adding user check for access in modification

remyd1 · Jan 11, 2022 · 925ebcf · 925ebcf
1 parent 8f7793f
commit 925ebcf
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 2 deletions.
diff --git a/lib/gollum/app.rb b/lib/gollum/app.rb
@@ -209,7 +209,7 @@ class App < Sinatra::Base
       end
 
       get '/edit/*' do
-        forbid unless @allow_editing
+        forbid unless @allow_editing && @user_authed
         wikip = wiki_page(params[:splat].first)
         @name = wikip.fullname
         @path = wikip.path
@@ -232,6 +232,7 @@ class App < Sinatra::Base
 
         wiki = wiki_new
         halt 405 unless wiki.allow_uploads
+        forbid unless @user_authed
 
         if params[:file]
           fullname = params[:file][:filename]
@@ -288,6 +289,7 @@ class App < Sinatra::Base
       post '/rename/*' do
         wikip = wiki_page(params[:splat].first)
         halt 500 if wikip.nil?
+        forbid unless @user_authed
         wiki   = wikip.wiki
         page   = wikip.page
         rename = params[:rename]
@@ -331,6 +333,7 @@ class App < Sinatra::Base
         path      = "/#{clean_url(sanitize_empty_params(params[:path]))}"
         wiki      = wiki_new
         page      = wiki.page(::File.join(path, params[:page]))
+        forbid unless @user_authed
 
         return if page.nil?
         if etag != page.sha
@@ -351,6 +354,7 @@ class App < Sinatra::Base
 
       post '/delete/*' do
         forbid unless @allow_editing
+        forbid unless @user_authed
         wiki = wiki_new
         filepath = params[:splat].first
         unless filepath.nil?
@@ -387,6 +391,7 @@ class App < Sinatra::Base
         path   = sanitize_empty_params(params[:path]) || ''
         format = params[:format].intern
         wiki   = wiki_new
+        forbid unless @user_authed
 
         path.gsub!(/^\//, '')
 
@@ -624,7 +629,7 @@ def show_page_or_file(fullpath)
       elsif @redirects_enabled && redirect_path = wiki.redirects[fullpath]
         redirect to("#{encodeURIComponent(redirect_path)}?redirected_from=#{encodeURIComponent(fullpath)}")
       else
-        if @allow_editing
+        if @allow_editing && @user_authed
           path = fullpath[-1] == '/' ? "#{fullpath}#{wiki.index_page}" : fullpath # Append default index page if no page name is supplied
           redirect to("/gollum/create/#{clean_url(encodeURIComponent(path))}")
         else

diff --git a/lib/gollum/public/gollum/stylesheets/template.scss.erb b/lib/gollum/public/gollum/stylesheets/template.scss.erb
@@ -734,3 +734,12 @@ nav.actions {
     display: none;
    }
 }
+
+/* @section user */
+#user p {
+    text-align: right;
+    padding-right:0.5em;
+    font-size: .8em;
+    line-height: 2.0em;
+    color: #999;
+}
diff --git a/lib/gollum/templates/layout.mustache b/lib/gollum/templates/layout.mustache
@@ -59,6 +59,7 @@
 <body>
 <div class="container-lg clearfix">
 {{{yield}}}
+{{< user}}
 </div>
 </body>
 </html>
diff --git a/lib/gollum/templates/user.mustache b/lib/gollum/templates/user.mustache
@@ -0,0 +1,10 @@
+<div id="user">
+    <p>
+    {{#user_authed}}
+      {{user_name}} | {{user_provider}} | <strong><a href="/__omnigollum__/logout">[Logout]</a></strong>
+    {{/user_authed}}
+    {{^user_authed}}
+      not logged in | <strong><a href="/__omnigollum__/login">[Login]</a></strong>
+    {{/user_authed}}
+    <p>
+</div>
diff --git a/lib/gollum/views/layout.rb b/lib/gollum/views/layout.rb
@@ -83,6 +83,19 @@ def overview
       def latest_changes
         false
       end
+
+      # Passthrough additional omniauth parameters for status bar
+      def user_authed
+        @user_authed
+      end
+
+      def user_provider
+        @user.provider
+      end
+
+      def user_name
+        @user.name
+      end
 
     end
   end