Wiki abilities

3 files changed, 41 insertions, 17 deletions

diff --git a/app/controllers/wikis_controller.rb b/app/controllers/wikis_controller.rb
index 544f9887258..5e8365cffa5 100644
--- a/app/controllers/wikis_controller.rb
+++ b/app/controllers/wikis_controller.rb
@@ -1,6 +1,9 @@
 class WikisController < ApplicationController
   before_filter :project
   before_filter :add_project_abilities
+  before_filter :authorize_read_wiki!
+  before_filter :authorize_write_wiki!, :except => [:show, :destroy]
+  before_filter :authorize_admin_wiki!, :only => :destroy
   layout "project"
   
   def show
@@ -48,4 +51,18 @@ class WikisController < ApplicationController
       format.html { redirect_to project_wiki_path(@project, :index), notice: "Page was successfully deleted" }
     end
   end
+
+  protected 
+
+  def authorize_read_wiki!
+    can?(current_user, :read_wiki, @project)
+  end
+
+  def authorize_write_wiki!
+    can?(current_user, :write_wiki, @project)
+  end
+
+  def authorize_admin_wiki!
+    can?(current_user, :admin_wiki, @project)
+  end
 end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 42963f3ae4b..c7fddec21f6 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -15,21 +15,26 @@ class Ability
 
     rules << [
       :read_project,
+      :read_wiki,
       :read_issue,
       :read_snippet,
       :read_team_member,
       :read_merge_request,
-      :read_note
-    ] if project.allow_read_for?(user)
-
-    rules << [
+      :read_note,
       :write_project,
       :write_issue,
       :write_snippet,
       :write_merge_request,
-      :write_note,
+      :write_note
+    ] if project.guest_access_for?(user)
+
+    rules << [
+      :download_code,
+    ] if project.report_access_for?(user)
+
+    rules << [
       :write_wiki
-    ] if project.allow_write_for?(user)
+    ] if project.dev_access_for?(user)
 
     rules << [
       :modify_issue,
@@ -40,18 +45,16 @@ class Ability
       :admin_snippet,
       :admin_team_member,
       :admin_merge_request,
-      :admin_note
-    ] if project.allow_admin_for?(user)
+      :admin_note,
+      :admin_wiki
+    ] if project.master_access_for?(user)
 
-    rules << [
-      :download_code,
-    ] if project.allow_pull_for?(user)
 
     rules.flatten
   end
 
   class << self
-    [:issue, :note, :snippet, :merge_request, :wiki].each do |name|
+    [:issue, :note, :snippet, :merge_request].each do |name|
       define_method "#{name}_abilities" do |user, subject|
         if subject.author == user
           [
diff --git a/app/models/project.rb b/app/models/project.rb
index c3c710090d7..f5b9b54c0aa 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -233,16 +233,20 @@ class Project < ActiveRecord::Base
     !users_projects.where(:user_id => user.id).empty?
   end
 
-  def allow_write_for?(user)
+  def guest_access_for?(user)
     !users_projects.where(:user_id => user.id).empty?
   end
 
-  def allow_admin_for?(user)
-    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id
+  def report_access_for?(user)
+    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
   end
 
-  def allow_pull_for?(user)
-    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
+  def dev_access_for?(user)
+    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::DEVELOPER, UsersProject::MASTER]).empty?
+  end
+
+  def master_access_for?(user)
+    !users_projects.where(:user_id => user.id, :project_access => [UsersProject::MASTER]).empty? || owner_id == user.id
   end
 
   def root_ref