class WikisController < ApplicationController
before_filter :project
before_filter :add_project_abilities
+ before_filter :authorize_read_wiki!
+ before_filter :authorize_write_wiki!, :except => [:show, :destroy]
+ before_filter :authorize_admin_wiki!, :only => :destroy
layout "project"
def show
format.html { redirect_to project_wiki_path(@project, :index), notice: "Page was successfully deleted" }
end
end
+
+ protected
+
+ def authorize_read_wiki!
+ can?(current_user, :read_wiki, @project)
+ end
+
+ def authorize_write_wiki!
+ can?(current_user, :write_wiki, @project)
+ end
+
+ def authorize_admin_wiki!
+ can?(current_user, :admin_wiki, @project)
+ end
end
rules << [
:read_project,
+ :read_wiki,
:read_issue,
:read_snippet,
:read_team_member,
:read_merge_request,
- :read_note
- ] if project.allow_read_for?(user)
-
- rules << [
+ :read_note,
:write_project,
:write_issue,
:write_snippet,
:write_merge_request,
- :write_note,
+ :write_note
+ ] if project.guest_access_for?(user)
+
+ rules << [
+ :download_code,
+ ] if project.report_access_for?(user)
+
+ rules << [
:write_wiki
- ] if project.allow_write_for?(user)
+ ] if project.dev_access_for?(user)
rules << [
:modify_issue,
:admin_snippet,
:admin_team_member,
:admin_merge_request,
- :admin_note
- ] if project.allow_admin_for?(user)
+ :admin_note,
+ :admin_wiki
+ ] if project.master_access_for?(user)
- rules << [
- :download_code,
- ] if project.allow_pull_for?(user)
rules.flatten
end
class << self
- [:issue, :note, :snippet, :merge_request, :wiki].each do |name|
+ [:issue, :note, :snippet, :merge_request].each do |name|
define_method "#{name}_abilities" do |user, subject|
if subject.author == user
[
!users_projects.where(:user_id => user.id).empty?
end
- def allow_write_for?(user)
+ def guest_access_for?(user)
!users_projects.where(:user_id => user.id).empty?
end
- def allow_admin_for?(user)
- !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id
+ def report_access_for?(user)
+ !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
end
- def allow_pull_for?(user)
- !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
+ def dev_access_for?(user)
+ !users_projects.where(:user_id => user.id, :project_access => [UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
+ end
+
+ def master_access_for?(user)
+ !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id
end
def root_ref