Check permission of wiki pages before generating a link to it (#23793).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sun, 29 Jan 2017 07:49:38 +0000 (07:49 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sun, 29 Jan 2017 07:49:38 +0000 (07:49 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sun, 29 Jan 2017 07:49:38 +0000 (07:49 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sun, 29 Jan 2017 07:49:38 +0000 (07:49 +0000)
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb

index 2a5acc4774454034e9ea90ee8b7b23ca666c62ff..d1f359fbcfbf81e5362d4d1991d6bd60169e6b96 100644 (file)
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -726,7 +726,7 @@ module ApplicationHelper
            title ||= identifier if page.blank?
          end
  
-        if link_project && link_project.wiki
+        if link_project && link_project.wiki && User.current.allowed_to?(:view_wiki_pages, link_project)
            # extract anchor
            anchor = nil
            if page =~ /^(.+?)\#(.+)$/
diff --git a/test/fixtures/wikis.yml b/test/fixtures/wikis.yml

index 7254fe687c06a665d07b9f7daf604c2dd415afdf..56910cbbe2974496759c5a6406c1d5881848828f 100644 (file)
--- a/test/fixtures/wikis.yml
+++ b/test/fixtures/wikis.yml
@@ -9,3 +9,8 @@ wikis_002:
    start_page: Start page
    project_id: 2
    id: 2
+wikis_005:
+  status: 1
+  start_page: Wiki
+  project_id: 5
+  id: 5
diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb

index e6530e5c54897ad265204efc1acac9ea2b9a7f3d..943f7a452f8ce78a53e863fdd00e9c1a81e66ad2 100644 (file)
--- a/test/unit/helpers/application_helper_test.rb
+++ b/test/unit/helpers/application_helper_test.rb
@@ -665,6 +665,7 @@ RAW
    end
  
    def test_wiki_links
+    User.current = User.find_by_login('jsmith')
      russian_eacape = CGI.escape(@russian_test)
      to_test = {
        '[[CookBook documentation]]' =>
@@ -746,6 +747,9 @@ RAW
        # project does not exist
        '[[unknowproject:Start]]' => '[[unknowproject:Start]]',
        '[[unknowproject:Start|Page title]]' => '[[unknowproject:Start|Page title]]',
+      # missing permission to view wiki in project
+      '[[private-child:]]' => '[[private-child:]]',
+      '[[private-child:Wiki]]' => '[[private-child:Wiki]]',
      }
      @project = Project.find(1)
      to_test.each { |text, result| assert_equal "<p>#{result}</p>", textilizable(text) }
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sun, 29 Jan 2017 07:49:38 +0000 (07:49 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sun, 29 Jan 2017 07:49:38 +0000 (07:49 +0000)
app/helpers/application_helper.rb		patch \| blob \| history
test/fixtures/wikis.yml		patch \| blob \| history
test/unit/helpers/application_helper_test.rb		patch \| blob \| history