From a9707e8cf70487a52efbe43ffe72c9e995f5cdea Mon Sep 17 00:00:00 2001 From: George Thomas Date: Wed, 27 Feb 2019 13:11:14 +0530 Subject: Rewrite `if:` argument in before_action and alike when `only:` is also used Closes #55564 This is first discovered in #54739 (comment 122609857) that if both if: and only: are used in a before_action or after_action or alike, if: is completely ignored. --- app/controllers/projects/wikis_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/controllers/projects/wikis_controller.rb') diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb index fa5bdbc7d49..b0998d7f3be 100644 --- a/app/controllers/projects/wikis_controller.rb +++ b/app/controllers/projects/wikis_controller.rb @@ -10,7 +10,8 @@ class Projects::WikisController < Projects::ApplicationController before_action :authorize_admin_wiki!, only: :destroy before_action :load_project_wiki before_action :load_page, only: [:show, :edit, :update, :history, :destroy] - before_action :valid_encoding?, only: [:show, :edit, :update], if: :load_page + before_action :valid_encoding?, + if: -> { %w[show edit update].include?(action_name) && load_page } before_action only: [:edit, :update], unless: :valid_encoding? do redirect_to(project_wiki_path(@project, @page)) end -- cgit v1.2.1 From c03ae6201f5480c179acb26ba06e3824a2cb7aad Mon Sep 17 00:00:00 2001 From: Alex Kalderimis Date: Tue, 23 Jul 2019 22:40:23 +0000 Subject: Allowing all users to view history This removes the create_wiki permission check from the history controller, allowing show and history to have the same level of permissions. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/29528 --- app/controllers/projects/wikis_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/projects/wikis_controller.rb') diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb index b0998d7f3be..d1914c35bd3 100644 --- a/app/controllers/projects/wikis_controller.rb +++ b/app/controllers/projects/wikis_controller.rb @@ -6,7 +6,7 @@ class Projects::WikisController < Projects::ApplicationController include Gitlab::Utils::StrongMemoize before_action :authorize_read_wiki! - before_action :authorize_create_wiki!, only: [:edit, :create, :history] + before_action :authorize_create_wiki!, only: [:edit, :create] before_action :authorize_admin_wiki!, only: :destroy before_action :load_project_wiki before_action :load_page, only: [:show, :edit, :update, :history, :destroy] -- cgit v1.2.1