RSS feeds are now smart about password-protected webs

2005-04-03 07:31:11 +00:00 · 2005-04-03 07:31:11 +00:00 · 6f8b5b44d3
commit 6f8b5b44d3
parent bdb77c7108
6 changed files with 61 additions and 10 deletions
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@ -75,6 +75,7 @@ class WikiController < ApplicationController
  end

  def feeds
+    @rss_with_content_allowed = rss_with_content_allowed?
    # show the template
  end

@ -91,7 +92,12 @@ class WikiController < ApplicationController
  end

  def rss_with_content
-    render_rss(hide_description = false, *parse_rss_params)
+    if rss_with_content_allowed?
+      render_rss(hide_description = false, *parse_rss_params)
+    else
+      render_text 'RSS feed with content for this web is blocked for security reasons. ' +
+        'The web is password-protected and not published', '403 Forbidden'
+    end
  end

  def rss_with_headlines
@ -326,6 +332,8 @@ class WikiController < ApplicationController
    
    @hide_description = hide_description
    @response.headers['Content-Type'] = 'text/xml'
+    @link_action = @web.password ? 'published' : 'show'
+    
    render 'wiki/rss_feed'
  end

@ -343,6 +351,10 @@ class WikiController < ApplicationController
    @template.render_file(template_name)
  end
  
+  def rss_with_content_allowed?
+    @web.password.nil? or @web.published
+  end
+  
  def truncate(text, length = 30, truncate_string = '...')
    if text.length > length then text[0..(length - 3)] + truncate_string else text end
  end