jro_apps/redmine Commit - r1400:04766697357b

Wiki page protection (#851, patch #1146 by Mateo Murphy with slight changes)....

Jean-Philippe Lang -

r1400:04766697357b

parent child

Context file:

r1400:04766697357b

Collapse all files

db/migrate/093_add_wiki_pages_protected.rb created 644 +9 0

@@ -0,0 +1,9
	1	class AddWikiPagesProtected < ActiveRecord::Migration
	2	def self.up
	3	add_column :wiki_pages, :protected, :boolean, :default => false, :null => false
	4	end
	5
	6	def self.down
	7	remove_column :wiki_pages, :protected
	8	end
	9	end

app/controllers/wiki_controller.rb +20 -2

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'diff'
             class WikiController < ApplicationController
               layout 'base'
               before_filter :find_wiki, :authorize
-              verify :method => :post, :only => [:destroy, :destroy_attachment], :redirect_to => { :action => :index }
+              verify :method => :post, :only => [:destroy, :destroy_attachment, :protect], :redirect_to => { :action => :index }
               helper :attachments
               include AttachmentsHelper
               # display a page (in editing mode if it doesn't exist)
               def index
                 page_title = params[:page]
                 @page = @wiki.find_or_new_page(page_title)
                 if @page.new_record?
                   if User.current.allowed_to?(:edit_wiki_pages, @project)
                     edit
                     render :action => 'edit'
                   else
                     render_404
                   end
                   return
                 end
                 @content = @page.content_for_version(params[:version])
                 if params[:export] == 'html'
                   export = render_to_string :action => 'export', :layout => false
                   send_data(export, :type => 'text/html', :filename => "#{@page.title}.html")
                   return
                 elsif params[:export] == 'txt'
                   send_data(@content.text, :type => 'text/plain', :filename => "#{@page.title}.txt")
                   return
                 end
+            	@editable = editable?
                 render :action => 'show'
               end
               # edit an existing page or a new one
               def edit
                 @page = @wiki.find_or_new_page(params[:page])
+                return render_403 unless editable?
                 @page.content = WikiContent.new(:page => @page) if @page.new_record?
                 @content = @page.content_for_version(params[:version])
                 @content.text = "h1. #{@page.pretty_title}" if @content.text.blank?
                 # don't keep previous comment
                 @content.comments = nil
                 if request.post?
                   if !@page.new_record? && @content.text == params[:content][:text]
                     # don't save if text wasn't changed
                     redirect_to :action => 'index', :id => @project, :page => @page.title
                     return
                   end
                   #@content.text = params[:content][:text]
                   #@content.comments = params[:content][:comments]
                   @content.attributes = params[:content]
                   @content.author = User.current
                   # if page is new @page.save will also save content, but not if page isn't a new record
                   if (@page.new_record? ? @page.save : @content.save)
                     redirect_to :action => 'index', :id => @project, :page => @page.title
                   end
                 end
               rescue ActiveRecord::StaleObjectError
                 # Optimistic locking exception
                 flash[:error] = l(:notice_locking_conflict)
               end
               # rename a page
               def rename
                 @page = @wiki.find_page(params[:page])
+            	return render_403 unless editable?
                 @page.redirect_existing_links = true
                 # used to display the *original* title if some AR validation errors occur
                 @original_title = @page.pretty_title
                 if request.post? && @page.update_attributes(params[:wiki_page])
                   flash[:notice] = l(:notice_successful_update)
                   redirect_to :action => 'index', :id => @project, :page => @page.title
                 end
               end
+              def protect
+                page = @wiki.find_page(params[:page])
+                page.update_attribute :protected, params[:protected]
+                redirect_to :action => 'index', :id => @project, :page => page.title
+              end
               # show page history
               def history
                 @page = @wiki.find_page(params[:page])
                 @version_count = @page.content.versions.count
                 @version_pages = Paginator.new self, @version_count, per_page_option, params['p']
                 # don't load text
                 @versions = @page.content.versions.find :all,
                                                         :select => "id, author_id, comments, updated_on, version",
                                                         :order => 'version DESC',
                                                         :limit  =>  @version_pages.items_per_page + 1,
                                                         :offset =>  @version_pages.current.offset
                 render :layout => false if request.xhr?
               end
               def diff
                 @page = @wiki.find_page(params[:page])
                 @diff = @page.diff(params[:version], params[:version_from])
                 render_404 unless @diff
               end
               def annotate
                 @page = @wiki.find_page(params[:page])
                 @annotate = @page.annotate(params[:version])
               end
               # remove a wiki page and its history
               def destroy
                 @page = @wiki.find_page(params[:page])
+            	return render_403 unless editable?
                 @page.destroy if @page
                 redirect_to :action => 'special', :id => @project, :page => 'Page_index'
               end
               # display special pages
               def special
                 page_title = params[:page].downcase
                 case page_title
                 # show pages index, sorted by title
                 when 'page_index', 'date_index'
                   # eager load information about last updates, without loading text
                   @pages = @wiki.pages.find :all, :select => "#{WikiPage.table_name}.*, #{WikiContent.table_name}.updated_on",
                                                   :joins => "LEFT JOIN #{WikiContent.table_name} ON #{WikiContent.table_name}.page_id = #{WikiPage.table_name}.id",
                                                   :order => 'title'
                   @pages_by_date = @pages.group_by {|p| p.updated_on.to_date}
                 # export wiki to a single html file
                 when 'export'
                   @pages = @wiki.pages.find :all, :order => 'title'
                   export = render_to_string :action => 'export_multiple', :layout => false
                   send_data(export, :type => 'text/html', :filename => "wiki.html")
                   return
                 else
                   # requested special page doesn't exist, redirect to default page
                   redirect_to :action => 'index', :id => @project, :page => nil and return
                 end
                 render :action => "special_#{page_title}"
               end
               def preview
                 page = @wiki.find_page(params[:page])
+                return render_403 unless editable?(page)
                 @attachements = page.attachments if page
                 @text = params[:content][:text]
                 render :partial => 'common/preview'
               end
               def add_attachment
                 @page = @wiki.find_page(params[:page])
+                return render_403 unless editable?
                 attach_files(@page, params[:attachments])
                 redirect_to :action => 'index', :page => @page.title
               end
               def destroy_attachment
                 @page = @wiki.find_page(params[:page])
+                return render_403 unless editable?
                 @page.attachments.find(params[:attachment_id]).destroy
                 redirect_to :action => 'index', :page => @page.title
               end
             private
               def find_wiki
                 @project = Project.find(params[:id])
                 @wiki = @project.wiki
                 render_404 unless @wiki
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
+              # Returns true if the current user is allowed to edit the page, otherwise false
+              def editable?(page = @page)
+                page.editable_by?(User.current)
+              end
             end

app/models/wiki_page.rb +5 0

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'diff'
             require 'enumerator'
             class WikiPage < ActiveRecord::Base
               belongs_to :wiki
               has_one :content, :class_name => 'WikiContent', :foreign_key => 'page_id', :dependent => :destroy
               has_many :attachments, :as => :container, :dependent => :destroy
               acts_as_event :title => Proc.new {|o| "#{l(:label_wiki)}: #{o.title}"},
                             :description => :text,
                             :datetime => :created_on,
                             :url => Proc.new {|o| {:controller => 'wiki', :id => o.wiki.project_id, :page => o.title}}
               acts_as_searchable :columns => ['title', 'text'],
                                  :include => [:wiki, :content],
                                  :project_key => "#{Wiki.table_name}.project_id"
               attr_accessor :redirect_existing_links
               validates_presence_of :title
               validates_format_of :title, :with => /^[^,\.\/\?\;\|\s]*$/
               validates_uniqueness_of :title, :scope => :wiki_id, :case_sensitive => false
               validates_associated :content
               def title=(value)
                 value = Wiki.titleize(value)
                 @previous_title = read_attribute(:title) if @previous_title.blank?
                 write_attribute(:title, value)
               end
               def before_save
                 self.title = Wiki.titleize(title)
                 # Manage redirects if the title has changed
                 if !@previous_title.blank? && (@previous_title != title) && !new_record?
                   # Update redirects that point to the old title
                   wiki.redirects.find_all_by_redirects_to(@previous_title).each do |r|
                     r.redirects_to = title
                     r.title == r.redirects_to ? r.destroy : r.save
                   end
                   # Remove redirects for the new title
                   wiki.redirects.find_all_by_title(title).each(&:destroy)
                   # Create a redirect to the new title
                   wiki.redirects << WikiRedirect.new(:title => @previous_title, :redirects_to => title) unless redirect_existing_links == "0"
                   @previous_title = nil
                 end
               end
               def before_destroy
                 # Remove redirects to this page
                 wiki.redirects.find_all_by_redirects_to(title).each(&:destroy)
               end
               def pretty_title
                 WikiPage.pretty_title(title)
               end
               def content_for_version(version=nil)
                 result = content.versions.find_by_version(version.to_i) if version
                 result ||= content
                 result
               end
               def diff(version_to=nil, version_from=nil)
                 version_to = version_to ? version_to.to_i : self.content.version
                 version_from = version_from ? version_from.to_i : version_to - 1
                 version_to, version_from = version_from, version_to unless version_from < version_to
                 content_to = content.versions.find_by_version(version_to)
                 content_from = content.versions.find_by_version(version_from)
                 (content_to && content_from) ? WikiDiff.new(content_to, content_from) : nil
               end
               def annotate(version=nil)
                 version = version ? version.to_i : self.content.version
                 c = content.versions.find_by_version(version)
                 c ? WikiAnnotate.new(c) : nil
               end
               def self.pretty_title(str)
                 (str && str.is_a?(String)) ? str.tr('_', ' ') : str
               end
               def project
                 wiki.project
               end
               def text
                 content.text if content
               end
+              # Returns true if usr is allowed to edit the page, otherwise false
+              def editable_by?(usr)
+                !protected? || usr.allowed_to?(:protect_wiki_pages, wiki.project)
+              end
             end
             class WikiDiff
               attr_reader :diff, :words, :content_to, :content_from
               def initialize(content_to, content_from)
                 @content_to = content_to
                 @content_from = content_from
                 @words = content_to.text.split(/(\s+)/)
                 @words = @words.select {|word| word != ' '}
                 words_from = content_from.text.split(/(\s+)/)
                 words_from = words_from.select {|word| word != ' '}
                 @diff = words_from.diff @words
               end
             end
             class WikiAnnotate
               attr_reader :lines, :content
               def initialize(content)
                 @content = content
                 current = content
                 current_lines = current.text.split(/\r?\n/)
                 @lines = current_lines.collect {|t| [nil, nil, t]}
                 positions = []
                 current_lines.size.times {|i| positions << i}
                 while (current.previous)
                   d = current.previous.text.split(/\r?\n/).diff(current.text.split(/\r?\n/)).diffs.flatten
                   d.each_slice(3) do |s|
                     sign, line = s[0], s[1]
                     if sign == '+' && positions[line] && positions[line] != -1
                       if @lines[positions[line]][0].nil?
                         @lines[positions[line]][0] = current.version
                         @lines[positions[line]][1] = current.author
                       end
                     end
                   end
                   d.each_slice(3) do |s|
                     sign, line = s[0], s[1]
                     if sign == '-'
                       positions.insert(line, -1)
                     else
                       positions[line] = nil
                     end
                   end
                   positions.compact!
                   # Stop if every line is annotated
                   break unless @lines.detect { |line| line[0].nil? }
                   current = current.previous
                 end
                 @lines.each { |line| line[0] ||= current.version }
               end
             end

app/views/wiki/show.rhtml +6 -2

             <div class="contextual">
+            <% if @editable %>
             <%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version %>
+            <%= link_to_if_authorized(l(:button_lock), {:action => 'protect', :page => @page.title, :protected => 1}, :method => :post, :class => 'icon icon-lock') if !@page.protected? %>
+            <%= link_to_if_authorized(l(:button_unlock), {:action => 'protect', :page => @page.title, :protected => 0}, :method => :post, :class => 'icon icon-unlock') if @page.protected? %>
             <%= link_to_if_authorized(l(:button_rename), {:action => 'rename', :page => @page.title}, :class => 'icon icon-move') if @content.version == @page.content.version %>
             <%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :page => @page.title}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %>
             <%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %>
+            <% end %>
             <%= link_to(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %>
             </div>
             <% if @content.version != @page.content.version %>
                 <p>
                 <%= link_to(('&#171; ' + l(:label_previous)), :action => 'index', :page => @page.title, :version => (@content.version - 1)) + " - " if @content.version > 1 %>
                 <%= "#{l(:label_version)} #{@content.version}/#{@page.content.version}" %>
                 <%= '(' + link_to('diff', :controller => 'wiki', :action => 'diff', :page => @page.title, :version => @content.version) + ')' if @content.version > 1 %> -
                 <%= link_to((l(:label_next) + ' &#187;'), :action => 'index', :page => @page.title, :version => (@content.version + 1)) + " - " if @content.version < @page.content.version %>
                 <%= link_to(l(:label_current_version), :action => 'index', :page => @page.title) %>
                 <br />
                 <em><%= @content.author ? @content.author.name : "anonyme" %>, <%= format_time(@content.updated_on) %> </em><br />
                 <%=h @content.comments %>
                 </p>
                 <hr />
             <% end %>
             <%= render(:partial => "wiki/content", :locals => {:content => @content}) %>
-            <%= link_to_attachments @page.attachments, :delete_url => (authorize_for('wiki', 'destroy_attachment') ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>
+            <%= link_to_attachments @page.attachments, :delete_url => ((@editable && authorize_for('wiki', 'destroy_attachment')) ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>
-            <% if authorize_for('wiki', 'add_attachment') %>
+            <% if @editable && authorize_for('wiki', 'add_attachment') %>
             <p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;",
                                                          :id => 'attach_files_link' %></p>
             <% form_tag({ :controller => 'wiki', :action => 'add_attachment', :page => @page.title }, :multipart => true, :id => "add_attachment_form", :style => "display:none;") do %>
               <div class="box">
               <p><%= render :partial => 'attachments/form' %></p>
               </div>
             <%= submit_tag l(:button_add) %>
             <%= link_to l(:button_cancel), {}, :onclick => "Element.hide('add_attachment_form'); Element.show('attach_files_link'); return false;" %>
             <% end %>
             <% end %>
             <p class="other-formats">
             <%= l(:label_export_to) %>
             <span><%= link_to 'HTML', {:page => @page.title, :export => 'html', :version => @content.version}, :class => 'html' %></span>
             <span><%= link_to 'TXT', {:page => @page.title, :export => 'txt', :version => @content.version}, :class => 'text' %></span>
             </p>
             <% content_for :header_tags do %>
               <%= stylesheet_link_tag 'scm' %>
             <% end %>
             <% content_for :sidebar do %>
               <%= render :partial => 'sidebar' %>
             <% end %>
             <% html_title @page.pretty_title %>

lib/redmine.rb +1 0

             require 'redmine/access_control'
             require 'redmine/menu_manager'
             require 'redmine/mime_type'
             require 'redmine/core_ext'
             require 'redmine/themes'
             require 'redmine/plugin'
             begin
               require_library_or_gem 'RMagick' unless Object.const_defined?(:Magick)
             rescue LoadError
               # RMagick is not available
             end
             REDMINE_SUPPORTED_SCM = %w( Subversion Darcs Mercurial Cvs Bazaar Git )
             # Permissions
             Redmine::AccessControl.map do |map|
               map.permission :view_project, {:projects => [:show, :activity]}, :public => true
               map.permission :search_project, {:search => :index}, :public => true
               map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member
               map.permission :select_project_modules, {:projects => :modules}, :require => :member
               map.permission :manage_members, {:projects => :settings, :members => [:new, :edit, :destroy]}, :require => :member
               map.permission :manage_versions, {:projects => [:settings, :add_version], :versions => [:edit, :destroy]}, :require => :member
               map.project_module :issue_tracking do |map|
                 # Issue categories
                 map.permission :manage_categories, {:projects => [:settings, :add_issue_category], :issue_categories => [:edit, :destroy]}, :require => :member
                 # Issues
                 map.permission :view_issues, {:projects => [:changelog, :roadmap],
                                               :issues => [:index, :changes, :show, :context_menu],
                                               :versions => [:show, :status_by],
                                               :queries => :index,
                                               :reports => :issue_report}, :public => true
                 map.permission :add_issues, {:issues => :new}
                 map.permission :edit_issues, {:issues => [:edit, :bulk_edit, :destroy_attachment]}
                 map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}
                 map.permission :add_issue_notes, {:issues => :edit}
                 map.permission :edit_issue_notes, {:journals => :edit}, :require => :loggedin
                 map.permission :edit_own_issue_notes, {:journals => :edit}, :require => :loggedin
                 map.permission :move_issues, {:issues => :move}, :require => :loggedin
                 map.permission :delete_issues, {:issues => :destroy}, :require => :member
                 # Queries
                 map.permission :manage_public_queries, {:queries => [:new, :edit, :destroy]}, :require => :member
                 map.permission :save_queries, {:queries => [:new, :edit, :destroy]}, :require => :loggedin
                 # Gantt & calendar
                 map.permission :view_gantt, :projects => :gantt
                 map.permission :view_calendar, :projects => :calendar
               end
               map.project_module :time_tracking do |map|
                 map.permission :log_time, {:timelog => :edit}, :require => :loggedin
                 map.permission :view_time_entries, :timelog => [:details, :report]
                 map.permission :edit_time_entries, {:timelog => [:edit, :destroy]}, :require => :member
                 map.permission :edit_own_time_entries, {:timelog => [:edit, :destroy]}, :require => :loggedin
               end
               map.project_module :news do |map|
                 map.permission :manage_news, {:news => [:new, :edit, :destroy, :destroy_comment]}, :require => :member
                 map.permission :view_news, {:news => [:index, :show]}, :public => true
                 map.permission :comment_news, {:news => :add_comment}
               end
               map.project_module :documents do |map|
                 map.permission :manage_documents, {:documents => [:new, :edit, :destroy, :add_attachment, :destroy_attachment]}, :require => :loggedin
                 map.permission :view_documents, :documents => [:index, :show, :download]
               end
               map.project_module :files do |map|
                 map.permission :manage_files, {:projects => :add_file, :versions => :destroy_file}, :require => :loggedin
                 map.permission :view_files, :projects => :list_files, :versions => :download
               end
               map.project_module :wiki do |map|
                 map.permission :manage_wiki, {:wikis => [:edit, :destroy]}, :require => :member
                 map.permission :rename_wiki_pages, {:wiki => :rename}, :require => :member
                 map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member
                 map.permission :view_wiki_pages, :wiki => [:index, :history, :diff, :annotate, :special]
                 map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment, :destroy_attachment]
+                map.permission :protect_wiki_pages, {:wiki => :protect}, :require => :member
               end
               map.project_module :repository do |map|
                 map.permission :manage_repository, {:repositories => [:edit, :destroy]}, :require => :member
                 map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph]
                 map.permission :view_changesets, :repositories => [:show, :revisions, :revision]
               end
               map.project_module :boards do |map|
                 map.permission :manage_boards, {:boards => [:new, :edit, :destroy]}, :require => :member
                 map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true
                 map.permission :add_messages, {:messages => [:new, :reply]}
                 map.permission :edit_messages, {:messages => :edit}, :require => :member
                 map.permission :delete_messages, {:messages => :destroy}, :require => :member
               end
             end
             Redmine::MenuManager.map :top_menu do |menu|
               menu.push :home, :home_path, :html => { :class => 'home' }
               menu.push :my_page, { :controller => 'my', :action => 'page' }, :html => { :class => 'mypage' }, :if => Proc.new { User.current.logged? }
               menu.push :projects, { :controller => 'projects', :action => 'index' }, :caption => :label_project_plural, :html => { :class => 'projects' }
               menu.push :administration, { :controller => 'admin', :action => 'index' }, :html => { :class => 'admin' }, :if => Proc.new { User.current.admin? }
               menu.push :help, Redmine::Info.help_url, :html => { :class => 'help' }
             end
             Redmine::MenuManager.map :account_menu do |menu|
               menu.push :login, :signin_path, :html => { :class => 'login' }, :if => Proc.new { !User.current.logged? }
               menu.push :register, { :controller => 'account', :action => 'register' }, :html => { :class => 'register' }, :if => Proc.new { !User.current.logged? && Setting.self_registration? }
               menu.push :my_account, { :controller => 'my', :action => 'account' }, :html => { :class => 'myaccount' }, :if => Proc.new { User.current.logged? }
               menu.push :logout, :signout_path, :html => { :class => 'logout' }, :if => Proc.new { User.current.logged? }
             end
             Redmine::MenuManager.map :application_menu do |menu|
               # Empty
             end
             Redmine::MenuManager.map :project_menu do |menu|
               menu.push :overview, { :controller => 'projects', :action => 'show' }
               menu.push :activity, { :controller => 'projects', :action => 'activity' }
               menu.push :roadmap, { :controller => 'projects', :action => 'roadmap' },
                           :if => Proc.new { |p| p.versions.any? }
               menu.push :issues, { :controller => 'issues', :action => 'index' }, :param => :project_id, :caption => :label_issue_plural
               menu.push :new_issue, { :controller => 'issues', :action => 'new' }, :param => :project_id, :caption => :label_issue_new,
                           :html => { :accesskey => Redmine::AccessKeys.key_for(:new_issue) }
               menu.push :news, { :controller => 'news', :action => 'index' }, :param => :project_id, :caption => :label_news_plural
               menu.push :documents, { :controller => 'documents', :action => 'index' }, :param => :project_id, :caption => :label_document_plural
               menu.push :wiki, { :controller => 'wiki', :action => 'index', :page => nil },
                           :if => Proc.new { |p| p.wiki && !p.wiki.new_record? }
               menu.push :boards, { :controller => 'boards', :action => 'index', :id => nil }, :param => :project_id,
                           :if => Proc.new { |p| p.boards.any? }, :caption => :label_board_plural
               menu.push :files, { :controller => 'projects', :action => 'list_files' }, :caption => :label_attachment_plural
               menu.push :repository, { :controller => 'repositories', :action => 'show' },
                           :if => Proc.new { |p| p.repository && !p.repository.new_record? }
               menu.push :settings, { :controller => 'projects', :action => 'settings' }
             end

public/images/locked.png binary modified 0 0

NO CONTENT: modified file, binary diff hidden

public/images/unlock.png binary modified 0 0

NO CONTENT: modified file, binary diff hidden

test/fixtures/roles.yml +2 0

             ---
             roles_001:
               name: Manager
               id: 1
               builtin: 0
               permissions: |
                 ---
                 - :edit_project
                 - :manage_members
                 - :manage_versions
                 - :manage_categories
                 - :add_issues
                 - :edit_issues
                 - :manage_issue_relations
                 - :add_issue_notes
                 - :move_issues
                 - :delete_issues
                 - :manage_public_queries
                 - :save_queries
                 - :view_gantt
                 - :view_calendar
                 - :log_time
                 - :view_time_entries
                 - :edit_time_entries
                 - :delete_time_entries
                 - :manage_news
                 - :comment_news
                 - :view_documents
                 - :manage_documents
                 - :view_wiki_pages
                 - :edit_wiki_pages
+                - :protect_wiki_pages
                 - :delete_wiki_pages
                 - :rename_wiki_pages
                 - :add_messages
                 - :edit_messages
                 - :delete_messages
                 - :manage_boards
                 - :view_files
                 - :manage_files
                 - :browse_repository
                 - :view_changesets
               position: 1
             roles_002:
               name: Developer
               id: 2
               builtin: 0
               permissions: |
                 ---
                 - :edit_project
                 - :manage_members
                 - :manage_versions
                 - :manage_categories
                 - :add_issues
                 - :edit_issues
                 - :manage_issue_relations
                 - :add_issue_notes
                 - :move_issues
                 - :delete_issues
                 - :save_queries
                 - :view_gantt
                 - :view_calendar
                 - :log_time
                 - :view_time_entries
                 - :edit_own_time_entries
                 - :manage_news
                 - :comment_news
                 - :view_documents
                 - :manage_documents
                 - :view_wiki_pages
                 - :edit_wiki_pages
+                - :protect_wiki_pages
                 - :delete_wiki_pages
                 - :add_messages
                 - :manage_boards
                 - :view_files
                 - :manage_files
                 - :browse_repository
                 - :view_changesets
               position: 2
             roles_003:
               name: Reporter
               id: 3
               builtin: 0
               permissions: |
                 ---
                 - :edit_project
                 - :manage_members
                 - :manage_versions
                 - :manage_categories
                 - :add_issues
                 - :edit_issues
                 - :manage_issue_relations
                 - :add_issue_notes
                 - :move_issues
                 - :save_queries
                 - :view_gantt
                 - :view_calendar
                 - :log_time
                 - :view_time_entries
                 - :manage_news
                 - :comment_news
                 - :view_documents
                 - :manage_documents
                 - :view_wiki_pages
                 - :edit_wiki_pages
                 - :delete_wiki_pages
                 - :add_messages
                 - :manage_boards
                 - :view_files
                 - :manage_files
                 - :browse_repository
                 - :view_changesets
               position: 3
             roles_004:
               name: Non member
               id: 4
               builtin: 1
               permissions: |
                 ---
                 - :add_issues
                 - :edit_issues
                 - :manage_issue_relations
                 - :add_issue_notes
                 - :move_issues
                 - :save_queries
                 - :view_gantt
                 - :view_calendar
                 - :log_time
                 - :view_time_entries
                 - :comment_news
                 - :view_documents
                 - :manage_documents
                 - :view_wiki_pages
                 - :edit_wiki_pages
                 - :add_messages
                 - :view_files
                 - :manage_files
                 - :browse_repository
                 - :view_changesets
               position: 4
             roles_005:
               name: Anonymous
               id: 5
               builtin: 2
               permissions: |
                 ---
                 - :add_issue_notes
                 - :view_gantt
                 - :view_calendar
                 - :view_time_entries
                 - :view_documents
                 - :view_wiki_pages
                 - :view_files
                 - :browse_repository
                 - :view_changesets
               position: 5
   No newline at end of file

test/fixtures/wiki_pages.yml +4 0

             ---
             wiki_pages_001:
               created_on: 2007-03-07 00:08:07 +01:00
               title: CookBook_documentation
               id: 1
               wiki_id: 1
+              protected: true
             wiki_pages_002:
               created_on: 2007-03-08 00:18:07 +01:00
               title: Another_page
               id: 2
               wiki_id: 1
+              protected: false
             wiki_pages_003:
               created_on: 2007-03-08 00:18:07 +01:00
               title: Start_page
               id: 3
               wiki_id: 2
+              protected: false
             wiki_pages_004:
               created_on: 2007-03-08 00:18:07 +01:00
               title: Page_with_an_inline_image
               id: 4
               wiki_id: 1
+              protected: false
   No newline at end of file

test/functional/wiki_controller_test.rb +56 0

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             require 'wiki_controller'
             # Re-raise errors caught by the controller.
             class WikiController; def rescue_action(e) raise e end; end
             class WikiControllerTest < Test::Unit::TestCase
               fixtures :projects, :users, :roles, :members, :enabled_modules, :wikis, :wiki_pages, :wiki_contents, :wiki_content_versions, :attachments
               def setup
                 @controller = WikiController.new
                 @request    = ActionController::TestRequest.new
                 @response   = ActionController::TestResponse.new
                 User.current = nil
               end
               def test_show_start_page
                 get :index, :id => 1
                 assert_response :success
                 assert_template 'show'
                 assert_tag :tag => 'h1', :content => /CookBook documentation/
               end
               def test_show_page_with_name
                 get :index, :id => 1, :page => 'Another_page'
                 assert_response :success
                 assert_template 'show'
                 assert_tag :tag => 'h1', :content => /Another page/
                 # Included page with an inline image
                 assert_tag :tag => 'p', :content => /This is an inline image/
                 assert_tag :tag => 'img', :attributes => { :src => '/attachments/download/3',
                                                            :alt => 'This is a logo' }
               end
               def test_show_unexistent_page_without_edit_right
                 get :index, :id => 1, :page => 'Unexistent page'
                 assert_response 404
               end
               def test_show_unexistent_page_with_edit_right
                 @request.session[:user_id] = 2
                 get :index, :id => 1, :page => 'Unexistent page'
                 assert_response :success
                 assert_template 'edit'
               end
               def test_create_page
                 @request.session[:user_id] = 2
                 post :edit, :id => 1,
                             :page => 'New page',
                             :content => {:comments => 'Created the page',
                                          :text => "h1. New page\n\nThis is a new page",
                                          :version => 0}
                 assert_redirected_to 'wiki/ecookbook/New_page'
                 page = Project.find(1).wiki.find_page('New page')
                 assert !page.new_record?
                 assert_not_nil page.content
                 assert_equal 'Created the page', page.content.comments
               end
               def test_preview
                 @request.session[:user_id] = 2
                 xhr :post, :preview, :id => 1, :page => 'CookBook_documentation',
                                                :content => { :comments => '',
                                                              :text => 'this is a *previewed text*',
                                                              :version => 3 }
                 assert_response :success
                 assert_template 'common/_preview'
                 assert_tag :tag => 'strong', :content => /previewed text/
               end
               def test_history
                 get :history, :id => 1, :page => 'CookBook_documentation'
                 assert_response :success
                 assert_template 'history'
                 assert_not_nil assigns(:versions)
                 assert_equal 3, assigns(:versions).size
               end
               def test_diff
                 get :diff, :id => 1, :page => 'CookBook_documentation', :version => 2, :version_from => 1
                 assert_response :success
                 assert_template 'diff'
                 assert_tag :tag => 'span', :attributes => { :class => 'diff_in'},
                                            :content => /updated/
               end
               def test_annotate
                 get :annotate, :id => 1, :page =>  'CookBook_documentation', :version => 2
                 assert_response :success
                 assert_template 'annotate'
                 # Line 1
                 assert_tag :tag => 'tr', :child => { :tag => 'th', :attributes => {:class => 'line-num'}, :content => '1' },
                                          :child => { :tag => 'td', :attributes => {:class => 'author'}, :content => /John Smith/ },
                                          :child => { :tag => 'td', :content => /h1\. CookBook documentation/ }
                 # Line 2
                 assert_tag :tag => 'tr', :child => { :tag => 'th', :attributes => {:class => 'line-num'}, :content => '2' },
                                          :child => { :tag => 'td', :attributes => {:class => 'author'}, :content => /redMine Admin/ },
                                          :child => { :tag => 'td', :content => /Some updated \[\[documentation\]\] here/ }
               end
               def test_rename_with_redirect
                 @request.session[:user_id] = 2
                 post :rename, :id => 1, :page => 'Another_page',
                                         :wiki_page => { :title => 'Another renamed page',
                                                         :redirect_existing_links => 1 }
                 assert_redirected_to 'wiki/ecookbook/Another_renamed_page'
                 wiki = Project.find(1).wiki
                 # Check redirects
                 assert_not_nil wiki.find_page('Another page')
                 assert_nil wiki.find_page('Another page', :with_redirect => false)
               end
               def test_rename_without_redirect
                 @request.session[:user_id] = 2
                 post :rename, :id => 1, :page => 'Another_page',
                                         :wiki_page => { :title => 'Another renamed page',
                                                         :redirect_existing_links => "0" }
                 assert_redirected_to 'wiki/ecookbook/Another_renamed_page'
                 wiki = Project.find(1).wiki
                 # Check that there's no redirects
                 assert_nil wiki.find_page('Another page')
               end
               def test_destroy
                 @request.session[:user_id] = 2
                 post :destroy, :id => 1, :page => 'CookBook_documentation'
                 assert_redirected_to 'wiki/ecookbook/Page_index/special'
               end
               def test_page_index
                 get :special, :id => 'ecookbook', :page => 'Page_index'
                 assert_response :success
                 assert_template 'special_page_index'
                 pages = assigns(:pages)
                 assert_not_nil pages
                 assert_equal Project.find(1).wiki.pages.size, pages.size
                 assert_tag :tag => 'a', :attributes => { :href => '/wiki/ecookbook/CookBook_documentation' },
                                         :content => /CookBook documentation/
               end
               def test_not_found
                 get :index, :id => 999
                 assert_response 404
               end
+              def test_protect_page
+                page = WikiPage.find_by_wiki_id_and_title(1, 'Another_page')
+                assert !page.protected?
+                @request.session[:user_id] = 2
+                post :protect, :id => 1, :page => page.title, :protected => '1'
+                assert_redirected_to 'wiki/ecookbook/Another_page'
+                assert page.reload.protected?
+              end
+              def test_unprotect_page
+                page = WikiPage.find_by_wiki_id_and_title(1, 'CookBook_documentation')
+                assert page.protected?
+                @request.session[:user_id] = 2
+                post :protect, :id => 1, :page => page.title, :protected => '0'
+                assert_redirected_to 'wiki/ecookbook'
+                assert !page.reload.protected?
+              end
+              def test_show_page_with_edit_link
+                @request.session[:user_id] = 2
+                get :index, :id => 1
+                assert_response :success
+                assert_template 'show'
+                assert_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
+              end
+              def test_show_page_without_edit_link
+                @request.session[:user_id] = 4
+                get :index, :id => 1
+                assert_response :success
+                assert_template 'show'
+                assert_no_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
+              end
+              def test_edit_unprotected_page
+                # Non members can edit unprotected wiki pages
+                @request.session[:user_id] = 4
+                get :edit, :id => 1, :page => 'Another_page'
+                assert_response :success
+                assert_template 'edit'
+              end
+              def test_edit_protected_page_by_nonmember
+                # Non members can't edit protected wiki pages
+                @request.session[:user_id] = 4
+                get :edit, :id => 1, :page => 'CookBook_documentation'
+                assert_response 403
+              end
+              def test_edit_protected_page_by_member
+                @request.session[:user_id] = 2
+                get :edit, :id => 1, :page => 'CookBook_documentation'
+                assert_response :success
+                assert_template 'edit'
+              end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages