Commits

Christian Boos committed ade4288

1.0.2dev: `WIKI_CREATE` should be enough for creating a page (#10957)

Previously, the `WIKI_MODIFY` permission was also needed.

Added functional test case for changes to `wiki_view.html`.

Patches by Ryan J Ollos <ryan.j.ollos@gmail.com> on #11028 and #10957.

  • Participants
  • Parent commits ee2493a
  • Branches 1.0-stable

Comments (0)

Files changed (4)

File trac/tests/functional/tester.py

         tc.url(self.url + "/ticket/%s" % self.ticketcount)
         return self.ticketcount
 
-    def create_wiki_page(self, page, content=None):
-        """Creates the specified wiki page, with random content if none is
-        provided.
+    def create_wiki_page(self, name=None, content=None):
+        """Creates a wiki page, with a random unique CamelCase name if none
+        is provided, and random content if none is provided.  Returns the
+        name of the wiki page.
         """
-        if content == None:
+        if name is None:
+            name = random_unique_camel()
+        if content is None:
             content = random_page()
-        page_url = self.url + "/wiki/" + page
-        tc.go(page_url)
-        tc.url(page_url)
-        tc.find("The page %s does not exist." % page)
-        tc.formvalue('modifypage', 'action', 'edit')
-        tc.submit()
-        tc.url(page_url + '\\?action=edit')
+        self.go_to_wiki(name)
+        tc.find("The page %s does not exist." % name)
 
-        tc.formvalue('edit', 'text', content)
-        tc.submit('save')
-        tc.url(page_url+'$')
+        self.edit_wiki_page(name, content)
 
         # verify the event shows up in the timeline
         self.go_to_timeline()
         tc.formvalue('prefs', 'wiki', True)
         tc.submit()
-        tc.find(page + ".*created")
+        tc.find(name + ".*created")
+
+        self.go_to_wiki(name)
+
+        return name
+
+    def edit_wiki_page(self, name, content=None):
+        """Edits a wiki page, with random content is none is provided.
+        Returns the content.
+        """
+        if content is None:
+            content = random_page()
+        self.go_to_wiki(name)
+        tc.formvalue('modifypage', 'action', 'edit')
+        tc.submit()
+        tc.formvalue('edit', 'text', content)
+        tc.submit('save')
+        page_url = self.url + '/wiki/%s' % name
+        tc.url(page_url+'$')
+
+        return content
 
     def attach_file_to_wiki(self, name, data=None, tempfilename=None):
         """Attaches a file to the given wiki page, with random content if none

File trac/wiki/templates/wiki_view.html

       xmlns:i18n="http://genshi.edgewall.org/i18n"
       xmlns:xi="http://www.w3.org/2001/XInclude"
       py:with="modify_perm = 'WIKI_MODIFY' in perm(page.resource);
+               create_perm = 'WIKI_CREATE' in perm(page.resource);
                admin_perm = 'WIKI_ADMIN' in perm(page.resource);
                is_not_latest = page.exists and page.version != latest_version">
   <xi:include href="layout.html" />
 
       <py:with vars="delete_perm = 'WIKI_DELETE' in perm(page.resource);
                      rename_perm = 'WIKI_RENAME' in perm(page.resource)">
-        <py:if test="admin_perm or (not page.readonly and (modify_perm or delete_perm))">
+        <py:if test="admin_perm or (not page.readonly and (modify_perm or create_perm or delete_perm))">
           <div class="buttons">
-            <py:if test="modify_perm">
+            <py:if test="modify_perm or create_perm">
               <form method="get" action="${href.wiki(page.name)}" id="modifypage">
                 <div>
                   <input type="hidden" name="action" value="edit" />
                   <py:choose>
-                    <py:when test="is_not_latest">
+                    <py:when test="is_not_latest and modify_perm">
                       <input type="hidden" name="version" value="${page.version}"/>
                       <input type="submit" value="${_('Revert to this version')}"/>
                     </py:when>
-                    <py:when test="page.exists">
+                    <py:when test="page.exists and modify_perm">
                       <input type="submit" value="${_('Edit this page')}" accesskey="e" />
                     </py:when>
-                    <py:otherwise>
+                    <py:when test="not page.exists and create_perm">
                       <input type="submit" value="${_('Create this page')}" accesskey="e" />
                       <div py:if="templates" id="template">
                         <label for="template">Using the template:</label>
                                   selected="${t == default_template or None}">$t</option>
                         </select>
                       </div>
-                    </py:otherwise>
+                    </py:when>
                   </py:choose>
                 </div>
               </form>

File trac/wiki/tests/functional.py

 
 
 class RegressionTestTicket10850(FunctionalTwillTestCaseSetup):
-
     def runTest(self):
         """Test for regression of http://trac.edgewall.org/ticket/10850"""
         pagename = random_unique_camel()
         tc.notfind('Error: Invalid Attachment')
 
 
+class RegressionTestTicket10957(FunctionalTwillTestCaseSetup):
+    def runTest(self):
+        """Test for regression of http://trac.edgewall.org/ticket/10957"""
+
+        try:
+            self._tester.logout()
+
+            # Check that page can't be created without WIKI_CREATE
+            page_name = random_unique_camel()
+            self._tester.go_to_wiki(page_name)
+            tc.find("Trac Error")
+            tc.find("Page %s not found" % page_name)
+            tc.notfind("Create this page")
+            tc.go(self._tester.url + '/wiki/%s?action=edit' % page_name)
+            tc.find("Error: Forbidden")
+            tc.find("WIKI_CREATE privileges are required to perform this "
+                    "operation on %s. You don't have the required permissions."
+                    % page_name)
+
+            # Check that page can be created when user has WIKI_CREATE
+            self._testenv.grant_perm('anonymous', 'WIKI_CREATE')
+            content_v1 = random_sentence()
+            self._tester.create_wiki_page(page_name, content_v1)
+            tc.find(content_v1)
+
+            # Check that page can't be edited without WIKI_MODIFY
+            tc.notfind("Edit this page")
+            tc.notfind("Attach file")
+            tc.go(self._tester.url + '/wiki/%s?action=edit' % page_name)
+            tc.find("Error: Forbidden")
+            tc.find("WIKI_MODIFY privileges are required to perform this "
+                    "operation on %s. You don't have the required permissions."
+                    % page_name)
+
+            # Check that page can be edited when user has WIKI_MODIFY
+            self._testenv.grant_perm('anonymous', 'WIKI_MODIFY')
+            self._tester.go_to_wiki(page_name)
+            tc.find("Edit this page")
+            tc.find("Attach file")
+            content_v2 = random_sentence()
+            self._tester.edit_wiki_page(page_name, content_v2)
+            tc.find(content_v2)
+
+            # Check that page can be reverted to a previous revision
+            tc.go(self._tester.url + '/wiki/%s?version=1' % page_name)
+            tc.find("Revert to this version")
+            tc.formvalue('modifypage', 'action', 'edit')
+            tc.submit()
+            tc.find(content_v1)
+
+            # Check that page can't be reverted without WIKI_MODIFY
+            self._tester.edit_wiki_page(page_name)
+            self._testenv.revoke_perm('anonymous', 'WIKI_MODIFY')
+            tc.go(self._tester.url + '/wiki/%s?version=1' % page_name)
+            tc.notfind("Revert to this version")
+            tc.go(self._tester.url + '/wiki/%s?action=edit&version=1' % page_name)
+            tc.find("WIKI_MODIFY privileges are required to perform this "
+                    "operation on %s. You don't have the required permissions."
+                    % page_name)
+
+        finally:
+            # Restore pre-test state.
+            self._tester.login('admin')
+            self._testenv.revoke_perm('anonymous', 'WIKI_CREATE')
+
+
 def functionalSuite(suite=None):
     if not suite:
         import trac.tests.functional.testcases
     suite.addTest(RegressionTestTicket4812())
     suite.addTest(RegressionTestTicket10274())
     suite.addTest(RegressionTestTicket10850())
+    suite.addTest(RegressionTestTicket10957())
     if has_docutils:
         import docutils
         if get_pkginfo(docutils):

File trac/wiki/web_ui.py

 
         if page.readonly:
             req.perm(page.resource).require('WIKI_ADMIN')
+        elif not page.exists:
+            req.perm(page.resource).require('WIKI_CREATE')
         else:
             req.perm(page.resource).require('WIKI_MODIFY')
         original_text = page.text