851.diff

Mateo Murphy, 2008-03-17 22:45

Download (8.17 KB)

View differences:

test/functional/wiki_controller_test.rb (working copy)
156 156
    get :index, :id => 999
157 157
    assert_response 404
158 158
  end
159
  
160
  
161
  def test_show_page_with_edit_link
162
    @request.session[:user_id] = 2
163
    get :index, :id => 1
164
    assert_response :success
165
    assert_template 'show'
166
    assert_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
167
  end
168
  
169
  def test_show_page_without_edit_link
170
    @request.session[:user_id] = 4
171
    get :index, :id => 1
172
    assert_response :success
173
    assert_template 'show'
174
    assert_no_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
175
  end  
176
  
177
  def test_edit_unprotected_page
178
    # Non members can edit unprotected wiki pages
179
    @request.session[:user_id] = 4
180
    get :edit, :id => 1, :page => 'Another_page'
181
    assert_response :success
182
    assert_template 'edit'
183
  end
184
  
185
  def test_edit_protected_page_by_nonmember
186
    # Non members can't edit protected wiki pages
187
    @request.session[:user_id] = 4
188
    get :edit, :id => 1, :page => 'CookBook_documentation'
189
    assert_response 403
190
  end
191
  
192
  def test_edit_protected_page_by_member
193
    @request.session[:user_id] = 2
194
    get :edit, :id => 1, :page => 'CookBook_documentation'
195
    assert_response :success
196
    assert_template 'edit'    
197
  end
198
  
159 199
end
test/fixtures/roles.yml (working copy)
74 74
    - :manage_documents
75 75
    - :view_wiki_pages
76 76
    - :edit_wiki_pages
77
    - :protect_wiki_pages
77 78
    - :delete_wiki_pages
78 79
    - :rename_wiki_pages
79 80
    - :add_messages
......
115 116
    - :manage_documents
116 117
    - :view_wiki_pages
117 118
    - :edit_wiki_pages
119
    - :protect_wiki_pages
118 120
    - :delete_wiki_pages
119 121
    - :add_messages
120 122
    - :manage_boards
......
152 154
    - :manage_documents
153 155
    - :view_wiki_pages
154 156
    - :edit_wiki_pages
157
    - :protect_wiki_pages    
155 158
    - :delete_wiki_pages
156 159
    - :add_messages
157 160
    - :manage_boards
test/fixtures/wiki_pages.yml (working copy)
4 4
  title: CookBook_documentation
5 5
  id: 1
6 6
  wiki_id: 1
7
  protected: true
7 8
wiki_pages_002: 
8 9
  created_on: 2007-03-08 00:18:07 +01:00
9 10
  title: Another_page
10 11
  id: 2
11 12
  wiki_id: 1
13
  protected: false
12 14
wiki_pages_003: 
13 15
  created_on: 2007-03-08 00:18:07 +01:00
14 16
  title: Start_page
15 17
  id: 3
16 18
  wiki_id: 2
19
  protected: false
17 20
  
app/controllers/wiki_controller.rb (working copy)
30 30
  def index
31 31
    page_title = params[:page]
32 32
    @page = @wiki.find_or_new_page(page_title)
33
    @editable = editable?
33 34
    if @page.new_record?
34
      if User.current.allowed_to?(:edit_wiki_pages, @project)
35
      if User.current.allowed_to?(:edit_wiki_pages, @project) && @editable
35 36
        edit
36 37
        render :action => 'edit'
37 38
      else
......
54 55
  # edit an existing page or a new one
55 56
  def edit
56 57
    @page = @wiki.find_or_new_page(params[:page])    
58
    return render_403 unless editable?
57 59
    @page.content = WikiContent.new(:page => @page) if @page.new_record?
58 60
    
59 61
    @content = @page.content_for_version(params[:version])
......
152 154
  
153 155
  def preview
154 156
    page = @wiki.find_page(params[:page])
157
    return render_403 unless editable?(page)
155 158
    @attachements = page.attachments if page
156 159
    @text = params[:content][:text]
157 160
    render :partial => 'common/preview'
......
159 162

  
160 163
  def add_attachment
161 164
    @page = @wiki.find_page(params[:page])
165
    return render_403 unless editable?
162 166
    attach_files(@page, params[:attachments])
163 167
    redirect_to :action => 'index', :page => @page.title
164 168
  end
165 169

  
166 170
  def destroy_attachment
167 171
    @page = @wiki.find_page(params[:page])
172
    return render_403 unless editable?
168 173
    @page.attachments.find(params[:attachment_id]).destroy
169 174
    redirect_to :action => 'index', :page => @page.title
170 175
  end
171 176

  
177
  def protect
178
    page = @wiki.find_page(params[:page])
179
    page.protected = !page.protected?
180
    page.save
181
    redirect_to :action => 'index', :page => page.title
182
  end
183

  
172 184
private
173 185
  
174 186
  def find_wiki
......
178 190
  rescue ActiveRecord::RecordNotFound
179 191
    render_404
180 192
  end
193
  
194
  def editable?(page = @page)
195
    !page.protected? || User.current.allowed_to?(:protect_wiki_pages, @project)
196
  end  
197
  
181 198
end
app/views/wiki/show.rhtml (working copy)
1 1
<div class="contextual">
2
<%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version %>
2
<%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version && @editable %>
3 3
<%= link_to_if_authorized(l(:button_rename), {:action => 'rename', :page => @page.title}, :class => 'icon icon-move') if @content.version == @page.content.version %>
4 4
<%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :page => @page.title}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %>
5 5
<%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %>
6
<%= link_to_if_authorized(l(:button_lock), {:action => 'protect', :page => @page.title}, :class => 'icon icon-lock') if !@page.protected? %>
7
<%= link_to_if_authorized(l(:button_unlock), {:action => 'protect', :page => @page.title}, :class => 'icon icon-unlock') if @page.protected? %>
6 8
<%= link_to(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %>
7 9
</div>
8 10

  
......
24 26

  
25 27
<%= link_to_attachments @page.attachments, :delete_url => (authorize_for('wiki', 'destroy_attachment') ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>
26 28

  
27
<% if authorize_for('wiki', 'add_attachment') %>
29
<% if authorize_for('wiki', 'add_attachment') && @editable %>
28 30
<p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;",
29 31
                                             :id => 'attach_files_link' %></p>
30 32
<% form_tag({ :controller => 'wiki', :action => 'add_attachment', :page => @page.title }, :multipart => true, :id => "add_attachment_form", :style => "display:none;") do %>
db/migrate/093_add_wiki_pages_protected.rb (revision 0)
1
class AddWikiPagesProtected < ActiveRecord::Migration
2
  def self.up
3
    add_column :wiki_pages, :protected, :boolean, :default => false, :null => false
4
  end
5

  
6
  def self.down
7
    remove_column :wiki_pages, :protected
8
  end
9
end
lib/redmine.rb (working copy)
75 75
    map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member
76 76
    map.permission :view_wiki_pages, :wiki => [:index, :history, :diff, :annotate, :special]
77 77
    map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment, :destroy_attachment]
78
    map.permission :protect_wiki_pages, :wiki => [:protect]
78 79
  end
79 80
    
80 81
  map.project_module :repository do |map|