diff --git a/frontend/src/wiki.js b/frontend/src/wiki.js index 481e46d14c..1ef48393cb 100644 --- a/frontend/src/wiki.js +++ b/frontend/src/wiki.js @@ -103,7 +103,7 @@ class Wiki extends Component { }) }) - let fileUrl = '/wikis/' + slug + filePath; + let fileUrl = siteRoot + 'wikis/' + slug + filePath; window.history.pushState({urlPath: fileUrl, filePath: filePath}, filePath, fileUrl); } diff --git a/seahub/api2/endpoints/wiki_pages.py b/seahub/api2/endpoints/wiki_pages.py index 3861468e3e..2bac9ff4c5 100644 --- a/seahub/api2/endpoints/wiki_pages.py +++ b/seahub/api2/endpoints/wiki_pages.py @@ -220,7 +220,7 @@ class WikiPagesDirView(APIView): return api_error(status.HTTP_404_NOT_FOUND, error_msg) # perm check - if not wiki.has_read_perm(request.user): + if not wiki.check_access_wiki(request): error_msg = "Permission denied" return api_error(status.HTTP_403_FORBIDDEN, error_msg) @@ -261,7 +261,7 @@ class WikiPageContentView(APIView): return api_error(status.HTTP_404_NOT_FOUND, error_msg) # perm check - if not wiki.has_read_perm(request.user): + if not wiki.check_access_wiki(request): error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) diff --git a/seahub/api2/endpoints/wikis.py b/seahub/api2/endpoints/wikis.py index baa7812a59..def04ee4f9 100644 --- a/seahub/api2/endpoints/wikis.py +++ b/seahub/api2/endpoints/wikis.py @@ -86,19 +86,13 @@ class WikisView(APIView): msg = _('Name can only contain letters, numbers, blank, hyphen or underscore.') return api_error(status.HTTP_400_BAD_REQUEST, msg) - permission = request.POST.get('permission', '').lower() - if permission not in [x[0] for x in Wiki.PERM_CHOICES]: - msg = 'Permission invalid' - return api_error(status.HTTP_400_BAD_REQUEST, msg) - org_id = -1 if is_org_context(request): org_id = request.user.org.org_id username = request.user.username try: - wiki = Wiki.objects.add(name, username, permission=permission, - org_id=org_id) + wiki = Wiki.objects.add(name, username, org_id=org_id) except DuplicateWikiNameError: msg = _('%s is taken by others, please try another name.') % name return api_error(status.HTTP_400_BAD_REQUEST, msg) diff --git a/seahub/templates/wiki/wiki_list.html b/seahub/templates/wiki/wiki_list.html index 2d5348de3b..552bb37d6b 100644 --- a/seahub/templates/wiki/wiki_list.html +++ b/seahub/templates/wiki/wiki_list.html @@ -15,8 +15,7 @@ - - + @@ -34,12 +33,6 @@

{% trans "New Wiki" %}



-
-

@@ -51,15 +44,6 @@ <%- name %> -
{% trans "Name" %}{% trans "Permission" %}{% trans "Name" %} {% trans "Owner" %} {% trans "Last Update" %} - <%= permission_text %> - - - <%- owner_nickname %> <%= update_time_from_now %> @@ -130,8 +114,7 @@ $('#new-wiki').on('click', function() { $('#new-wiki-form').on('submit', function () { var $form = $(this), $error = $('.error', $form), - name = $('[name="name"]', $form).val(), - permission = $('[name="permission"]', $form).val(); + name = $('[name="name"]', $form).val(); var $table = $('table'), $tbody = $('tbody'), $emptyTips = $('.empty-tips'); @@ -152,7 +135,6 @@ $('#new-wiki-form').on('submit', function () { beforeSend: prepareCSRFToken, data: { 'name': name, - 'permission': permission }, success: function(data) { $.modal.close(); @@ -193,13 +175,6 @@ var wiki = { tmpl: _.template($('#wiki-tmpl').html()), render: function(obj) { - var getPermText = function(data) { - switch(data) { - case 'private': return "{% trans "private" %}"; - case 'login-user': return "{% trans "logged-in users" %}"; - case 'public': return "{% trans "public" %}"; - } - }; var update_time, update_time_from_now; if (obj.updated_at) { @@ -212,7 +187,6 @@ var wiki = { } var data = $.extend({}, obj, { - 'permission_text': getPermText(obj.permission), 'owner_profile_url': '{{SITE_ROOT}}profile/' + encodeURIComponent(obj.owner) + '/', 'update_time': update_time, 'update_time_from_now': update_time_from_now @@ -249,36 +223,6 @@ var wiki = { }); }, - editPerm: function(options) { - var slug = options.slug, - perm = options.perm, - $el = options.$el; - $.ajax({ - url: '{{SITE_ROOT}}api/v2.1/wikis/' + encodeURIComponent(slug) + '/', - type: 'PUT', - cache: false, - data: {'permission': perm}, - beforeSend: prepareCSRFToken, - success: function(data) { - $el.replaceWith(wiki.render(data)); - feedback("{% trans "Successfully edited the permission." %}", 'success'); - }, - error: function(xhr) { - var error_msg; - if (xhr.responseText) { - try { - error_msg = JSON.parse(xhr.responseText).error_msg; - } catch(e) { - error_msg = "{% trans "Error" %}"; - } - } else { - error_msg = "{% trans "Please check the network." %}"; - } - feedback(error_msg, 'error'); - } - }); - }, - setLocale: function() { var lang_code = '{{LANGUAGE_CODE}}'; var m_lang_code; @@ -316,8 +260,6 @@ var wikiListController = { $wikiList.on('click', '.wiki-dropdown-toggle', $.proxy(_this.showWikiMenu, _this)); $wikiList.on('click', '.delete-wiki', $.proxy(_this.deleteCurrentWiki, _this)); $wikiList.on('click', '.rename-wiki', $.proxy(_this.showRenameTmpl, _this)); - $wikiList.on('click', '.perm-edit-icon', $.proxy(_this.showPremSelection, _this)); - $wikiList.on('change', '.perm-select', $.proxy(_this.changePermSelected, _this)); //handle menu event; $(document).on('click', function(event){ @@ -333,41 +275,10 @@ var wikiListController = { } return true; }) - //handle perm event - $(document).on('click', function(e) { - var target = e.target || event.srcElement; - if (!$('.perm-edit-icon, .perm-select', $wikiList).is(target)) { - $('.cur-perm, .perm-edit-icon', $wikiList).show(); - $('.perm-select', $wikiList).hide(); - } - }); }, showOwnerInfo: function(){}, - showPremSelection: function(event) { - var target = event.target || event.srcElement; - var $el = $(target).closest('tr'); - - $('.cur-perm, .perm-edit-icon', $el).hide(); - $('.perm-select', $el).show(); - - return false; - }, - - changePermSelected: function(event) { - var target = event.target || event.srcElement; - var perm = $(target).val(); - var $el = $(target).closest('tr'); - var slug = $el.attr('data-slug'); - - wiki.editPerm({ - $el: $el, - slug: slug, - perm: perm - }); - }, - showWikiMenu: function(event) { var target = event.target || event.srcElement; var $wikiMenu = $(target).parent().find('.sf-dropdown-menu'); diff --git a/seahub/wiki/models.py b/seahub/wiki/models.py index 23a54bd15d..2f5a85f7c2 100644 --- a/seahub/wiki/models.py +++ b/seahub/wiki/models.py @@ -11,7 +11,6 @@ from seahub.utils import get_site_scheme_and_netloc from seahub.utils.timeutils import (timestamp_to_isoformat_timestr, datetime_to_isoformat_timestr) - class WikiDoesNotExist(Exception): pass @@ -134,6 +133,16 @@ class Wiki(models.Model): else: # private return True if user.username == self.username else False + def check_access_wiki(self, request): + from seahub.views import check_folder_permission + + if request.user.is_authenticated() and check_folder_permission( + request, self.repo_id, '/') is not None: + return True + else: + return False + + def to_dict(self): return { 'id': self.pk, diff --git a/seahub/wiki/views.py b/seahub/wiki/views.py index aabbd0cbf6..aa6d4248f6 100644 --- a/seahub/wiki/views.py +++ b/seahub/wiki/views.py @@ -48,11 +48,12 @@ def slug(request, slug, file_path="home.md"): # perm check req_user = request.user.username - if not req_user and not wiki.has_read_perm(request.user): + + if not req_user: return redirect('auth_login') - else: - if not wiki.has_read_perm(request.user): - return render_permission_error(request, _(u'Unable to view wiki')) + + if not wiki.check_access_wiki(request): + return render_permission_error(request, _(u'Unable to view wiki')) file_type, ext = get_file_type_and_ext(posixpath.basename(file_path)) if file_type == IMAGE: