[33302] Redirect user to TOC if new wiki page is not editable

https://community.openproject.com/wp/33302

app/controllers/wiki_controller.rb

@@ -53,6 +53,8 @@ class WikiController < ApplicationController
                                               diff
                                               annotate
                                               destroy]
+  before_action :find_wiki_page, only: %i[show]
+  before_action :handle_new_wiki_page, only: %i[show]
   before_action :build_wiki_page_and_content, only: %i[new create]
 
   include AttachmentsHelper
@@ -120,17 +122,6 @@ class WikiController < ApplicationController
 
   # display a page (in editing mode if it doesn't exist)
   def show
-    @page = @wiki.find_or_new_page(wiki_page_title)
-    if @page.new_record?
-      if User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
-        edit
-        render action: 'new'
-      else
-        render_404
-      end
-      return
-    end
-
     # Set the related page ID to make it the parent of new links
     flash[:_related_wiki_page_id] = @page.id
 
@@ -389,6 +380,27 @@ class WikiController < ApplicationController
     render_404
   end
 
+  # Finds or created the wiki page associated
+  # to the wiki
+  def find_wiki_page
+    @page = @wiki.find_or_new_page(wiki_page_title)
+  end
+
+  # Handles new pages for non-editable permissions
+  def handle_new_wiki_page
+    return unless @page.new_record?
+
+    if User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
+      edit
+      render action: :new
+    elsif params[:id] == 'wiki'
+      flash[:info] = I18n.t('wiki.page_not_editable_index')
+      redirect_to action: :index
+    else
+      render_404
+    end
+  end
+
   # Finds the requested page and returns a 404 error if it doesn't exist
   def find_existing_page
     @page = @wiki.find_page(wiki_page_title.presence || params[:id])

config/locales/en.yml

@@ -320,6 +320,7 @@ en:
       no_results_title_text: There are currently no work packages assigned to this version.
 
   wiki:
+    page_not_editable_index: The requested page does not (yet) exist. You have been redirected to the index of all wiki pages.
     no_results_title_text: There are currently no wiki pages.
 
     index:

spec/controllers/wiki_controller_spec.rb

@@ -104,6 +104,22 @@ describe WikiController, type: :controller do
       end
     end
 
+    describe 'show' do
+      let(:get_page) { get :show, params: { project_id: @project, id: 'wiki' } }
+
+      describe 'with an empty wiki and no permission to edit' do
+        let(:view_role) { FactoryBot.create :role, permissions: %w[view_wiki_pages] }
+        let(:user) { FactoryBot.create(:user, member_in_project: @project, member_through_role: view_role) }
+
+        it 'visiting the start page redirects to index' do
+          login_as user
+          get_page
+          expect(response).to redirect_to action: :index
+          expect(flash[:info]).to include I18n.t('wiki.page_not_editable_index')
+        end
+      end
+    end
+
     describe 'edit' do
       it 'will link to a parent page if it was set' do
         get 'edit', params: { project_id: @project, id: 'foobar' }, flash: { _related_wiki_page_id: 1234 }