layout 'base'
before_filter :find_wiki, :authorize
- verify :method => :post, :only => [:destroy, :destroy_attachment], :redirect_to => { :action => :index }
+ verify :method => :post, :only => [:destroy, :destroy_attachment, :protect], :redirect_to => { :action => :index }
helper :attachments
include AttachmentsHelper
send_data(@content.text, :type => 'text/plain', :filename => "#{@page.title}.txt")
return
end
+ @editable = editable?
render :action => 'show'
end
# edit an existing page or a new one
def edit
@page = @wiki.find_or_new_page(params[:page])
+ return render_403 unless editable?
@page.content = WikiContent.new(:page => @page) if @page.new_record?
@content = @page.content_for_version(params[:version])
# rename a page
def rename
- @page = @wiki.find_page(params[:page])
+ @page = @wiki.find_page(params[:page])
+ return render_403 unless editable?
@page.redirect_existing_links = true
# used to display the *original* title if some AR validation errors occur
@original_title = @page.pretty_title
end
end
+ def protect
+ page = @wiki.find_page(params[:page])
+ page.update_attribute :protected, params[:protected]
+ redirect_to :action => 'index', :id => @project, :page => page.title
+ end
+
# show page history
def history
@page = @wiki.find_page(params[:page])
# remove a wiki page and its history
def destroy
@page = @wiki.find_page(params[:page])
+ return render_403 unless editable?
@page.destroy if @page
redirect_to :action => 'special', :id => @project, :page => 'Page_index'
end
def preview
page = @wiki.find_page(params[:page])
+ return render_403 unless editable?(page)
@attachements = page.attachments if page
@text = params[:content][:text]
render :partial => 'common/preview'
def add_attachment
@page = @wiki.find_page(params[:page])
+ return render_403 unless editable?
attach_files(@page, params[:attachments])
redirect_to :action => 'index', :page => @page.title
end
def destroy_attachment
@page = @wiki.find_page(params[:page])
+ return render_403 unless editable?
@page.attachments.find(params[:attachment_id]).destroy
redirect_to :action => 'index', :page => @page.title
end
rescue ActiveRecord::RecordNotFound
render_404
end
+
+ # Returns true if the current user is allowed to edit the page, otherwise false
+ def editable?(page = @page)
+ page.editable_by?(User.current)
+ end
end
def text
content.text if content
end
+
+ # Returns true if usr is allowed to edit the page, otherwise false
+ def editable_by?(usr)
+ !protected? || usr.allowed_to?(:protect_wiki_pages, wiki.project)
+ end
end
class WikiDiff
<div class="contextual">
+<% if @editable %>
<%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version %>
+<%= link_to_if_authorized(l(:button_lock), {:action => 'protect', :page => @page.title, :protected => 1}, :method => :post, :class => 'icon icon-lock') if !@page.protected? %>
+<%= link_to_if_authorized(l(:button_unlock), {:action => 'protect', :page => @page.title, :protected => 0}, :method => :post, :class => 'icon icon-unlock') if @page.protected? %>
<%= link_to_if_authorized(l(:button_rename), {:action => 'rename', :page => @page.title}, :class => 'icon icon-move') if @content.version == @page.content.version %>
<%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :page => @page.title}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %>
<%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %>
+<% end %>
<%= link_to(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %>
</div>
<%= render(:partial => "wiki/content", :locals => {:content => @content}) %>
-<%= link_to_attachments @page.attachments, :delete_url => (authorize_for('wiki', 'destroy_attachment') ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>
+<%= link_to_attachments @page.attachments, :delete_url => ((@editable && authorize_for('wiki', 'destroy_attachment')) ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>
-<% if authorize_for('wiki', 'add_attachment') %>
+<% if @editable && authorize_for('wiki', 'add_attachment') %>
<p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;",
:id => 'attach_files_link' %></p>
<% form_tag({ :controller => 'wiki', :action => 'add_attachment', :page => @page.title }, :multipart => true, :id => "add_attachment_form", :style => "display:none;") do %>
--- /dev/null
+class AddWikiPagesProtected < ActiveRecord::Migration
+ def self.up
+ add_column :wiki_pages, :protected, :boolean, :default => false, :null => false
+ end
+
+ def self.down
+ remove_column :wiki_pages, :protected
+ end
+end
map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member
map.permission :view_wiki_pages, :wiki => [:index, :history, :diff, :annotate, :special]
map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment, :destroy_attachment]
+ map.permission :protect_wiki_pages, {:wiki => :protect}, :require => :member
end
map.project_module :repository do |map|
- :manage_documents\r
- :view_wiki_pages\r
- :edit_wiki_pages\r
+ - :protect_wiki_pages\r
- :delete_wiki_pages\r
- :rename_wiki_pages\r
- :add_messages\r
- :manage_documents\r
- :view_wiki_pages\r
- :edit_wiki_pages\r
+ - :protect_wiki_pages\r
- :delete_wiki_pages\r
- :add_messages\r
- :manage_boards\r
title: CookBook_documentation\r
id: 1\r
wiki_id: 1\r
+ protected: true \r
wiki_pages_002: \r
created_on: 2007-03-08 00:18:07 +01:00\r
title: Another_page\r
id: 2\r
wiki_id: 1\r
+ protected: false\r
wiki_pages_003: \r
created_on: 2007-03-08 00:18:07 +01:00\r
title: Start_page\r
id: 3\r
wiki_id: 2\r
+ protected: false\r
wiki_pages_004: \r
created_on: 2007-03-08 00:18:07 +01:00\r
title: Page_with_an_inline_image\r
id: 4\r
wiki_id: 1\r
+ protected: false\r
\ No newline at end of file
get :index, :id => 999
assert_response 404
end
+
+ def test_protect_page
+ page = WikiPage.find_by_wiki_id_and_title(1, 'Another_page')
+ assert !page.protected?
+ @request.session[:user_id] = 2
+ post :protect, :id => 1, :page => page.title, :protected => '1'
+ assert_redirected_to 'wiki/ecookbook/Another_page'
+ assert page.reload.protected?
+ end
+
+ def test_unprotect_page
+ page = WikiPage.find_by_wiki_id_and_title(1, 'CookBook_documentation')
+ assert page.protected?
+ @request.session[:user_id] = 2
+ post :protect, :id => 1, :page => page.title, :protected => '0'
+ assert_redirected_to 'wiki/ecookbook'
+ assert !page.reload.protected?
+ end
+
+ def test_show_page_with_edit_link
+ @request.session[:user_id] = 2
+ get :index, :id => 1
+ assert_response :success
+ assert_template 'show'
+ assert_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
+ end
+
+ def test_show_page_without_edit_link
+ @request.session[:user_id] = 4
+ get :index, :id => 1
+ assert_response :success
+ assert_template 'show'
+ assert_no_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
+ end
+
+ def test_edit_unprotected_page
+ # Non members can edit unprotected wiki pages
+ @request.session[:user_id] = 4
+ get :edit, :id => 1, :page => 'Another_page'
+ assert_response :success
+ assert_template 'edit'
+ end
+
+ def test_edit_protected_page_by_nonmember
+ # Non members can't edit protected wiki pages
+ @request.session[:user_id] = 4
+ get :edit, :id => 1, :page => 'CookBook_documentation'
+ assert_response 403
+ end
+
+ def test_edit_protected_page_by_member
+ @request.session[:user_id] = 2
+ get :edit, :id => 1, :page => 'CookBook_documentation'
+ assert_response :success
+ assert_template 'edit'
+ end
end
projects / redmine.git / commitdiff
