Adds a permission 'view wiki edits' so that wiki history can be hidden to certain users (#1154).

A migration automatically adds this permission to roles that were allowed to view wiki pages.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1815 e93f8b46-1217-0410-a6f0-8f06a7374b81

4 files changed, 13 insertions, 3 deletions

diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index 46df2931e..5c8158db8 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -38,6 +38,11 @@ class WikiController < ApplicationController
       end
       return
     end
+    if params[:version] && !User.current.allowed_to?(:view_wiki_edits, @project)
+      # Redirects user to the current version if he's not allowed to view previous versions
+      redirect_to :version => nil
+      return
+    end
     @content = @page.content_for_version(params[:version])
     if params[:export] == 'html'
       export = render_to_string :action => 'export', :layout => false
diff --git a/app/models/role.rb b/app/models/role.rb
index 5ff9470f9..beb13c03b 100644
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -76,6 +76,11 @@ class Role < ActiveRecord::Base
     save!
   end
   
+  # Returns true if the role has the given permission
+  def has_permission?(perm)
+    !permissions.nil? && permissions.include?(perm.to_sym)
+  end
+  
   def <=>(role)
     position <=> role.position
   end
diff --git a/app/models/wiki_content.rb b/app/models/wiki_content.rb
index f2ee39c4d..4a4c5c270 100644
--- a/app/models/wiki_content.rb
+++ b/app/models/wiki_content.rb
@@ -35,9 +35,9 @@ class WikiContent < ActiveRecord::Base
                   :type => 'wiki-page',
                   :url => Proc.new {|o| {:controller => 'wiki', :id => o.page.wiki.project_id, :page => o.page.title, :version => o.version}}
 
-    acts_as_activity_provider :type => 'wiki_pages',
+    acts_as_activity_provider :type => 'wiki_edits',
                               :timestamp => "#{WikiContent.versioned_table_name}.updated_on",
-                              :permission => :view_wiki_pages,
+                              :permission => :view_wiki_edits,
                               :find_options => {:select => "#{WikiContent.versioned_table_name}.updated_on, #{WikiContent.versioned_table_name}.comments, " +
                                                            "#{WikiContent.versioned_table_name}.#{WikiContent.version_column}, #{WikiPage.table_name}.title, " +
                                                            "#{WikiContent.versioned_table_name}.page_id, #{WikiContent.versioned_table_name}.author_id, " +
diff --git a/app/views/wiki/show.rhtml b/app/views/wiki/show.rhtml
index 255b904f5..844c6c0f8 100644
--- a/app/views/wiki/show.rhtml
+++ b/app/views/wiki/show.rhtml
@@ -7,7 +7,7 @@
 <%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :page => @page.title}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %>
 <%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %>
 <% end %>
-<%= link_to(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %>
+<%= link_to_if_authorized(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %>
 </div>
 
 <%= breadcrumb(@page.ancestors.reverse.collect {|parent| link_to h(parent.pretty_title), {:page => parent.title}}) %>