Merge remote-tracking branch 'origin/release/7.4' into dev

pull/6302/head
Oliver Günther 7 years ago
commit 78c363951a
No known key found for this signature in database
GPG Key ID: 88872239EB414F99
  1. 6
      app/controllers/wiki_controller.rb
  2. 2
      app/models/time_entry.rb
  3. 8
      app/policies/query_policy.rb
  4. 4
      frontend/app/components/op-context-menu/handlers/op-settings-dropdown-menu.directive.ts
  5. 13
      lib/api/v3/queries/form_representer.rb
  6. 6
      lib/open_project/text_formatting/matchers/wiki_links_matcher.rb
  7. 4
      spec/features/security/angular_xss_spec.rb
  8. 6
      spec/lib/open_project/text_formatting/textile/textile_spec.rb
  9. 2
      spec_legacy/functional/wiki_controller_spec.rb
  10. 2
      spec_legacy/unit/helpers/application_helper_spec.rb

@ -135,7 +135,7 @@ class WikiController < ApplicationController
if @page.new_record?
if User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
edit
render action: 'edit'
render action: 'new'
else
render_404
end
@ -256,7 +256,7 @@ class WikiController < ApplicationController
def wiki_root_menu_items
MenuItems::WikiMenuItem
.where(parent_id: nil)
.main_items(@wiki.id)
.map { |it| OpenStruct.new name: it.name, caption: it.title, item: it }
end
@ -403,7 +403,7 @@ class WikiController < ApplicationController
private
def wiki_page_title
params[:id]
params[:title] || params[:id]
end
def find_wiki

@ -126,7 +126,7 @@ class TimeEntry < ActiveRecord::Base
private
def validate_hours_are_in_range
errors.add :hours, :invalid if hours && (hours < 0 || hours >= 1000)
errors.add :hours, :invalid if hours && hours < 0
end
def validate_project_is_set

@ -36,6 +36,7 @@ class QueryPolicy < BasePolicy
update: persisted_and_own_or_public?(cached_query),
destroy: persisted_and_own_or_public?(cached_query),
create: create_allowed?(cached_query),
create_new: create_new_allowed?(cached_query),
publicize: publicize_allowed?(cached_query),
depublicize: depublicize_allowed?(cached_query),
star: persisted_and_own_or_public?(cached_query),
@ -58,8 +59,11 @@ class QueryPolicy < BasePolicy
end
def create_allowed?(query)
query.new_record? &&
save_queries_allowed?(query)
query.new_record? && create_new_allowed?(query)
end
def create_new_allowed?(query)
save_queries_allowed?(query)
end
def publicize_allowed?(query)

@ -161,11 +161,11 @@ export class OpSettingsMenuDirective extends OpContextMenuTrigger implements OnD
},
{
// Query save as modal
disabled: this.authorisationService.cannot('query', 'updateImmediately'),
disabled: this.form ? !!this.form.$links.create_new : this.authorisationService.cannot('query', 'updateImmediately'),
linkText: this.I18n.t('js.toolbar.settings.save_as'),
icon: 'icon-save',
onClick: ($event:JQueryEventObject) => {
if (this.allowFormAction($event, 'commit')) {
if (this.allowFormAction($event, 'create_new')) {
this.opModalService.show(SaveQueryModal);
}

@ -55,6 +55,15 @@ module API
end
end
link :create_new do
if allow_create_as_new?
{
href: api_v3_paths.queries,
method: :post
}
end
end
def commit_action
raise NotImplementedError, "subclass responsibility"
end
@ -89,6 +98,10 @@ module API
def allow_save?
QueryPolicy.new(current_user).allowed? represented, commit_action
end
def allow_create_as_new?
QueryPolicy.new(current_user).allowed? represented, :create_new
end
end
end
end

@ -130,7 +130,8 @@ module OpenProject::TextFormatting
# check if page exists
wiki_page = project.wiki.find_page(page)
wiki_title = wiki_page.nil? ? page : wiki_page.title
default_wiki_title = wiki_page.nil? ? page : wiki_page.title
wiki_title = title || default_wiki_title
url = case context[:wiki_links]
when :local;
@ -143,11 +144,12 @@ module OpenProject::TextFormatting
controller: '/wiki',
action: 'show',
project_id: project.identifier,
title: wiki_page.nil? ? wiki_title.strip : nil,
id: wiki_page_id,
anchor: anchor
end
link_to h(title || wiki_title),
link_to h(wiki_title),
url,
class: ('wiki-page' + (wiki_page ? '' : ' new'))
end

@ -116,7 +116,7 @@ describe 'Angular expression escaping', type: :feature do
let(:content) { find '#content_text' }
let(:preview) { find '#preview' }
let(:btn_preview) { find '#wiki_form-preview' }
let(:btn_cancel) { find '#wiki_form a.button', text: I18n.t(:button_cancel) }
let(:btn_save) { find '.button.-highlight', text: I18n.t(:button_save) }
before do
login_as(user)
@ -130,7 +130,7 @@ describe 'Angular expression escaping', type: :feature do
expect(preview.text).not_to include '{{ $root.DOUBLE_LEFT_CURLY_BRACE }}'
expect(preview.text).to match /\{\{[\s\w]+\}\}/
btn_cancel.click
btn_save.click
end
end

@ -478,13 +478,13 @@ describe OpenProject::TextFormatting do
context 'Wiki link to an unknown page' do
subject { format_text('[[Unknown page]]') }
it { is_expected.to be_html_eql("<p><a class=\"wiki-page new\" href=\"/projects/#{project.identifier}/wiki/unknown-page\">Unknown page</a></p>") }
it { is_expected.to be_html_eql("<p><a class=\"wiki-page new\" href=\"/projects/#{project.identifier}/wiki/unknown-page?title=Unknown+page\">Unknown page</a></p>") }
end
context 'Wiki page link to an unknown page' do
subject { format_text('[[Unknown page|404]]') }
it { is_expected.to be_html_eql("<p><a class=\"wiki-page new\" href=\"/projects/#{project.identifier}/wiki/unknown-page\">404</a></p>") }
it { is_expected.to be_html_eql("<p><a class=\"wiki-page new\" href=\"/projects/#{project.identifier}/wiki/unknown-page?title=404\">404</a></p>") }
end
context "Link to another project's wiki" do
@ -514,7 +514,7 @@ describe OpenProject::TextFormatting do
context 'Link to an unknown wiki page in another project' do
subject { format_text('[[onlinestore:Unknown page]]') }
it { is_expected.to be_html_eql("<p><a class=\"wiki-page new\" href=\"/projects/onlinestore/wiki/unknown-page\">Unknown page</a></p>") }
it { is_expected.to be_html_eql("<p><a class=\"wiki-page new\" href=\"/projects/onlinestore/wiki/unknown-page?title=Unknown+page\">Unknown page</a></p>") }
end
context 'Struck through link to wiki page' do

@ -80,7 +80,7 @@ describe WikiController, type: :controller do
session[:user_id] = 2
get :show, params: { project_id: 1, id: 'Unexistent page' }
assert_response :success
assert_template 'edit'
assert_template 'new'
end
it 'should create page' do

@ -347,7 +347,7 @@ EXPECTED
FactoryGirl.create :wiki_page_with_content, wiki: @project.wiki, title: 'Last page'
to_test = { "|[[Page|Link title]]|[[Other Page|Other title]]|\n|Cell 21|[[Last page]]|" =>
"<tr><td><a class=\"wiki-page new\" href=\"/projects/#{@project.identifier}/wiki/page\">Link title</a></td>" +
"<tr><td><a class=\"wiki-page new\" href=\"/projects/#{@project.identifier}/wiki/page?title=Link+title\">Link title</a></td>" +
"<td><a class=\"wiki-page\" href=\"/projects/#{@project.identifier}/wiki/other-page\">Other title</a></td>" +
"</tr><tr><td>Cell 21</td><td><a class=\"wiki-page\" href=\"/projects/#{@project.identifier}/wiki/last-page\">Last page</a></td></tr>"
}

Loading…
Cancel
Save