Wiki permission tweaks.

AresMUSH · Apr 28, 2018 · 2d88cd2 · 2d88cd2
1 parent 262c251
commit 2d88cd2
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/plugins/website/web/edit_wiki_page_handler.rb b/plugins/website/web/edit_wiki_page_handler.rb
@@ -18,7 +18,7 @@ def handle(request)
           return { error: t('webportal.not_found') }
         end
 
-        if ((WebHelpers.is_restricted_wiki_page?(page) && !enactor.is_admin?) ||
+        if ((WebHelpers.is_restricted_wiki_page?(page) && !WebHelpers.can_manage_wiki?(enactor)) ||
           !enactor.is_approved?)
           return { error: t('dispatcher.not_allowed') }
         end

diff --git a/plugins/website/web/get_wiki_page_handler.rb b/plugins/website/web/get_wiki_page_handler.rb
@@ -23,7 +23,7 @@ def handle(request)
         lock_info = page.get_lock_info(enactor)
         restricted_page = WebHelpers.is_restricted_wiki_page?(page)
         if (edit_mode)
-          if (restricted_page && !enactor.is_admin?)
+          if (restricted_page && !WebHelpers.can_manage_wiki?(enactor))
             return { error: t('dispatcher.not_allowed') }
           end
           if (!lock_info)
@@ -34,7 +34,9 @@ def handle(request)
         else
           text = WebHelpers.format_markdown_for_html page.text
         end
-
+
+        can_edit = enactor && enactor.is_approved? && !lock_info && ( WebHelpers.can_manage_wiki?(enactor) || !restricted_page )
+
         {
           id: page.id,
           heading: page.heading,
@@ -44,9 +46,9 @@ def handle(request)
           tags: page.tags,
           lock_info: lock_info,
           can_delete: enactor && enactor.is_admin? && !restricted_page,
-          can_edit: enactor && enactor.is_approved? && !lock_info && ( enactor.is_admin? || !restricted_page ),
+          can_edit: can_edit,
           current_version_id: page.current_version.id,
-          can_change_name: !WebHelpers.is_restricted_wiki_page?(page)
+          can_change_name: can_edit
         }
       end
     end

diff --git a/plugins/website/web_helpers.rb b/plugins/website/web_helpers.rb
@@ -14,6 +14,10 @@ def self.is_restricted_wiki_page?(page)
       restricted_pages = Global.read_config("website", "restricted_pages") || ['home']
       restricted_pages.map { |p| WikiPage.sanitize_page_name(p.downcase) }.include?(page.name.downcase)
     end
+
+    def self.can_manage_wiki?(actor)
+      actor && actor.has_permission?("manage_wiki")
+    end
 
     def self.format_output_for_html(output)
       return nil if !output