deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Abilities extended. Resources security improved

Browse source
This commit is contained in:
Dmitriy Zaporozhets 2012-02-22 00:31:18 +02:00
parent af82b6773b
commit 8c40aab120
16 changed files with 51 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

21
app/controllers/wikis_controller.rb
View file

@ -2,7 +2,7 @@ class WikisController < ApplicationController
before_filter :project
before_filter :add_project_abilities
before_filter :authorize_read_wiki!
before_filter :authorize_write_wiki!, :except => [:show, :destroy]
before_filter :authorize_write_wiki!, :only => [:edit, :create, :history]
before_filter :authorize_admin_wiki!, :only => :destroy
layout "project"
@ -12,6 +12,11 @@ class WikisController < ApplicationController
else
@wiki = @project.wikis.where(:slug => params[:id]).order("created_at").last
end
unless @wiki
return render_404 unless can?(current_user, :write_wiki, @project)
end
respond_to do |format|
if @wiki
format.html
@ -51,18 +56,4 @@ class WikisController < ApplicationController
format.html { redirect_to project_wiki_path(@project, :index), notice: "Page was successfully deleted" }
end
end
protected
def authorize_read_wiki!
can?(current_user, :read_wiki, @project)
end
def authorize_write_wiki!
can?(current_user, :write_wiki, @project)
end
def authorize_admin_wiki!
can?(current_user, :admin_wiki, @project)
end
end