Wiki page protection (#851, patch #1146 by Mateo Murphy with slight changes).

New permission added: protect wiki pages. Once a page is protected, it can be edited/renamed/deleted only by users who have this permission. git-svn-id: http://redmine.rubyforge.org/svn/trunk@1415 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-05-04 15:05:38 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2008-05-04 15:05:38 +0000
commit: 04766697357b29521515e7c71ae5139e04dd5ba2 (patch)
tree: e51f4c5770517801ee3772dfaf3d5bfb93b00a24 /app
parent: 556df99456bf579057213157eb593c6a0dea0676 (diff)
download: redmine-04766697357b29521515e7c71ae5139e04dd5ba2.tar.gz
redmine-04766697357b29521515e7c71ae5139e04dd5ba2.zip
3 files changed, 31 insertions, 4 deletions
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index 53c5ec53b..44113ebf3 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -21,7 +21,7 @@ class WikiController < ApplicationController
   layout 'base'
   before_filter :find_wiki, :authorize
   
-  verify :method => :post, :only => [:destroy, :destroy_attachment], :redirect_to => { :action => :index }
+  verify :method => :post, :only => [:destroy, :destroy_attachment, :protect], :redirect_to => { :action => :index }
 
   helper :attachments
   include AttachmentsHelper   
@@ -48,12 +48,14 @@ class WikiController < ApplicationController
       send_data(@content.text, :type => 'text/plain', :filename => "#{@page.title}.txt")
       return
     end
+	@editable = editable?
     render :action => 'show'
   end
   
   # edit an existing page or a new one
   def edit
     @page = @wiki.find_or_new_page(params[:page])    
+    return render_403 unless editable?
     @page.content = WikiContent.new(:page => @page) if @page.new_record?
     
     @content = @page.content_for_version(params[:version])
@@ -82,7 +84,8 @@ class WikiController < ApplicationController
   
   # rename a page
   def rename
-    @page = @wiki.find_page(params[:page])    
+    @page = @wiki.find_page(params[:page])
+	return render_403 unless editable?
     @page.redirect_existing_links = true
     # used to display the *original* title if some AR validation errors occur
     @original_title = @page.pretty_title
@@ -92,6 +95,12 @@ class WikiController < ApplicationController
     end
   end
   
+  def protect
+    page = @wiki.find_page(params[:page])
+    page.update_attribute :protected, params[:protected]
+    redirect_to :action => 'index', :id => @project, :page => page.title
+  end
+
   # show page history
   def history
     @page = @wiki.find_page(params[:page])
@@ -122,6 +131,7 @@ class WikiController < ApplicationController
   # remove a wiki page and its history
   def destroy
     @page = @wiki.find_page(params[:page])
+	return render_403 unless editable?
     @page.destroy if @page
     redirect_to :action => 'special', :id => @project, :page => 'Page_index'
   end
@@ -152,6 +162,7 @@ class WikiController < ApplicationController
   
   def preview
     page = @wiki.find_page(params[:page])
+    return render_403 unless editable?(page)
     @attachements = page.attachments if page
     @text = params[:content][:text]
     render :partial => 'common/preview'
@@ -159,12 +170,14 @@ class WikiController < ApplicationController
 
   def add_attachment
     @page = @wiki.find_page(params[:page])
+    return render_403 unless editable?
     attach_files(@page, params[:attachments])
     redirect_to :action => 'index', :page => @page.title
   end
 
   def destroy_attachment
     @page = @wiki.find_page(params[:page])
+    return render_403 unless editable?
     @page.attachments.find(params[:attachment_id]).destroy
     redirect_to :action => 'index', :page => @page.title
   end
@@ -178,4 +191,9 @@ private
   rescue ActiveRecord::RecordNotFound
     render_404
   end
+  
+  # Returns true if the current user is allowed to edit the page, otherwise false
+  def editable?(page = @page)
+    page.editable_by?(User.current)
+  end
 end
diff --git a/app/models/wiki_page.rb b/app/models/wiki_page.rb
index 8ce71cb80..95750f37b 100644
--- a/app/models/wiki_page.rb
+++ b/app/models/wiki_page.rb
@@ -105,6 +105,11 @@ class WikiPage < ActiveRecord::Base
   def text
     content.text if content
   end
+  
+  # Returns true if usr is allowed to edit the page, otherwise false
+  def editable_by?(usr)
+    !protected? || usr.allowed_to?(:protect_wiki_pages, wiki.project)
+  end
 end
 
 class WikiDiff
diff --git a/app/views/wiki/show.rhtml b/app/views/wiki/show.rhtml
index e4413d090..8092525bd 100644
--- a/app/views/wiki/show.rhtml
+++ b/app/views/wiki/show.rhtml
@@ -1,8 +1,12 @@
 <div class="contextual">
+<% if @editable %>
 <%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version %>
+<%= link_to_if_authorized(l(:button_lock), {:action => 'protect', :page => @page.title, :protected => 1}, :method => :post, :class => 'icon icon-lock') if !@page.protected? %>
+<%= link_to_if_authorized(l(:button_unlock), {:action => 'protect', :page => @page.title, :protected => 0}, :method => :post, :class => 'icon icon-unlock') if @page.protected? %>
 <%= link_to_if_authorized(l(:button_rename), {:action => 'rename', :page => @page.title}, :class => 'icon icon-move') if @content.version == @page.content.version %>
 <%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :page => @page.title}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %>
 <%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %>
+<% end %>
 <%= link_to(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %>
 </div>
 
@@ -22,9 +26,9 @@
 
 <%= render(:partial => "wiki/content", :locals => {:content => @content}) %>
 
-<%= link_to_attachments @page.attachments, :delete_url => (authorize_for('wiki', 'destroy_attachment') ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>
+<%= link_to_attachments @page.attachments, :delete_url => ((@editable && authorize_for('wiki', 'destroy_attachment')) ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>
 
-<% if authorize_for('wiki', 'add_attachment') %>
+<% if @editable && authorize_for('wiki', 'add_attachment') %>
 <p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;",
                                              :id => 'attach_files_link' %></p>
 <% form_tag({ :controller => 'wiki', :action => 'add_attachment', :page => @page.title }, :multipart => true, :id => "add_attachment_form", :style => "display:none;") do %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-05-04 15:05:38 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2008-05-04 15:05:38 +0000
commit	04766697357b29521515e7c71ae5139e04dd5ba2 (patch)
tree	e51f4c5770517801ee3772dfaf3d5bfb93b00a24 /app
parent	556df99456bf579057213157eb593c6a0dea0676 (diff)
download	redmine-04766697357b29521515e7c71ae5139e04dd5ba2.tar.gz redmine-04766697357b29521515e7c71ae5139e04dd5ba2.zip