diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index b3789604..6fc309b7 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -2,7 +2,7 @@
# Likewise will all the methods added be available for all controllers.
class ApplicationController < ActionController::Base
- before_filter :connect_to_model, :setup_url_generator, :set_content_type_header, :set_robots_metatag
+ before_filter :connect_to_model, :check_authorization, :setup_url_generator, :set_content_type_header, :set_robots_metatag
after_filter :remember_location, :teardown_url_generator
# For injecting a different wiki model implementation. Intended for use in tests
@@ -20,15 +20,8 @@ class ApplicationController < ActionController::Base
protected
- def authorized?
- @web.nil? ||
- @web.password.nil? ||
- cookies['web_address'] == @web.password ||
- password_check(@params['password'])
- end
-
def check_authorization
- if in_a_web? and authorization_needed? and not authorized? and
+ if in_a_web? and authorization_needed? and not authorized?
redirect_to :controller => 'wiki', :action => 'login', :web => @web_name
return false
end
@@ -41,14 +34,13 @@ class ApplicationController < ActionController::Base
if @web_name
@web = @wiki.webs[@web_name]
if @web.nil?
- render_text "Unknown web '#{@web_name}'", '404 Not Found'
+ render :status => 404, :text => "Unknown web '#{@web_name}'"
return false
end
end
@page_name = @file_name = @params['id']
@page = @wiki.read_page(@web_name, @page_name) unless @page_name.nil?
@author = cookies['author'] || 'AnonymousCoward'
- check_authorization
end
FILE_TYPES = {
@@ -67,10 +59,6 @@ class ApplicationController < ActionController::Base
super(file, options)
end
- def in_a_web?
- not @web_name.nil?
- end
-
def password_check(password)
if password == @web.password
cookies['web_address'] = password
@@ -168,8 +156,20 @@ class ApplicationController < ActionController::Base
self.class.wiki
end
+ private
+
+ def in_a_web?
+ not @web_name.nil?
+ end
+
def authorization_needed?
not %w( login authenticate published rss_with_content rss_with_headlines ).include?(action_name)
end
+ def authorized?
+ @web.password.nil? or
+ cookies['web_address'] == @web.password or
+ password_check(@params['password'])
+ end
+
end
diff --git a/app/controllers/file_controller.rb b/app/controllers/file_controller.rb
index e8356fb5..61e5f000 100644
--- a/app/controllers/file_controller.rb
+++ b/app/controllers/file_controller.rb
@@ -1,9 +1,4 @@
-require 'fileutils'
-require 'application'
-require 'instiki_errors'
-
-# Controller that is responsible for serving files and pictures.
-# Disabled in version 0.10
+# Controller responsible for serving files and pictures.
class FileController < ApplicationController
@@ -46,8 +41,6 @@ class FileController < ApplicationController
end
def import
- return if file_uploads_disabled?
-
check_authorization
if @params['file']
@problems = []
@@ -69,15 +62,8 @@ class FileController < ApplicationController
protected
def check_allow_uploads
-
- # TODO enable file uploads again after 0.10 release
- unless RAILS_ENV == 'test'
- render_text 'File uploads are not ready for general use in Instiki 0.10', '403 Forbidden'
- return false
- end
-
unless @web.allow_uploads?
- render_text 'File uploads are blocked by the webmaster', '403 Forbidden'
+ render :status => 403, :text => 'File uploads are blocked by the webmaster'
return false
end
end
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index 712c4640..2e7eb3b7 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -217,9 +217,9 @@ class WikiController < ApplicationController
end
def save
- redirect_home if @page_name.nil?
- cookies['author'] = { :value => @params['author'], :expires => Time.utc(2030) }
+ render(:status => 404, :text => 'Undefined page name') and return if @page_name.nil?
+ cookies['author'] = { :value => @params['author'], :expires => Time.utc(2030) }
begin
if @page
wiki.revise_page(@web_name, @page_name, @params['content'], Time.now,
diff --git a/app/views/wiki/edit.rhtml b/app/views/wiki/edit.rhtml
index cdf3d5d1..270d5bec 100644
--- a/app/views/wiki/edit.rhtml
+++ b/app/views/wiki/edit.rhtml
@@ -18,8 +18,9 @@
as
-
+ <%= text_field_tag :author, @author,
+ :onfocus => "this.value == 'AnonymousCoward' ? this.value = '' : true;",
+ :onblur => "this.value == '' ? this.value = 'AnonymousCoward' : true" %>
|
<%= link_to('Cancel', {:web => @web.address, :action => 'cancel_edit', :id => @page.name},
{:accesskey => 'c'})
diff --git a/app/views/wiki/new.rhtml b/app/views/wiki/new.rhtml
index d7202268..e7a73bca 100644
--- a/app/views/wiki/new.rhtml
+++ b/app/views/wiki/new.rhtml
@@ -18,7 +18,9 @@
as
-
+ <%= text_field_tag :author, @author,
+ :onfocus => "this.value == 'AnonymousCoward' ? this.value = '' : true;",
+ :onblur => "this.value == '' ? this.value = 'AnonymousCoward' : true" %>
<%= end_form_tag %>
diff --git a/test/functional/file_controller_test.rb b/test/functional/file_controller_test.rb
index 24fc2125..80b9099e 100755
--- a/test/functional/file_controller_test.rb
+++ b/test/functional/file_controller_test.rb
@@ -121,12 +121,12 @@ class FileControllerTest < Test::Unit::TestCase
def test_uploads_blocking
set_web_property :allow_uploads, true
- r = process 'file', 'web' => 'wiki1', 'id' => 'filename'
+ process 'file', 'web' => 'wiki1', 'id' => 'filename'
assert_success
set_web_property :allow_uploads, false
- r = process 'file', 'web' => 'wiki1', 'id' => 'filename'
- assert_equal '403 Forbidden', r.headers['Status']
+ process 'file', 'web' => 'wiki1', 'id' => 'filename'
+ assert_response 403
end
end