wiki.ohea.xyz/gollum
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix compare page not accessible in no-edit mode

Browse Source 
Permission checking was spread across `post` action handlers instead of inside the `before` to normalize between `get` and `post` action handlers and be more explicit.
This commit is contained in:
Jérémie Astori
2016-06-27 13:50:47 -04:00
committed by Daniele Grandini
parent 72c8e1aff3
commit e2d55b45ba
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/gollum/app.rb
+12 -1
View File
@@ -97,7 +97,6 @@ module Precious
before do before do
settings.wiki_options[:allow_editing] = settings.wiki_options.fetch(:allow_editing, true) settings.wiki_options[:allow_editing] = settings.wiki_options.fetch(:allow_editing, true)
@allow_editing = settings.wiki_options[:allow_editing] @allow_editing = settings.wiki_options[:allow_editing]
forbid unless @allow_editing || request.request_method == "GET"
Precious::App.set(:mustache, {:templates => settings.wiki_options[:template_dir]}) if settings.wiki_options[:template_dir] Precious::App.set(:mustache, {:templates => settings.wiki_options[:template_dir]}) if settings.wiki_options[:template_dir]
@base_url = url('/', false).chomp('/') @base_url = url('/', false).chomp('/')
@page_dir = settings.wiki_options[:page_file_dir].to_s @page_dir = settings.wiki_options[:page_file_dir].to_s
@@ -182,6 +181,8 @@ module Precious
end end
post '/uploadFile' do post '/uploadFile' do
forbid unless @allow_editing
wiki = wiki_new wiki = wiki_new
unless wiki.allow_uploads unless wiki.allow_uploads
@@ -244,6 +245,8 @@ module Precious
end end
post '/rename/*' do post '/rename/*' do
forbid unless @allow_editing
wikip = wiki_page(params[:splat].first) wikip = wiki_page(params[:splat].first)
halt 500 if wikip.nil? halt 500 if wikip.nil?
wiki = wikip.wiki wiki = wikip.wiki
@@ -280,6 +283,8 @@ module Precious
end end
post '/edit/*' do post '/edit/*' do
forbid unless @allow_editing
path = '/' + clean_url(sanitize_empty_params(params[:path])).to_s path = '/' + clean_url(sanitize_empty_params(params[:path])).to_s
page_name = CGI.unescape(params[:page]) page_name = CGI.unescape(params[:page])
wiki = wiki_new wiki = wiki_new
@@ -339,6 +344,8 @@ module Precious
end end
post '/create' do post '/create' do
forbid unless @allow_editing
name = params[:page].to_url name = params[:page].to_url
path = sanitize_empty_params(params[:path]) || '' path = sanitize_empty_params(params[:path]) || ''
format = params[:format].intern format = params[:format].intern
@@ -358,6 +365,8 @@ module Precious
end end
post '/revert/*/:sha1/:sha2' do post '/revert/*/:sha1/:sha2' do
forbid unless @allow_editing
wikip = wiki_page(params[:splat].first) wikip = wiki_page(params[:splat].first)
@path = wikip.path @path = wikip.path
@name = wikip.name @name = wikip.name
@@ -381,6 +390,8 @@ module Precious
end end
post '/preview' do post '/preview' do
forbid unless @allow_editing
wiki = wiki_new wiki = wiki_new
@name = params[:page] || "Preview" @name = params[:page] || "Preview"
@page = wiki.preview_page(@name, params[:content], params[:format]) @page = wiki.preview_page(@name, params[:content], params[:format])