Defect #6776 ยป link_to_if_authorized_overridable_context.patch
| vendor/plugins/classic_pagination/test/pagination_helper_test.rb (working copy) | ||
|---|---|---|
| 10 | 10 |
def setup |
| 11 | 11 |
@controller = Class.new do |
| 12 | 12 |
attr_accessor :url, :request |
| 13 |
def url_for(options, *parameters_for_method_reference)
|
|
| 13 |
def url_for(options)
|
|
| 14 | 14 |
url |
| 15 | 15 |
end |
| 16 | 16 |
end |
| app/helpers/application_helper.rb (working copy) | ||
|---|---|---|
| 26 | 26 |
extend Forwardable |
| 27 | 27 |
def_delegators :wiki_helper, :wikitoolbar_for, :heads_for_wiki_formatter |
| 28 | 28 | |
| 29 |
# Return true if user is authorized for controller/action, otherwise false
|
|
| 30 |
def authorize_for(controller, action)
|
|
| 31 |
User.current.allowed_to?({:controller => controller, :action => action}, @project)
|
|
| 29 |
# Return true if user is authorized for controller/action in context, otherwise false
|
|
| 30 |
def authorize_for(controller, action, context = @project)
|
|
| 31 |
User.current.allowed_to?({:controller => controller, :action => action}, context)
|
|
| 32 | 32 |
end |
| 33 | 33 | |
| 34 | 34 |
# Display a link if user is authorized |
| ... | ... | |
| 36 | 36 |
# @param [String] name Anchor text (passed to link_to) |
| 37 | 37 |
# @param [Hash] options Hash params. This will checked by authorize_for to see if the user is authorized |
| 38 | 38 |
# @param [optional, Hash] html_options Options passed to link_to |
| 39 |
# @param [optional, Hash] parameters_for_method_reference Extra parameters for link_to
|
|
| 40 |
def link_to_if_authorized(name, options = {}, html_options = nil, *parameters_for_method_reference)
|
|
| 41 |
link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller] || params[:controller], options[:action])
|
|
| 39 |
# @param [optional, Object] context Context object
|
|
| 40 |
def link_to_if_authorized(name, options = {}, html_options = nil, context = @project)
|
|
| 41 |
link_to(name, options, html_options) if authorize_for(options[:controller] || params[:controller], options[:action], context)
|
|
| 42 | 42 |
end |
| 43 | 43 | |
| 44 | 44 |
# Display a link to remote if user is authorized |
| 45 |
def link_to_remote_if_authorized(name, options = {}, html_options = nil)
|
|
| 45 |
def link_to_remote_if_authorized(name, options = {}, html_options = nil, context = @project)
|
|
| 46 | 46 |
url = options[:url] || {}
|
| 47 |
link_to_remote(name, options, html_options) if authorize_for(url[:controller] || params[:controller], url[:action])
|
|
| 47 |
link_to_remote(name, options, html_options) if authorize_for(url[:controller] || params[:controller], url[:action], context)
|
|
| 48 | 48 |
end |
| 49 | 49 | |
| 50 | 50 |
# Displays a link to user's account page if active |
| app/views/projects/settings/_versions.rhtml (working copy) | ||
|---|---|---|
| 17 | 17 |
<td class="description"><%=h version.description %></td> |
| 18 | 18 |
<td class="status"><%= l("version_status_#{version.status}") %></td>
|
| 19 | 19 |
<td class="sharing"><%=h format_version_sharing(version.sharing) %></td> |
| 20 |
<td><%= link_to_if_authorized(h(version.wiki_page_title), {:controller => 'wiki', :action => 'show', :project_id => version.project, :id => Wiki.titleize(version.wiki_page_title)}) || h(version.wiki_page_title) unless version.wiki_page_title.blank? || version.project.wiki.nil? %></td>
|
|
| 20 |
<td><%= link_to_if_authorized(h(version.wiki_page_title), {:controller => 'wiki', :action => 'show', :project_id => version.project, :id => Wiki.titleize(version.wiki_page_title)}, nil, version.project) || h(version.wiki_page_title) unless version.wiki_page_title.blank? || version.project.wiki.nil? %></td>
|
|
| 21 | 21 |
<td class="buttons"> |
| 22 | 22 |
<% if version.project == @project %> |
| 23 | 23 |
<%= link_to_if_authorized l(:button_edit), {:controller => 'versions', :action => 'edit', :id => version }, :class => 'icon icon-edit' %>
|
| test/unit/helpers/application_helper_test.rb (working copy) | ||
|---|---|---|
| 48 | 48 |
{:controller => 'issues', :action => 'edit', :id => Issue.first.id})
|
| 49 | 49 |
assert_match /href/, response |
| 50 | 50 |
end |
| 51 |
|
|
| 51 |
|
|
| 52 |
should "not allow using the :controller and :action for the private parent project version wiki page link" do |
|
| 53 |
User.current = User.anonymous |
|
| 54 |
|
|
| 55 |
parent_project = Project.generate!( :is_public => false ) |
|
| 56 |
|
|
| 57 |
version = Version.generate!( :project_id => parent_project, :sharing => 'hierarchy', :wiki_page_title => 'MyVersionWikiPage' ) |
|
| 58 |
|
|
| 59 |
@project = Project.generate!( :is_public => true ) |
|
| 60 |
@project.set_parent! parent_project |
|
| 61 |
|
|
| 62 |
response = link_to_if_authorized("By controller/action",
|
|
| 63 |
{:controller => 'wiki', :action => 'show', :id => version.wiki_page_title, :project_id => version.project },
|
|
| 64 |
nil, |
|
| 65 |
parent_project) |
|
| 66 |
|
|
| 67 |
assert_equal nil, response |
|
| 68 |
end |
|
| 69 |
|
|
| 52 | 70 |
end |
| 53 |
|
|
| 71 |
|
|
| 54 | 72 |
def test_auto_links |
| 55 | 73 |
to_test = {
|
| 56 | 74 |
'http://foo.bar' => '<a class="external" href="http://foo.bar">http://foo.bar</a>', |