851.diff

Mateo Murphy, 2008-04-29 22:00

Download (8.31 KB)

View differences:

test/functional/wiki_controller_test.rb (working copy)
160 160
    get :index, :id => 999
161 161
    assert_response 404
162 162
  end
163
  
164
  
165
  def test_show_page_with_edit_link
166
    @request.session[:user_id] = 2
167
    get :index, :id => 1
168
    assert_response :success
169
    assert_template 'show'
170
    assert_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
171
  end
172
  
173
  def test_show_page_without_edit_link
174
    @request.session[:user_id] = 4
175
    get :index, :id => 1
176
    assert_response :success
177
    assert_template 'show'
178
    assert_no_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
179
  end  
180
  
181
  def test_edit_unprotected_page
182
    # Non members can edit unprotected wiki pages
183
    @request.session[:user_id] = 4
184
    get :edit, :id => 1, :page => 'Another_page'
185
    assert_response :success
186
    assert_template 'edit'
187
  end
188
  
189
  def test_edit_protected_page_by_nonmember
190
    # Non members can't edit protected wiki pages
191
    @request.session[:user_id] = 4
192
    get :edit, :id => 1, :page => 'CookBook_documentation'
193
    assert_response 403
194
  end
195
  
196
  def test_edit_protected_page_by_member
197
    @request.session[:user_id] = 2
198
    get :edit, :id => 1, :page => 'CookBook_documentation'
199
    assert_response :success
200
    assert_template 'edit'    
201
  end
202
  
163 203
end
test/fixtures/roles.yml (working copy)
29 29
    - :manage_documents
30 30
    - :view_wiki_pages
31 31
    - :edit_wiki_pages
32
    - :protect_wiki_pages
32 33
    - :delete_wiki_pages
33 34
    - :rename_wiki_pages
34 35
    - :add_messages
......
69 70
    - :manage_documents
70 71
    - :view_wiki_pages
71 72
    - :edit_wiki_pages
73
    - :protect_wiki_pages
72 74
    - :delete_wiki_pages
73 75
    - :add_messages
74 76
    - :manage_boards
......
104 106
    - :manage_documents
105 107
    - :view_wiki_pages
106 108
    - :edit_wiki_pages
109
    - :protect_wiki_pages    
107 110
    - :delete_wiki_pages
108 111
    - :add_messages
109 112
    - :manage_boards
test/fixtures/wiki_pages.yml (working copy)
4 4
  title: CookBook_documentation
5 5
  id: 1
6 6
  wiki_id: 1
7
  protected: true  
7 8
wiki_pages_002: 
8 9
  created_on: 2007-03-08 00:18:07 +01:00
9 10
  title: Another_page
10 11
  id: 2
11 12
  wiki_id: 1
13
  protected: false
12 14
wiki_pages_003: 
13 15
  created_on: 2007-03-08 00:18:07 +01:00
14 16
  title: Start_page
15 17
  id: 3
16 18
  wiki_id: 2
19
  protected: false
17 20
wiki_pages_004: 
18 21
  created_on: 2007-03-08 00:18:07 +01:00
19 22
  title: Page_with_an_inline_image
20 23
  id: 4
21 24
  wiki_id: 1
25
  protected: false
22 26
  
app/controllers/wiki_controller.rb (working copy)
30 30
  def index
31 31
    page_title = params[:page]
32 32
    @page = @wiki.find_or_new_page(page_title)
33
    @editable = editable?
33 34
    if @page.new_record?
34
      if User.current.allowed_to?(:edit_wiki_pages, @project)
35
      if User.current.allowed_to?(:edit_wiki_pages, @project) && @editable
35 36
        edit
36 37
        render :action => 'edit'
37 38
      else
......
54 55
  # edit an existing page or a new one
55 56
  def edit
56 57
    @page = @wiki.find_or_new_page(params[:page])    
58
    return render_403 unless editable?
57 59
    @page.content = WikiContent.new(:page => @page) if @page.new_record?
58 60
    
59 61
    @content = @page.content_for_version(params[:version])
......
152 154
  
153 155
  def preview
154 156
    page = @wiki.find_page(params[:page])
157
    return render_403 unless editable?(page)
155 158
    @attachements = page.attachments if page
156 159
    @text = params[:content][:text]
157 160
    render :partial => 'common/preview'
......
159 162

  
160 163
  def add_attachment
161 164
    @page = @wiki.find_page(params[:page])
165
    return render_403 unless editable?
162 166
    attach_files(@page, params[:attachments])
163 167
    redirect_to :action => 'index', :page => @page.title
164 168
  end
165 169

  
166 170
  def destroy_attachment
167 171
    @page = @wiki.find_page(params[:page])
172
    return render_403 unless editable?
168 173
    @page.attachments.find(params[:attachment_id]).destroy
169 174
    redirect_to :action => 'index', :page => @page.title
170 175
  end
171 176

  
177
  def protect
178
    page = @wiki.find_page(params[:page])
179
    page.protected = !page.protected?
180
    page.save
181
    redirect_to :action => 'index', :page => page.title
182
  end
183

  
172 184
private
173 185
  
174 186
  def find_wiki
......
178 190
  rescue ActiveRecord::RecordNotFound
179 191
    render_404
180 192
  end
193
  
194
  def editable?(page = @page)
195
    !page.protected? || User.current.allowed_to?(:protect_wiki_pages, @project)
196
  end  
197
  
181 198
end
app/views/wiki/show.rhtml (working copy)
1 1
<div class="contextual">
2
<%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version %>
2
<%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version && @editable %>
3 3
<%= link_to_if_authorized(l(:button_rename), {:action => 'rename', :page => @page.title}, :class => 'icon icon-move') if @content.version == @page.content.version %>
4 4
<%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :page => @page.title}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %>
5 5
<%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %>
6
<%= link_to_if_authorized(l(:button_lock), {:action => 'protect', :page => @page.title}, :class => 'icon icon-lock') if !@page.protected? %>
7
<%= link_to_if_authorized(l(:button_unlock), {:action => 'protect', :page => @page.title}, :class => 'icon icon-unlock') if @page.protected? %>
6 8
<%= link_to(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %>
7 9
</div>
8 10

  
......
24 26

  
25 27
<%= link_to_attachments @page.attachments, :delete_url => (authorize_for('wiki', 'destroy_attachment') ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>
26 28

  
27
<% if authorize_for('wiki', 'add_attachment') %>
29
<% if authorize_for('wiki', 'add_attachment') && @editable %>
28 30
<p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;",
29 31
                                             :id => 'attach_files_link' %></p>
30 32
<% form_tag({ :controller => 'wiki', :action => 'add_attachment', :page => @page.title }, :multipart => true, :id => "add_attachment_form", :style => "display:none;") do %>
db/migrate/093_add_wiki_pages_protected.rb (revision 0)
1
class AddWikiPagesProtected < ActiveRecord::Migration
2
  def self.up
3
    add_column :wiki_pages, :protected, :boolean, :default => false, :null => false
4
  end
5

  
6
  def self.down
7
    remove_column :wiki_pages, :protected
8
  end
9
end
lib/redmine.rb (working copy)
76 76
    map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member
77 77
    map.permission :view_wiki_pages, :wiki => [:index, :history, :diff, :annotate, :special]
78 78
    map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment, :destroy_attachment]
79
    map.permission :protect_wiki_pages, :wiki => [:protect]
79 80
  end
80 81
    
81 82
  map.project_module :repository do |map|