Creating a wiki page named "Sidebar" without proper permission raises an exception...

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Tue, 30 Aug 2016 19:21:42 +0000 (19:21 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Tue, 30 Aug 2016 19:21:42 +0000 (19:21 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Tue, 30 Aug 2016 19:21:42 +0000 (19:21 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Tue, 30 Aug 2016 19:21:42 +0000 (19:21 +0000)
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb

index de1931a0b02cfbd689d740d7bbc79aa619d3c1ac..1dfb16640d2ca1209a0e0eaa80a86b4f7d3b0a5c 100644 (file)
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -62,10 +62,12 @@ class WikiController < ApplicationController
  
    def new
      @page = WikiPage.new(:wiki => @wiki, :title => params[:title])
-    unless User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
+    unless User.current.allowed_to?(:edit_wiki_pages, @project)
        render_403
+      return
      end
      if request.post?
+      @page.title = '' unless editable?
        @page.validate
        if @page.errors[:title].blank?
          path = project_wiki_page_path(@project, @page.title)
diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb

index ea200b60d55c10be4d00aa1d94650dbee583b7e2..1cc0a3b7d7db8df53dc6631d8d529d3e9ac23ffe 100644 (file)
--- a/test/functional/wiki_controller_test.rb
+++ b/test/functional/wiki_controller_test.rb
@@ -216,6 +216,15 @@ class WikiControllerTest < Redmine::ControllerTest
      assert_select_error 'Title has already been taken'
    end
  
+  def test_post_new_with_protected_title_should_display_errors
+    Role.find(1).remove_permission!(:protect_wiki_pages)
+    @request.session[:user_id] = 2
+
+    post :new, :params => {:project_id => 'ecookbook', :title => 'Sidebar'}
+    assert_response :success
+    assert_select_error /Title/
+  end
+
    def test_post_new_xhr_with_invalid_title_should_display_errors
      @request.session[:user_id] = 2
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Tue, 30 Aug 2016 19:21:42 +0000 (19:21 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Tue, 30 Aug 2016 19:21:42 +0000 (19:21 +0000)
app/controllers/wiki_controller.rb		patch \| blob \| history
test/functional/wiki_controller_test.rb		patch \| blob \| history