Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wiki page locking #397

Closed
7 of 8 tasks
jywarren opened this issue Mar 8, 2016 · 13 comments
Closed
7 of 8 tasks

Wiki page locking #397

jywarren opened this issue Mar 8, 2016 · 13 comments
Assignees
@500swapnil
Labels
break-me-up break up for cleaner code separation, discrete tests, and, easier and iterative collaboration enhancement explains that the issue is to improve upon one of our existing features help wanted requires help by anyone willing to contribute
Milestone
Rich Wikis

Comments

@jywarren
Copy link
Member

jywarren commented Mar 8, 2016
edited
Loading

Overview

For extremely cautious use, for around 10 or so "most visible" pages on the site and/or those related to the staff only (board, for example), we need some locking abilities. Pages like:

Admins (user.role == "admin") would have ability to lock, and moderators to edit locked pages. We'd show a clear message indicating that it's locked and why, and a way to appeal this, probably by linking to now-draft https://publiclab.org/wiki/moderation. in an alert.

Update: as of #1095, tag creation permissions are done and we now just have to disallow the edit and update actions on https://github.com/publiclab/plots2/blob/master/app/controllers/wiki_controller.rb -- See Tasks, below.

Goal is to keep locking to an absolute minimum -- only for the most trafficked and spam-hit pages. Wiki page edit notifications for anything else. (#396)

Tasks

  1. Maybe display a lock icon, with Bootstrap tooltip explanation, where Edit button is. (Add "lock" icon and de-linkify Edit tab of "locked" wiki pages #1099)
  2. Also, link to a listing of all locked pages, at /tag/locked, from an explanation page at https://publiclab.org/wiki/locked (that'll be done in Add "lock" icon and de-linkify Edit tab of "locked" wiki pages #1099)
  3. And an entry in the power tags page to go to /wiki/locked: https://publiclab.org/wiki/power-tags
  4. Intercept requests to the edit page. Look to see if the "locked" tag exists, and if it does, redirects back to the wiki page with an error message, by adding just after this line: https://github.com/publiclab/plots2/blob/master/app/controllers/wiki_controller.rb#L74 as follows (complete in Added test to block basic user edits, closes issue #397 #1114):
if @node.has_power_tag('locked') && (current_user.role != "admin" && current_user.role != "moderator")
  flash.now[:warning] = "This page is <a href='/wiki/power-tags#Locking'>locked</a>, and only <a href='/wiki/moderators'>moderators</a> can edit it."
  redirect_to @node.path
end
  1. (closed in Added test to block normal user from updating wiki, fixes #397 #1155) We'd want to add the same kind of catch to def update in the same controller (for when you click save on a wiki page), except that we'd want to put all of these lines in an else block, so they don't get run if there's a lock:

https://github.com/publiclab/plots2/blob/master/app/controllers/wiki_controller.rb#L137-L173

  test "basic user blocked from updating a locked wiki page" do
    node(:organizers).add_tag('locked', rusers(:admin)) # lock the page with a tag

    # then try updating it
    post :update,
         id:  node(:organizers).id, 
         uid:   rusers(:bob).id, 
         title: ""

    assert_template "wiki/show"
    assert_select ".alert", "expected message"
  end

This issue needs breaking up!
@jywarren jywarren added enhancement explains that the issue is to improve upon one of our existing features high-priority labels Mar 8, 2016
@jywarren jywarren mentioned this issue Mar 8, 2016
Open
@jywarren jywarren added the help wanted requires help by anyone willing to contribute label Mar 25, 2016
@jywarren
Copy link
Member Author

@ebarry - input on list of pages to lock?

@jywarren jywarren added this to the Rich Wikis milestone Nov 18, 2016
@jywarren jywarren added the break-me-up break up for cleaner code separation, discrete tests, and, easier and iterative collaboration label Nov 29, 2016
@jywarren jywarren mentioned this issue Nov 30, 2016
Closed
This was referenced Dec 7, 2016
Merged
Merged
Closed
@jywarren jywarren mentioned this issue Dec 16, 2016
Merged
6 tasks
@500swapnil
Copy link
Collaborator

Okay so what should I do first?

@jywarren
Copy link
Member Author

jywarren commented Dec 16, 2016 via email

@500swapnil
Copy link
Collaborator

Okay so this test will do I guess
test "basic user blocked from updating a locked wiki page" do
node(:organizers).add_tag('locked', rusers(:admin)) # lock the page with a tag

# then try updating it
post :update,
     id:  node(:organizers).id, 
     uid:   rusers(:bob).id, 
     title: ""

assert_template "wiki/show"
assert_select ".alert", "expected message"

end

@jywarren
Copy link
Member Author

jywarren commented Dec 16, 2016 via email

@500swapnil
Copy link
Collaborator

Okay I have opened a PR #1114

@jywarren jywarren mentioned this issue Dec 16, 2016
Merged
6 tasks
jywarren pushed a commit that referenced this issue Dec 31, 2016
@500swapnil @jywarren
Added test to block basic user edits, closes issue #397 (#1114)
940286e 
* Added test to block basic user edits

* Added feature

* upate wiki_controller_test.rb

* Update wiki_controller_test.rb

* Update wiki_controller_test.rb

* Update wiki_controller_test.rb

* Update wiki_controller_test.rb

* Update wiki_controller_test.rb

* Update on flash[]

* Added flash test

* update wiki_controller.rb

* update

* Removed assert_select

* removed assert flash

* removed assert_redirected_to test

* Update

* Back to 961812c state

* Update wiki_controller_test.rb
@jywarren
Copy link
Member Author

#1114 merged -- now just need the same but for the wiki update action!

@500swapnil
Copy link
Collaborator

I have added a PR #1155 for update action. Please have a look!

@jywarren jywarren reopened this Jan 3, 2017
@jywarren
Copy link
Member Author

jywarren commented Jan 3, 2017

I'm going to reopen and suggest one more addition -- a test that admins do not get redirected, but can indeed both edit and update locked wiki pages. @500swapnil - any interest in this last one? It'd just be two tests.

Thanks!!!

@jywarren
Copy link
Member Author

jywarren commented Jan 3, 2017

Also, i'd like to request that this line be modified to link to the /wiki/edit/pagetitle rather than the /wiki/locked URL if the current user is an "admin" or "moderator":

https://github.com/publiclab/plots2/blob/master/app/views/wiki/show.html.erb#L45

That way it's easier for admins and mods to actually make edits!

@500swapnil
Copy link
Collaborator

@jywarren Yeah I can add. But where should I add the test?

@jywarren
Copy link
Member Author

jywarren commented Jan 3, 2017 via email

@500swapnil
Copy link
Collaborator

I made a PR #1163. Please have a look.

@SidharthBansal SidharthBansal mentioned this issue Dec 2, 2019
Closed
63 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@500swapnil 500swapnil

Labels
break-me-up break up for cleaner code separation, discrete tests, and, easier and iterative collaboration enhancement explains that the issue is to improve upon one of our existing features help wanted requires help by anyone willing to contribute
Projects
None yet
Milestone
Rich Wikis
Development

No branches or pull requests
2 participants
@jywarren @500swapnil