Project

General

Profile

Download (8.31 KB)

Patch #1146 ยป 851.diff

Mateo Murphy, 2008-04-29 22:00

View differences:

test/functional/wiki_controller_test.rb (working copy)
160 160 
    get :index, :id => 999
161 161 
    assert_response 404
162 162 
  end
163
164
165 
  def test_show_page_with_edit_link
166 
    @request.session[:user_id] = 2
167 
    get :index, :id => 1
168 
    assert_response :success
169 
    assert_template 'show'
170 
    assert_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
171 
  end
172
173 
  def test_show_page_without_edit_link
174 
    @request.session[:user_id] = 4
175 
    get :index, :id => 1
176 
    assert_response :success
177 
    assert_template 'show'
178 
    assert_no_tag :tag => 'a', :attributes => { :href => '/wiki/1/CookBook_documentation/edit' }
179 
  end
180
181 
  def test_edit_unprotected_page
182 
    # Non members can edit unprotected wiki pages
183 
    @request.session[:user_id] = 4
184 
    get :edit, :id => 1, :page => 'Another_page'
185 
    assert_response :success
186 
    assert_template 'edit'
187 
  end
188
189 
  def test_edit_protected_page_by_nonmember
190 
    # Non members can't edit protected wiki pages
191 
    @request.session[:user_id] = 4
192 
    get :edit, :id => 1, :page => 'CookBook_documentation'
193 
    assert_response 403
194 
  end
195
196 
  def test_edit_protected_page_by_member
197 
    @request.session[:user_id] = 2
198 
    get :edit, :id => 1, :page => 'CookBook_documentation'
199 
    assert_response :success
200 
    assert_template 'edit'
201 
  end
202
163 203 
end
test/fixtures/roles.yml (working copy)
29 29 
    - :manage_documents
30 30 
    - :view_wiki_pages
31 31 
    - :edit_wiki_pages
32 
    - :protect_wiki_pages
32 33 
    - :delete_wiki_pages
33 34 
    - :rename_wiki_pages
34 35 
    - :add_messages
......
69 70 
    - :manage_documents
70 71 
    - :view_wiki_pages
71 72 
    - :edit_wiki_pages
73 
    - :protect_wiki_pages
72 74 
    - :delete_wiki_pages
73 75 
    - :add_messages
74 76 
    - :manage_boards
......
104 106 
    - :manage_documents
105 107 
    - :view_wiki_pages
106 108 
    - :edit_wiki_pages
109 
    - :protect_wiki_pages
107 110 
    - :delete_wiki_pages
108 111 
    - :add_messages
109 112 
    - :manage_boards
test/fixtures/wiki_pages.yml (working copy)
4 4 
  title: CookBook_documentation
5 5 
  id: 1
6 6 
  wiki_id: 1
7 
  protected: true
7 8 
wiki_pages_002:
8 9 
  created_on: 2007-03-08 00:18:07 +01:00
9 10 
  title: Another_page
10 11 
  id: 2
11 12 
  wiki_id: 1
13 
  protected: false
12 14 
wiki_pages_003:
13 15 
  created_on: 2007-03-08 00:18:07 +01:00
14 16 
  title: Start_page
15 17 
  id: 3
16 18 
  wiki_id: 2
19 
  protected: false
17 20 
wiki_pages_004:
18 21 
  created_on: 2007-03-08 00:18:07 +01:00
19 22 
  title: Page_with_an_inline_image
20 23 
  id: 4
21 24 
  wiki_id: 1
25 
  protected: false
22 26
app/controllers/wiki_controller.rb (working copy)
30 30 
  def index
31 31 
    page_title = params[:page]
32 32 
    @page = @wiki.find_or_new_page(page_title)
33 
    @editable = editable?
33 34 
    if @page.new_record?
34 
      if User.current.allowed_to?(:edit_wiki_pages, @project)
35 
      if User.current.allowed_to?(:edit_wiki_pages, @project) && @editable
35 36 
        edit
36 37 
        render :action => 'edit'
37 38 
      else
......
54 55 
  # edit an existing page or a new one
55 56 
  def edit
56 57 
    @page = @wiki.find_or_new_page(params[:page])
58 
    return render_403 unless editable?
57 59 
    @page.content = WikiContent.new(:page => @page) if @page.new_record?
58 60
59 61 
    @content = @page.content_for_version(params[:version])
......
152 154
153 155 
  def preview
154 156 
    page = @wiki.find_page(params[:page])
157 
    return render_403 unless editable?(page)
155 158 
    @attachements = page.attachments if page
156 159 
    @text = params[:content][:text]
157 160 
    render :partial => 'common/preview'
......
159 162 

  		




  160
  163
  
    
  def add_attachment

  		




  161
  164
  
    
    @page = @wiki.find_page(params[:page])

  		




  
  165
  
    
    return render_403 unless editable?

  		




  162
  166
  
    
    attach_files(@page, params[:attachments])

  		




  163
  167
  
    
    redirect_to :action => 'index', :page => @page.title

  		




  164
  168
  
    
  end

  		




  165
  169
  
    

  		




  166
  170
  
    
  def destroy_attachment

  		




  167
  171
  
    
    @page = @wiki.find_page(params[:page])

  		




  
  172
  
    
    return render_403 unless editable?

  		




  168
  173
  
    
    @page.attachments.find(params[:attachment_id]).destroy

  		




  169
  174
  
    
    redirect_to :action => 'index', :page => @page.title

  		




  170
  175
  
    
  end

  		




  171
  176
  
    

  		




  
  177
  
    
  def protect

  		




  
  178
  
    
    page = @wiki.find_page(params[:page])

  		




  
  179
  
    
    page.protected = !page.protected?

  		




  
  180
  
    
    page.save

  		




  
  181
  
    
    redirect_to :action => 'index', :page => page.title

  		




  
  182
  
    
  end

  		




  
  183
  
    

  		




  172
  184
  
    
private

  		




  173
  185
  
    
  

  		




  174
  186
  
    
  def find_wiki

  		




  ......




  178
  190
  
    
  rescue ActiveRecord::RecordNotFound

  		




  179
  191
  
    
    render_404

  		




  180
  192
  
    
  end

  		




  
  193
  
    
  

  		




  
  194
  
    
  def editable?(page = @page)

  		




  
  195
  
    
    !page.protected? || User.current.allowed_to?(:protect_wiki_pages, @project)

  		




  
  196
  
    
  end  

  		




  
  197
  
    
  

  		




  181
  198
  
    
end

  		












  

    
      app/views/wiki/show.rhtml	(working copy)
    
  





  1
  1
  
    
<div class="contextual">

  		




  2
  
  
    
<%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version %>

  		




  
  2
  
    
<%= link_to_if_authorized(l(:button_edit), {:action => 'edit', :page => @page.title}, :class => 'icon icon-edit', :accesskey => accesskey(:edit)) if @content.version == @page.content.version && @editable %>

  		




  3
  3
  
    
<%= link_to_if_authorized(l(:button_rename), {:action => 'rename', :page => @page.title}, :class => 'icon icon-move') if @content.version == @page.content.version %>

  		




  4
  4
  
    
<%= link_to_if_authorized(l(:button_delete), {:action => 'destroy', :page => @page.title}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') %>

  		




  5
  5
  
    
<%= link_to_if_authorized(l(:button_rollback), {:action => 'edit', :page => @page.title, :version => @content.version }, :class => 'icon icon-cancel') if @content.version < @page.content.version %>

  		




  
  6
  
    
<%= link_to_if_authorized(l(:button_lock), {:action => 'protect', :page => @page.title}, :class => 'icon icon-lock') if !@page.protected? %>

  		




  
  7
  
    
<%= link_to_if_authorized(l(:button_unlock), {:action => 'protect', :page => @page.title}, :class => 'icon icon-unlock') if @page.protected? %>

  		




  6
  8
  
    
<%= link_to(l(:label_history), {:action => 'history', :page => @page.title}, :class => 'icon icon-history') %>

  		




  7
  9
  
    
</div>

  		




  8
  10
  
    

  		




  ......




  24
  26
  
    

  		




  25
  27
  
    
<%= link_to_attachments @page.attachments, :delete_url => (authorize_for('wiki', 'destroy_attachment') ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>

  		




  26
  28
  
    

  		




  27
  
  
    
<% if authorize_for('wiki', 'add_attachment') %>

  		




  
  29
  
    
<% if authorize_for('wiki', 'add_attachment') && @editable %>

  		




  28
  30
  
    
<p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;",

  		




  29
  31
  
    
                                             :id => 'attach_files_link' %></p>

  		




  30
  32
  
    
<% form_tag({ :controller => 'wiki', :action => 'add_attachment', :page => @page.title }, :multipart => true, :id => "add_attachment_form", :style => "display:none;") do %>

  		












  

    
      db/migrate/093_add_wiki_pages_protected.rb	(revision 0)
    
  





  
  1
  
    
class AddWikiPagesProtected < ActiveRecord::Migration

  		




  
  2
  
    
  def self.up

  		




  
  3
  
    
    add_column :wiki_pages, :protected, :boolean, :default => false, :null => false

  		




  
  4
  
    
  end

  		




  
  5
  
    

  		




  
  6
  
    
  def self.down

  		




  
  7
  
    
    remove_column :wiki_pages, :protected

  		




  
  8
  
    
  end

  		




  
  9
  
    
end

  		












  

    
      lib/redmine.rb	(working copy)
    
  





  76
  76
  
    
    map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member

  		




  77
  77
  
    
    map.permission :view_wiki_pages, :wiki => [:index, :history, :diff, :annotate, :special]

  		




  78
  78
  
    
    map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment, :destroy_attachment]

  		




  
  79
  
    
    map.permission :protect_wiki_pages, :wiki => [:protect]

  		




  79
  80
  
    
  end

  		




  80
  81
  
    
    

  		




  81
  82
  
    
  map.project_module :repository do |map|

  		















  
    (1-1/1)