2020-10-27 00:50:13 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2017-04-28 10:57:24 +08:00
|
|
|
#
|
|
|
|
|
# Copyright (C) 2011 - present Instructure, Inc.
|
|
|
|
|
#
|
|
|
|
|
# This file is part of Canvas.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is free software: you can redistribute it and/or modify it under
|
|
|
|
|
# the terms of the GNU Affero General Public License as published by the Free
|
|
|
|
|
# Software Foundation, version 3 of the License.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
|
|
|
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
|
|
|
# details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU Affero General Public License along
|
|
|
|
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
2015-04-09 01:21:08 +08:00
|
|
|
require "nokogiri"
|
|
|
|
|
require "ritex"
|
|
|
|
|
|
2011-05-20 05:39:43 +08:00
|
|
|
module UserContent
|
Don't use new math handling when editing quizzes
closes LS-1639
flag=none
The change to SyllabusBehaviors puts code back that existed
before the new math handling was introduced, and should have
been behind its flag.
If the new_math_equation_handling flag is on, turn it off if
we're editing a quiz, and skip having the backend inject the
hidden mathml, which is part of the legacy equation handling.
test plan:
=== With the new math_equation_handling flag off ====
- create a quiz, add a multiple choice question with an equation
as an answer
- save the question, save the quiz
- edit the quiz, edit the question, do not edit the answer
> look at the DOM. there should be no moe than 1
<span class="hidden-readable">
just after the equation image in the answer
- save the question, save the quiz
- preview the quiz
> expect just 1 <span class="hidden-readable"> in the DOM just
after the equation image
- no combination of edit, save, edit, ... should cause > 1
<span class="hidden-readable">
after the equation image
=== with the new_math_equation_handling flag on ===
- preview and edit the quiz you created with the flag off
> expect it to look A-OK
- create a new quiz
- use the rce's equation editor to put an equation everywhere
you can possible think of in a quiz
- the text
- answers
- comments on the answers
> expect the equations to look right no matter what
- edit the quiz and all the places where there are equations
> yep still ok
- save the qustion
> still ok
- save the quiz
> still ok
- preview the quiz, to completion to see answer comments
> looks good _and_ equations are mathjaxified
- edit everything again
> still looks good everywhere
Change-Id: I1319d007509f6e8cbc9c9af81e3939e365b0fa92
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/253507
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Ed Schiebel <eschiebel@instructure.com>
2020-11-21 22:28:44 +08:00
|
|
|
def self.escape(
|
|
|
|
|
str,
|
|
|
|
|
current_host = nil,
|
2021-12-11 02:02:06 +08:00
|
|
|
use_updated_math_rendering = true
|
Don't use new math handling when editing quizzes
closes LS-1639
flag=none
The change to SyllabusBehaviors puts code back that existed
before the new math handling was introduced, and should have
been behind its flag.
If the new_math_equation_handling flag is on, turn it off if
we're editing a quiz, and skip having the backend inject the
hidden mathml, which is part of the legacy equation handling.
test plan:
=== With the new math_equation_handling flag off ====
- create a quiz, add a multiple choice question with an equation
as an answer
- save the question, save the quiz
- edit the quiz, edit the question, do not edit the answer
> look at the DOM. there should be no moe than 1
<span class="hidden-readable">
just after the equation image in the answer
- save the question, save the quiz
- preview the quiz
> expect just 1 <span class="hidden-readable"> in the DOM just
after the equation image
- no combination of edit, save, edit, ... should cause > 1
<span class="hidden-readable">
after the equation image
=== with the new_math_equation_handling flag on ===
- preview and edit the quiz you created with the flag off
> expect it to look A-OK
- create a new quiz
- use the rce's equation editor to put an equation everywhere
you can possible think of in a quiz
- the text
- answers
- comments on the answers
> expect the equations to look right no matter what
- edit the quiz and all the places where there are equations
> yep still ok
- save the qustion
> still ok
- save the quiz
> still ok
- preview the quiz, to completion to see answer comments
> looks good _and_ equations are mathjaxified
- edit everything again
> still looks good everywhere
Change-Id: I1319d007509f6e8cbc9c9af81e3939e365b0fa92
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/253507
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Ed Schiebel <eschiebel@instructure.com>
2020-11-21 22:28:44 +08:00
|
|
|
)
|
2022-12-10 04:12:37 +08:00
|
|
|
html = Nokogiri::HTML5.fragment(str, nil, **CanvasSanitize::SANITIZE[:parser_options])
|
2012-07-10 05:05:05 +08:00
|
|
|
find_user_content(html) do |obj, uc|
|
2015-04-09 01:21:08 +08:00
|
|
|
uuid = SecureRandom.uuid
|
2011-05-20 05:39:43 +08:00
|
|
|
child = Nokogiri::XML::Node.new("iframe", html)
|
|
|
|
|
child["class"] = "user_content_iframe"
|
|
|
|
|
child["name"] = uuid
|
2012-07-10 05:05:05 +08:00
|
|
|
child["style"] = "width: #{uc.width}; height: #{uc.height}"
|
2011-05-20 05:39:43 +08:00
|
|
|
child["frameborder"] = "0"
|
|
|
|
|
|
|
|
|
|
form = Nokogiri::XML::Node.new("form", html)
|
2012-07-10 05:05:05 +08:00
|
|
|
form["action"] = "//#{HostUrl.file_host(@domain_root_account || Account.default, current_host)}/object_snippet"
|
2011-05-20 05:39:43 +08:00
|
|
|
form["method"] = "post"
|
|
|
|
|
form["class"] = "user_content_post_form"
|
|
|
|
|
form["target"] = uuid
|
|
|
|
|
form["id"] = "form-#{uuid}"
|
|
|
|
|
|
|
|
|
|
input = Nokogiri::XML::Node.new("input", html)
|
|
|
|
|
input["type"] = "hidden"
|
|
|
|
|
input["name"] = "object_data"
|
2012-07-10 05:05:05 +08:00
|
|
|
input["value"] = uc.node_string
|
2011-05-20 05:39:43 +08:00
|
|
|
form.add_child(input)
|
|
|
|
|
|
|
|
|
|
s_input = Nokogiri::XML::Node.new("input", html)
|
|
|
|
|
s_input["type"] = "hidden"
|
|
|
|
|
s_input["name"] = "s"
|
2012-07-10 05:05:05 +08:00
|
|
|
s_input["value"] = uc.node_hmac
|
2011-05-20 05:39:43 +08:00
|
|
|
form.add_child(s_input)
|
|
|
|
|
|
|
|
|
|
obj.replace(child)
|
|
|
|
|
child.add_next_sibling(form)
|
|
|
|
|
end
|
2012-07-10 05:05:05 +08:00
|
|
|
|
2015-06-10 03:21:35 +08:00
|
|
|
find_equation_images(html) do |node|
|
2017-02-21 08:01:35 +08:00
|
|
|
equation = node["data-equation-content"] || node["alt"]
|
2020-09-12 01:15:52 +08:00
|
|
|
next if equation.blank?
|
Don't use new math handling when editing quizzes
closes LS-1639
flag=none
The change to SyllabusBehaviors puts code back that existed
before the new math handling was introduced, and should have
been behind its flag.
If the new_math_equation_handling flag is on, turn it off if
we're editing a quiz, and skip having the backend inject the
hidden mathml, which is part of the legacy equation handling.
test plan:
=== With the new math_equation_handling flag off ====
- create a quiz, add a multiple choice question with an equation
as an answer
- save the question, save the quiz
- edit the quiz, edit the question, do not edit the answer
> look at the DOM. there should be no moe than 1
<span class="hidden-readable">
just after the equation image in the answer
- save the question, save the quiz
- preview the quiz
> expect just 1 <span class="hidden-readable"> in the DOM just
after the equation image
- no combination of edit, save, edit, ... should cause > 1
<span class="hidden-readable">
after the equation image
=== with the new_math_equation_handling flag on ===
- preview and edit the quiz you created with the flag off
> expect it to look A-OK
- create a new quiz
- use the rce's equation editor to put an equation everywhere
you can possible think of in a quiz
- the text
- answers
- comments on the answers
> expect the equations to look right no matter what
- edit the quiz and all the places where there are equations
> yep still ok
- save the qustion
> still ok
- save the quiz
> still ok
- preview the quiz, to completion to see answer comments
> looks good _and_ equations are mathjaxified
- edit everything again
> still looks good everywhere
Change-Id: I1319d007509f6e8cbc9c9af81e3939e365b0fa92
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/253507
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Ed Schiebel <eschiebel@instructure.com>
2020-11-21 22:28:44 +08:00
|
|
|
|
|
|
|
|
# there are places in canvas (e.g. classic quizzes) that
|
|
|
|
|
# inadvertently saved the hidden-readable span, causing
|
|
|
|
|
# them to multiply everytime the entity is edited.
|
|
|
|
|
# Strip the ones that shouldn't be there before adding a new one
|
2020-12-08 06:11:54 +08:00
|
|
|
node.next_element.remove while node.next_element && node.next_element["class"] == "hidden-readable"
|
Don't use new math handling when editing quizzes
closes LS-1639
flag=none
The change to SyllabusBehaviors puts code back that existed
before the new math handling was introduced, and should have
been behind its flag.
If the new_math_equation_handling flag is on, turn it off if
we're editing a quiz, and skip having the backend inject the
hidden mathml, which is part of the legacy equation handling.
test plan:
=== With the new math_equation_handling flag off ====
- create a quiz, add a multiple choice question with an equation
as an answer
- save the question, save the quiz
- edit the quiz, edit the question, do not edit the answer
> look at the DOM. there should be no moe than 1
<span class="hidden-readable">
just after the equation image in the answer
- save the question, save the quiz
- preview the quiz
> expect just 1 <span class="hidden-readable"> in the DOM just
after the equation image
- no combination of edit, save, edit, ... should cause > 1
<span class="hidden-readable">
after the equation image
=== with the new_math_equation_handling flag on ===
- preview and edit the quiz you created with the flag off
> expect it to look A-OK
- create a new quiz
- use the rce's equation editor to put an equation everywhere
you can possible think of in a quiz
- the text
- answers
- comments on the answers
> expect the equations to look right no matter what
- edit the quiz and all the places where there are equations
> yep still ok
- save the qustion
> still ok
- save the quiz
> still ok
- preview the quiz, to completion to see answer comments
> looks good _and_ equations are mathjaxified
- edit everything again
> still looks good everywhere
Change-Id: I1319d007509f6e8cbc9c9af81e3939e365b0fa92
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/253507
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Ed Schiebel <eschiebel@instructure.com>
2020-11-21 22:28:44 +08:00
|
|
|
|
|
|
|
|
unless use_updated_math_rendering
|
2020-09-12 01:15:52 +08:00
|
|
|
mathml = UserContent.latex_to_mathml(equation)
|
|
|
|
|
next if mathml.blank?
|
2021-06-29 02:49:11 +08:00
|
|
|
|
2021-01-12 02:24:13 +08:00
|
|
|
mathml_span = node.fragment(
|
2020-09-12 01:15:52 +08:00
|
|
|
"<span class=\"hidden-readable\">#{mathml}</span>"
|
2021-01-12 02:24:13 +08:00
|
|
|
).children.first
|
2020-09-12 01:15:52 +08:00
|
|
|
node.add_next_sibling(mathml_span)
|
|
|
|
|
end
|
2011-05-25 03:12:22 +08:00
|
|
|
end
|
2011-05-20 05:39:43 +08:00
|
|
|
|
|
|
|
|
html.to_s.html_safe
|
|
|
|
|
end
|
|
|
|
|
|
2015-06-10 03:21:35 +08:00
|
|
|
def self.latex_to_mathml(latex)
|
2016-08-02 03:28:43 +08:00
|
|
|
Latex.to_math_ml(latex: latex)
|
2015-06-10 03:21:35 +08:00
|
|
|
end
|
|
|
|
|
|
2012-07-10 05:05:05 +08:00
|
|
|
Node = Struct.new(:width, :height, :node_string, :node_hmac)
|
|
|
|
|
|
|
|
|
|
# for each user content in the nokogiri document, yields |nokogiri_node, UserContent::Node|
|
|
|
|
|
def self.find_user_content(html)
|
|
|
|
|
html.css("object,embed").each do |obj|
|
|
|
|
|
styles = {}
|
|
|
|
|
params = {}
|
|
|
|
|
obj.css("param").each do |param|
|
|
|
|
|
params[param["key"]] = param["value"]
|
|
|
|
|
end
|
2021-11-16 04:49:40 +08:00
|
|
|
(obj["style"] || "").split(";").each do |attr|
|
|
|
|
|
key, value = attr.split(":").map(&:strip)
|
2012-07-10 05:05:05 +08:00
|
|
|
styles[key] = value
|
|
|
|
|
end
|
|
|
|
|
width = css_size(obj["width"])
|
|
|
|
|
width ||= css_size(params["width"])
|
|
|
|
|
width ||= css_size(styles["width"])
|
|
|
|
|
width ||= "400px"
|
|
|
|
|
height = css_size(obj["height"])
|
|
|
|
|
height ||= css_size(params["height"])
|
|
|
|
|
height ||= css_size(styles["height"])
|
|
|
|
|
height ||= "300px"
|
|
|
|
|
|
2021-11-12 01:03:26 +08:00
|
|
|
snippet = Base64.encode64(obj.to_s).delete("\n")
|
2012-07-10 05:05:05 +08:00
|
|
|
hmac = Canvas::Security.hmac_sha1(snippet)
|
|
|
|
|
uc = Node.new(width, height, snippet, hmac)
|
|
|
|
|
|
|
|
|
|
yield obj, uc
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2015-06-10 03:21:35 +08:00
|
|
|
def self.find_equation_images(html, &block)
|
|
|
|
|
html.css("img.equation_image").each(&block)
|
|
|
|
|
end
|
|
|
|
|
|
2012-08-14 06:39:48 +08:00
|
|
|
# TODO: try and discover the motivation behind the "huhs"
|
2011-05-20 05:39:43 +08:00
|
|
|
def self.css_size(val)
|
2016-03-24 04:00:28 +08:00
|
|
|
to_f = TextHelper.round_if_whole(val.to_f)
|
|
|
|
|
if !val || to_f == 0
|
2012-08-14 06:39:48 +08:00
|
|
|
# no value, non-numeric value, or 0 value (whether "0", "0px", "0%",
|
|
|
|
|
# etc.); ignore
|
|
|
|
|
nil
|
2016-03-24 04:00:28 +08:00
|
|
|
elsif val == "#{to_f}%" || val == "#{to_f}px"
|
2012-08-14 06:39:48 +08:00
|
|
|
# numeric percentage or specific px value; use as is
|
|
|
|
|
val
|
2016-03-24 04:00:28 +08:00
|
|
|
elsif to_f.to_s == val
|
2012-08-14 06:39:48 +08:00
|
|
|
# unadorned numeric value; make px (after adding 10... huh?)
|
2016-03-24 04:00:28 +08:00
|
|
|
(to_f + 10).to_s + "px"
|
2012-08-14 06:39:48 +08:00
|
|
|
else
|
|
|
|
|
# numeric value embedded, but has additional text we didn't recognize;
|
|
|
|
|
# just extract the numeric part (without a px... huh?)
|
2016-03-24 04:00:28 +08:00
|
|
|
to_f.to_s
|
2012-08-14 06:39:48 +08:00
|
|
|
end
|
2011-05-20 05:39:43 +08:00
|
|
|
end
|
2011-10-04 23:03:19 +08:00
|
|
|
|
|
|
|
|
class HtmlRewriter
|
|
|
|
|
AssetTypes = {
|
2015-04-08 05:58:15 +08:00
|
|
|
"assignments" => :Assignment,
|
|
|
|
|
"announcements" => :Announcement,
|
|
|
|
|
"calendar_events" => :CalendarEvent,
|
2021-06-29 02:49:11 +08:00
|
|
|
"courses" => :Course,
|
2015-04-08 05:58:15 +08:00
|
|
|
"discussion_topics" => :DiscussionTopic,
|
|
|
|
|
"collaborations" => :Collaboration,
|
|
|
|
|
"files" => :Attachment,
|
|
|
|
|
"conferences" => :WebConference,
|
|
|
|
|
"quizzes" => :"Quizzes::Quiz",
|
|
|
|
|
"groups" => :Group,
|
|
|
|
|
"wiki" => :WikiPage,
|
|
|
|
|
"pages" => :WikiPage,
|
2011-10-04 23:03:19 +08:00
|
|
|
"grades" => nil,
|
|
|
|
|
"users" => nil,
|
2011-08-18 13:55:25 +08:00
|
|
|
"external_tools" => nil,
|
2011-10-04 23:03:19 +08:00
|
|
|
"file_contents" => nil,
|
2015-04-08 05:58:15 +08:00
|
|
|
"modules" => :ContextModule,
|
|
|
|
|
"items" => :ContentTag
|
2011-10-04 23:03:19 +08:00
|
|
|
}.freeze
|
|
|
|
|
DefaultAllowedTypes = AssetTypes.keys
|
|
|
|
|
|
2017-12-09 02:09:48 +08:00
|
|
|
def initialize(context, user, contextless_types: [])
|
2011-10-04 23:03:19 +08:00
|
|
|
raise(ArgumentError, "context required") unless context
|
2021-09-23 00:25:11 +08:00
|
|
|
|
2011-10-04 23:03:19 +08:00
|
|
|
@context = context
|
|
|
|
|
@user = user
|
2017-12-09 02:09:48 +08:00
|
|
|
@contextless_types = contextless_types
|
|
|
|
|
@context_prefix = "/#{context.class.name.tableize}/#{context.id}"
|
2018-06-05 05:08:17 +08:00
|
|
|
@absolute_part = '(https?://[\w-]+(?:\.[\w-]+)*(?:\:\d{1,5})?)?'
|
|
|
|
|
@toplevel_regex = %r{#{@absolute_part}(#{@context_prefix})?/(\w+)(?:/([^\s"<'?/]*)([^\s"<']*))?}
|
2011-10-04 23:03:19 +08:00
|
|
|
@handlers = {}
|
|
|
|
|
@default_handler = nil
|
|
|
|
|
@unknown_handler = nil
|
|
|
|
|
@allowed_types = DefaultAllowedTypes
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
attr_reader :user, :context
|
|
|
|
|
|
2018-02-23 22:45:12 +08:00
|
|
|
UriMatch = Struct.new(:url, :type, :obj_class, :obj_id, :rest, :prefix) do
|
2018-04-24 06:56:35 +08:00
|
|
|
def query
|
|
|
|
|
rest && rest[/\?.*/]
|
|
|
|
|
end
|
2011-10-04 23:03:19 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# specify a url type like "assignments" or "file_contents"
|
|
|
|
|
def set_handler(type, &handler)
|
|
|
|
|
@handlers[type] = handler
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def set_default_handler(&handler)
|
|
|
|
|
@default_handler = handler
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def set_unknown_handler(&handler)
|
|
|
|
|
@unknown_handler = handler
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def allowed_types=(new_types)
|
|
|
|
|
@allowed_types = Array(new_types)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def translate_content(html)
|
|
|
|
|
return html if html.blank?
|
|
|
|
|
|
2021-10-23 03:50:42 +08:00
|
|
|
asset_types = AssetTypes.slice(*@allowed_types)
|
2011-10-04 23:03:19 +08:00
|
|
|
|
2018-06-05 05:08:17 +08:00
|
|
|
html.gsub(@toplevel_regex) do |url|
|
|
|
|
|
_absolute_part, prefix, type, obj_id, rest = [$1, $2, $3, $4, $5]
|
2021-06-29 02:49:11 +08:00
|
|
|
next url if !@contextless_types.include?(type) && prefix != @context_prefix && url != @context_prefix
|
2017-12-09 02:09:48 +08:00
|
|
|
|
2014-02-25 07:42:36 +08:00
|
|
|
if type != "wiki" && type != "pages"
|
2013-02-26 04:35:49 +08:00
|
|
|
if obj_id.to_i > 0
|
|
|
|
|
obj_id = obj_id.to_i
|
|
|
|
|
else
|
|
|
|
|
rest = "/#{obj_id}#{rest}" if obj_id.present? || rest.present?
|
|
|
|
|
obj_id = nil
|
|
|
|
|
end
|
|
|
|
|
end
|
2012-05-24 05:14:15 +08:00
|
|
|
|
2021-09-29 08:07:43 +08:00
|
|
|
if (module_item = rest.try(:match, %r{/items/(\d+)}))
|
2012-05-24 05:14:15 +08:00
|
|
|
type = "items"
|
|
|
|
|
obj_id = module_item[1].to_i
|
|
|
|
|
end
|
|
|
|
|
|
2011-10-04 23:03:19 +08:00
|
|
|
if asset_types.key?(type)
|
2015-04-08 05:58:15 +08:00
|
|
|
klass = asset_types[type]
|
|
|
|
|
klass = klass.to_s.constantize if klass
|
2018-06-05 05:08:17 +08:00
|
|
|
match = UriMatch.new(url, type, klass, obj_id, rest, prefix)
|
2011-10-04 23:03:19 +08:00
|
|
|
handler = @handlers[type] || @default_handler
|
2018-06-05 05:08:17 +08:00
|
|
|
handler&.call(match) || url
|
2011-10-04 23:03:19 +08:00
|
|
|
else
|
2018-06-05 05:08:17 +08:00
|
|
|
match = UriMatch.new(url, type)
|
|
|
|
|
@unknown_handler&.call(match) || url
|
2011-10-04 23:03:19 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# if content is nil, it'll query the block for the content if needed (lazy content load)
|
2021-11-16 06:05:02 +08:00
|
|
|
def user_can_view_content?(content = nil)
|
2014-03-05 06:30:51 +08:00
|
|
|
return false if user.blank? && content.respond_to?(:locked?) && content.locked?
|
2011-10-04 23:03:19 +08:00
|
|
|
return true unless user
|
2021-09-23 00:25:11 +08:00
|
|
|
|
2011-10-04 23:03:19 +08:00
|
|
|
# if user given, check that the user is allowed to manage all
|
|
|
|
|
# context content, or read that specific item (and it's not locked)
|
2016-02-12 00:22:40 +08:00
|
|
|
@read_as_admin = context.grants_right?(user, :read_as_admin) if @read_as_admin.nil?
|
|
|
|
|
return true if @read_as_admin
|
2021-09-23 00:25:11 +08:00
|
|
|
|
2021-11-16 06:05:02 +08:00
|
|
|
content ||= yield
|
2011-10-04 23:03:19 +08:00
|
|
|
allow = true if content.respond_to?(:grants_right?) && content.grants_right?(user, :read)
|
|
|
|
|
allow = false if allow && content.respond_to?(:locked_for?) && content.locked_for?(user)
|
|
|
|
|
allow
|
|
|
|
|
end
|
|
|
|
|
end
|
2011-05-20 05:39:43 +08:00
|
|
|
end
|