Commit e6528cba authored by jplang's avatar jplang

Check permission of wiki pages before generating a link to it (#23793).

Patch by Holger Just.

git-svn-id: https://svn.redmine.org/redmine/trunk@16283 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 7a802fdd
......@@ -726,7 +726,7 @@ module ApplicationHelper
title ||= identifier if page.blank?
end
if link_project && link_project.wiki
if link_project && link_project.wiki && User.current.allowed_to?(:view_wiki_pages, link_project)
# extract anchor
anchor = nil
if page =~ /^(.+?)\#(.+)$/
......
......@@ -9,3 +9,8 @@ wikis_002:
start_page: Start page
project_id: 2
id: 2
wikis_005:
status: 1
start_page: Wiki
project_id: 5
id: 5
......@@ -665,6 +665,7 @@ RAW
end
def test_wiki_links
User.current = User.find_by_login('jsmith')
russian_eacape = CGI.escape(@russian_test)
to_test = {
'[[CookBook documentation]]' =>
......@@ -746,6 +747,9 @@ RAW
# project does not exist
'[[unknowproject:Start]]' => '[[unknowproject:Start]]',
'[[unknowproject:Start|Page title]]' => '[[unknowproject:Start|Page title]]',
# missing permission to view wiki in project
'[[private-child:]]' => '[[private-child:]]',
'[[private-child:Wiki]]' => '[[private-child:Wiki]]',
}
@project = Project.find(1)
to_test.each { |text, result| assert_equal "<p>#{result}</p>", textilizable(text) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment