| @@ -0,0 +1,9 | |||
|
|
1 | class AddWikiPagesProtected < ActiveRecord::Migration | |
|
|
2 | def self.up | |
|
|
3 | add_column :wiki_pages, :protected, :boolean, :default => false, :null => false | |
|
|
4 | end | |
|
|
5 | ||
|
|
6 | def self.down | |
|
|
7 | remove_column :wiki_pages, :protected | |
|
|
8 | end | |
|
|
9 | end | |
| @@ -21,7 +21,7 class WikiController < ApplicationController | |||
|
|
21 | 21 | layout 'base' |
|
|
22 | 22 | before_filter :find_wiki, :authorize |
|
|
23 | 23 | |
|
|
24 | verify :method => :post, :only => [:destroy, :destroy_attachment], :redirect_to => { :action => :index } | |
|
|
24 | verify :method => :post, :only => [:destroy, :destroy_attachment, :protect], :redirect_to => { :action => :index } | |
|
|
25 | 25 | |
|
|
26 | 26 | helper :attachments |
|
|
27 | 27 | include AttachmentsHelper |
| @@ -48,12 +48,14 class WikiController < ApplicationController | |||
|
|
48 | 48 | send_data(@content.text, :type => 'text/plain', :filename => "#{@page.title}.txt") |
|
|
49 | 49 | return |
|
|
50 | 50 | end |
|
|
51 | @editable = editable? | |
|
|
51 | 52 | render :action => 'show' |
|
|
52 | 53 | end |
|
|
53 | 54 | |
|
|
54 | 55 | # edit an existing page or a new one |
|
|
55 | 56 | def edit |
|
|
56 | 57 | @page = @wiki.find_or_new_page(params[:page]) |
|
|
58 | return render_403 unless editable? | |
|
|
57 | 59 | @page.content = WikiContent.new(:page => @page) if @page.new_record? |
|
|
58 | 60 | |
|
|
59 | 61 | @content = @page.content_for_version(params[:version]) |
| @@ -82,7 +84,8 class WikiController < ApplicationController | |||
|
|
82 | 84 | |
|
|
83 | 85 | # rename a page |
|
|
84 | 86 | def rename |
|
|
85 |
@page = @wiki.find_page(params[:page]) |
|
|
|
87 | @page = @wiki.find_page(params[:page]) | |
|
|
88 | return render_403 unless editable? | |
|
|
86 | 89 | @page.redirect_existing_links = true |
|
|
87 | 90 | # used to display the *original* title if some AR validation errors occur |
|
|
88 | 91 | @original_title = @page.pretty_title |
| @@ -92,6 +95,12 class WikiController < ApplicationController | |||
|
|
92 | 95 | end |
|
|
93 | 96 | end |
|
|
94 | 97 | |
|
|
98 | def protect | |
|
|
99 | page = @wiki.find_page(params[:page]) | |
|
|
100 | page.update_attribute :protected, params[:protected] | |
|
|
101 | redirect_to :action => 'index', :id => @project, :page => page.title | |
|
|
102 | end | |
|
|
103 | ||
|
|
95 | 104 | # show page history |
|
|
96 | 105 | def history |
|
|
97 | 106 | @page = @wiki.find_page(params[:page]) |
| @@ -122,6 +131,7 class WikiController < ApplicationController | |||
|
|
122 | 131 | # remove a wiki page and its history |
|
|
123 | 132 | def destroy |
|
|
124 | 133 | @page = @wiki.find_page(params[:page]) |
|
|
134 | return render_403 unless editable? | |
|
|
125 | 135 | @page.destroy if @page |
|
|
126 | 136 | redirect_to :action => 'special', :id => @project, :page => 'Page_index' |
|
|
127 | 137 | end |
| @@ -152,6 +162,7 class WikiController < ApplicationController | |||
|
|
152 | 162 | |
|
|
153 | 163 | def preview |
|
|
154 | 164 | page = @wiki.find_page(params[:page]) |
|
|
165 | return render_403 unless editable?(page) | |
|
|
155 | 166 | @attachements = page.attachments if page |
|
|
156 | 167 | @text = params[:content][:text] |
|
|
157 | 168 | render :partial => 'common/preview' |
| @@ -159,12 +170,14 class WikiController < ApplicationController | |||
|
|
159 | 170 | |
|
|
160 | 171 | def add_attachment |
|
|
161 | 172 | @page = @wiki.find_page(params[:page]) |
|
|
173 | return render_403 unless editable? | |
|
|
162 | 174 | attach_files(@page, params[:attachments]) |
|
|
163 | 175 | redirect_to :action => 'index', :page => @page.title |
|
|
164 | 176 | end |
|
|
165 | 177 | |
|
|
166 | 178 | def destroy_attachment |
|
|
167 | 179 | @page = @wiki.find_page(params[:page]) |
|
|
180 | return render_403 unless editable? | |
|
|
168 | 181 | @page.attachments.find(params[:attachment_id]).destroy |
|
|
169 | 182 | redirect_to :action => 'index', :page => @page.title |
|
|
170 | 183 | end |
| @@ -178,4 +191,9 private | |||
|
|
178 | 191 | rescue ActiveRecord::RecordNotFound |
|
|
179 | 192 | render_404 |
|
|
180 | 193 | end |
|
|
194 | ||
|
|
195 | # Returns true if the current user is allowed to edit the page, otherwise false | |
|
|
196 | def editable?(page = @page) | |
|
|
197 | page.editable_by?(User.current) | |
|
|
198 | end | |
|
|
181 | 199 | end |
| @@ -105,6 +105,11 class WikiPage < ActiveRecord::Base | |||
|
|
105 | 105 | def text |
|
|
106 | 106 | content.text if content |
|
|
107 | 107 | end |
|
|
108 | ||
|
|
109 | # Returns true if usr is allowed to edit the page, otherwise false | |
|
|
110 | def editable_by?(usr) | |
|
|
111 | !protected? || usr.allowed_to?(:protect_wiki_pages, wiki.project) | |
|
|
112 | end | |
|
|
108 | 113 | end |
|
|
109 | 114 | |
|
|
110 | 115 | class WikiDiff |
| @@ -1,8 +1,12 | |||
|
|
1 | 1 | <div class="contextual"> |
|
|
2 | <% if @editable %> | |
|
|
2 | 3 | <%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version %> |
|
|
4 | <%= link_to_if_authorized(l(:button_lock), {:action => 'protect', :page => @page.title, :protected => 1}, :method => :post, :class => 'icon icon-lock') if !@page.protected? %> | |
|
|
5 | <%= link_to_if_authorized(l(:button_unlock), {:action => 'protect', :page => @page.title, :protected => 0}, :method => :post, :class => 'icon icon-unlock') if @page.protected? %> | |
|
|
3 | 6 | <%= link_to_if_authorized(l(:button_rename), {:action => 'rename', :page => @page.title}, :class => 'icon icon-move') if @content.version == @page.content.version %> |
|
|
4 | 7 | <%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :page => @page.title}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %> |
|
|
5 | 8 | <%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %> |
|
|
9 | <% end %> | |
|
|
6 | 10 | <%= link_to(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %> |
|
|
7 | 11 | </div> |
|
|
8 | 12 | |
| @@ -22,9 +26,9 | |||
|
|
22 | 26 | |
|
|
23 | 27 | <%= render(:partial => "wiki/content", :locals => {:content => @content}) %> |
|
|
24 | 28 | |
|
|
25 | <%= link_to_attachments @page.attachments, :delete_url => (authorize_for('wiki', 'destroy_attachment') ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %> | |
|
|
29 | <%= link_to_attachments @page.attachments, :delete_url => ((@editable && authorize_for('wiki', 'destroy_attachment')) ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %> | |
|
|
26 | 30 | |
|
|
27 | <% if authorize_for('wiki', 'add_attachment') %> | |
|
|
31 | <% if @editable && authorize_for('wiki', 'add_attachment') %> | |
|
|
28 | 32 | <p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;", |
|
|
29 | 33 | :id => 'attach_files_link' %></p> |
|
|
30 | 34 | <% form_tag({ :controller => 'wiki', :action => 'add_attachment', :page => @page.title }, :multipart => true, :id => "add_attachment_form", :style => "display:none;") do %> |
| @@ -76,6 +76,7 Redmine::AccessControl.map do |map| | |||
|
|
76 | 76 | map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member |
|
|
77 | 77 | map.permission :view_wiki_pages, :wiki => [:index, :history, :diff, :annotate, :special] |
|
|
78 | 78 | map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment, :destroy_attachment] |
|
|
79 | map.permission :protect_wiki_pages, {:wiki => :protect}, :require => :member | |
|
|
79 | 80 | end |
|
|
80 | 81 | |
|
|
81 | 82 | map.project_module :repository do |map| |
|
|
1 | NO CONTENT: modified file, binary diff hidden |
|
|
1 | NO CONTENT: modified file, binary diff hidden |
| @@ -29,6 +29,7 roles_001: | |||
|
|
29 | 29 | - :manage_documents |
|
|
30 | 30 | - :view_wiki_pages |
|
|
31 | 31 | - :edit_wiki_pages |
|
|
32 | - :protect_wiki_pages | |
|
|
32 | 33 | - :delete_wiki_pages |
|
|
33 | 34 | - :rename_wiki_pages |
|
|
34 | 35 | - :add_messages |
| @@ -69,6 +70,7 roles_002: | |||
|
|
69 | 70 | - :manage_documents |
|
|
70 | 71 | - :view_wiki_pages |
|
|
71 | 72 | - :edit_wiki_pages |
|
|
73 | - :protect_wiki_pages | |
|
|
72 | 74 | - :delete_wiki_pages |
|
|
73 | 75 | - :add_messages |
|
|
74 | 76 | - :manage_boards |
| @@ -4,19 +4,23 wiki_pages_001: | |||
|
|
4 | 4 | title: CookBook_documentation |
|
|
5 | 5 | id: 1 |
|
|
6 | 6 | wiki_id: 1 |
|
|
7 | protected: true | |
|
|
7 | 8 | wiki_pages_002: |
|
|
8 | 9 | created_on: 2007-03-08 00:18:07 +01:00 |
|
|
9 | 10 | title: Another_page |
|
|
10 | 11 | id: 2 |
|
|
11 | 12 | wiki_id: 1 |
|
|
13 | protected: false | |
|
|
12 | 14 | wiki_pages_003: |
|
|
13 | 15 | created_on: 2007-03-08 00:18:07 +01:00 |
|
|
14 | 16 | title: Start_page |
|
|
15 | 17 | id: 3 |
|
|
16 | 18 | wiki_id: 2 |
|
|
19 | protected: false | |
|
|
17 | 20 | wiki_pages_004: |
|
|
18 | 21 | created_on: 2007-03-08 00:18:07 +01:00 |
|
|
19 | 22 | title: Page_with_an_inline_image |
|
|
20 | 23 | id: 4 |
|
|
21 | 24 | wiki_id: 1 |
|
|
25 | protected: false | |
|
|
22 | 26 | No newline at end of file |
| @@ -160,4 +160,60 class WikiControllerTest < Test::Unit::TestCase | |||
|
|
160 | 160 | get :index, :id => 999 |
|
|
161 | 161 | assert_response 404 |
|
|
162 | 162 | end |
|
|
163 | ||
|
|
164 | def test_protect_page | |
|
|
165 | page = WikiPage.find_by_wiki_id_and_title(1, 'Another_page') | |
|
|
166 | assert !page.protected? | |
|
|
167 | @request.session[:user_id] = 2 | |
|
|
168 | post :protect, :id => 1, :page => page.title, :protected => '1' | |
|
|
169 | assert_redirected_to 'wiki/ecookbook/Another_page' | |
|
|
170 | assert page.reload.protected? | |
|
|
171 | end | |
|
|
172 | ||
|
|
173 | def test_unprotect_page | |
|
|
174 | page = WikiPage.find_by_wiki_id_and_title(1, 'CookBook_documentation') | |
|
|
175 | assert page.protected? | |
|
|
176 | @request.session[:user_id] = 2 | |
|
|
177 | post :protect, :id => 1, :page => page.title, :protected => '0' | |
|
|
178 | assert_redirected_to 'wiki/ecookbook' | |
|
|
179 | assert !page.reload.protected? | |
|
|
180 | end | |
|
|
181 | ||
|
|
182 | def test_show_page_with_edit_link | |
|
|
183 | @request.session[:user_id] = 2 | |
|
|
184 | get :index, :id => 1 | |
|
|
185 | assert_response :success | |
|
|
186 | assert_template 'show' | |
|
|
187 | assert_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' } | |
|
|
188 | end | |
|
|
189 | ||
|
|
190 | def test_show_page_without_edit_link | |
|
|
191 | @request.session[:user_id] = 4 | |
|
|
192 | get :index, :id => 1 | |
|
|
193 | assert_response :success | |
|
|
194 | assert_template 'show' | |
|
|
195 | assert_no_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' } | |
|
|
196 | end | |
|
|
197 | ||
|
|
198 | def test_edit_unprotected_page | |
|
|
199 | # Non members can edit unprotected wiki pages | |
|
|
200 | @request.session[:user_id] = 4 | |
|
|
201 | get :edit, :id => 1, :page => 'Another_page' | |
|
|
202 | assert_response :success | |
|
|
203 | assert_template 'edit' | |
|
|
204 | end | |
|
|
205 | ||
|
|
206 | def test_edit_protected_page_by_nonmember | |
|
|
207 | # Non members can't edit protected wiki pages | |
|
|
208 | @request.session[:user_id] = 4 | |
|
|
209 | get :edit, :id => 1, :page => 'CookBook_documentation' | |
|
|
210 | assert_response 403 | |
|
|
211 | end | |
|
|
212 | ||
|
|
213 | def test_edit_protected_page_by_member | |
|
|
214 | @request.session[:user_id] = 2 | |
|
|
215 | get :edit, :id => 1, :page => 'CookBook_documentation' | |
|
|
216 | assert_response :success | |
|
|
217 | assert_template 'edit' | |
|
|
218 | end | |
|
|
163 | 219 | end |
General Comments 0
You need to be logged in to leave comments.
Login now