and part of plans

* added documentation to model for plan

* added documentation to project model

* added documentation to project_group model

*  added documentation to remaining models

* fixed admin logout bug

*  removed hard-coded references to DCC

* fixed bug in dmptemplate with magicstrings

* dropdown and org language setting

* test

* commit

* migrations and routes tests

* aliased

* dropdown and org language setting

* test

* remove typo

* fixed parentheses bug in api/projects_controller

* fix

* merging

* remove git merge conflicts artifacts

* added gemfile, environments, and an initaliser to allow merge

* fix locales picking

* installed new gem pundit

* super_admin area for languages, changes to langauge initializer to fix migrations issue and org language priority in user language picking

* added magic string and constant structure for auth

* add association between organisation and language

* proof of concept for pundit
-got the pundit policy file working
-verified that it blocked/allowed users with correct permissions
-fixed a bug in user model where the magic strings had been poorly defined
-

* added pundit authorization to users

* change how questions are displayed in plans to honour formatting

* added pundit to users controller

* added pundit auth to organisations controller

* removed depricated controller

*  bugfix to ensure organisations auth working

* added pundit auth to guidances

*  added pundit auth to guidance groups

* added pundit auth to dmptemplates controller

* added default redirect to 403 page for unauth

* changed empty? to blank? as it broke seedfile

* updated authorization for all controllers

-changed from passing through records as feature not supported
-changed 403 error to better reflect what's happening
-added scope to many of the indexes
-added organisation-scope to requests from old org-admin roles
-renamed guidance_groups_policy to guidance_group_policy.rb

* Merging current stable development branch into master (#23)

This is our unofficial v.0.1.0 release. It includes:
- Rails 4.2 migration
- Internationalization
- API
- Institutional logo upload (thanks to Weiwei and the Univ. of Alberta)
- Generic branding
- General cleanup of code and bug fixes

* finished implimenting new authorization scheme in dmptemplates

* updated seeds file

* installed new gem pundit

* added magic string and constant structure for auth

* proof of concept for pundit
-got the pundit policy file working
-verified that it blocked/allowed users with correct permissions
-fixed a bug in user model where the magic strings had been poorly defined
-

* added pundit authorization to users

* added pundit to users controller

* added pundit auth to organisations controller

* removed depricated controller

*  bugfix to ensure organisations auth working

* added pundit auth to guidances

*  added pundit auth to guidance groups

* added pundit auth to dmptemplates controller

* added default redirect to 403 page for unauth

* updated authorization for all controllers

-changed from passing through records as feature not supported
-changed 403 error to better reflect what's happening
-added scope to many of the indexes
-added organisation-scope to requests from old org-admin roles
-renamed guidance_groups_policy to guidance_group_policy.rb

* finished implimenting new authorization scheme in dmptemplates

* updated seeds file

* bugfixes to auth

* explicit bullet style for questions and raw questoin test in form

* implimenting auth changes in the views

* added granting api to orgs permission

* implimenting auth changes in the views

* added granting api to orgs permission

* removed cancancan and rollify

* updated documentation syntax for some models

* removed initalizer for rollify

* ensured users loose roles upon org changing and added depricated tags to roles

* added functionality to port users from old auth structure to new

* updated funciton to ensure no dupelicates

* updated the organisation_id = (new) in user model, was causing seed to fail

* fixed bug in can_<do permission>? functions

* turns out we do user user_org_roles to determine organisation, re-added

* added debug to update_user_permissions

* made changes to update user permissions

* made changed to user.rb

* finished changes to update_user_permissions

* added docs to new function

* added new permissions to api

* fix various issues to do with display of formatting in questions

* implimenting auth changes in the views

* added granting api to orgs permission

* removed cancancan and rollify

* updated documentation syntax for some models

* removed initalizer for rollify

* ensured users loose roles upon org changing and added depricated tags to roles

* added functionality to port users from old auth structure to new

* updated funciton to ensure no dupelicates

* updated the organisation_id = (new) in user model, was causing seed to fail

* fixed bug in can_<do permission>? functions

* turns out we do user user_org_roles to determine organisation, re-added

* added debug to update_user_permissions

* made changes to update user permissions

* overhaul of performance of users admin-index

* fixed a bug where users' api_tokens would display if they had none

* added ability to grant permissions to other users

* implimenting auth changes in the views

* added granting api to orgs permission

* removed cancancan and rollify

* updated documentation syntax for some models

* removed initalizer for rollify

* ensured users loose roles upon org changing and added depricated tags to roles

* added functionality to port users from old auth structure to new

* updated funciton to ensure no dupelicates

* updated the organisation_id = (new) in user model, was causing seed to fail

* fixed bug in can_<do permission>? functions

* turns out we do user user_org_roles to determine organisation, re-added

* added debug to update_user_permissions

* made changes to update user permissions

* made changed to user.rb

* finished changes to update_user_permissions

* added docs to new function

* added new permissions to api

* overhaul of performance of users admin-index

* fixed a bug where users' api_tokens would display if they had none

* added ability to grant permissions to other users

* updated efficiency of update_user_permissions

Merge branch 'development'

Merged branding changes from the development branch into the master branch that now contains DCC's changes to permissions/roles, internationalization and bug fixes