From caf186e7bb1a3bb8f574b661163333bb84dd16fe Mon Sep 17 00:00:00 2001
From: Andre D <andre@andred.ca>
Date: Mon, 11 Mar 2013 18:22:03 -0400
Subject: [PATCH] wiki: Verify that a user may view a revision on a revision
 listing.

---
 r2/r2/controllers/wiki.py | 10 ++++++++--
 r2/r2/models/builder.py   | 13 ++++++++++---
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/r2/r2/controllers/wiki.py b/r2/r2/controllers/wiki.py
index 666805d1b..2abbb90f3 100644
--- a/r2/r2/controllers/wiki.py
+++ b/r2/r2/controllers/wiki.py
@@ -156,7 +156,11 @@ class WikiController(RedditController):
     @validate(page=VWikiPage(('page'), restricted=False))
     def GET_wiki_revisions(self, num, after, reverse, count, page):
         revisions = page.get_revisions()
-        builder = WikiRevisionBuilder(revisions, num=num, reverse=reverse, count=count, after=after, skip=not c.is_wiki_mod, wrap=default_thing_wrapper())
+        wikiuser = c.user if c.user_is_loggedin else None
+        builder = WikiRevisionBuilder(revisions, user=wikiuser, sr=c.site,
+                                      num=num, reverse=reverse, count=count,
+                                      after=after, skip=not c.is_wiki_mod,
+                                      wrap=default_thing_wrapper())
         listing = WikiRevisionListing(builder).listing()
         return WikiRevisions(listing, page=page.name, may_revise=this_may_revise(page)).render()
 
@@ -199,10 +203,12 @@ class WikiController(RedditController):
     @paginated_listing(max_page_size=100, backend='cassandra')
     def GET_wiki_recent(self, num, after, reverse, count):
         revisions = WikiRevision.get_recent(c.site)
+        wikiuser = c.user if c.user_is_loggedin else None
         builder = WikiRecentRevisionBuilder(revisions,  num=num, count=count,
                                             reverse=reverse, after=after,
                                             wrap=default_thing_wrapper(),
-                                            skip=not c.is_wiki_mod)
+                                            skip=not c.is_wiki_mod,
+                                            user=wikiuser, sr=c.site)
         listing = WikiRevisionListing(builder).listing()
         return WikiRecent(listing).render()
 
diff --git a/r2/r2/models/builder.py b/r2/r2/models/builder.py
index f293cd836..dd6eb838c 100755
--- a/r2/r2/models/builder.py
+++ b/r2/r2/models/builder.py
@@ -41,7 +41,7 @@ from r2.lib.filters import _force_unicode
 from copy import deepcopy
 from r2.lib.utils import Storage
 
-from r2.models.wiki import WIKI_RECENT_DAYS
+from r2.models import wiki
 
 from collections import defaultdict
 import time
@@ -591,6 +591,11 @@ class SearchBuilder(IDBuilder):
 class WikiRevisionBuilder(QueryBuilder):
     show_extended = True
     
+    def __init__(self, *k, **kw):
+        self.user = kw.pop('user', None)
+        self.sr = kw.pop('sr', None)
+        QueryBuilder.__init__(self, *k, **kw)
+    
     def wrap_items(self, items):
         types = {}
         wrapped = []
@@ -607,13 +612,15 @@ class WikiRevisionBuilder(QueryBuilder):
         return wrapped
     
     def keep_item(self, item):
-        return not item.is_hidden
+        from r2.lib.validator.wiki import may_view
+        return (not item.is_hidden and may_view(self.sr, self.user,
+                    wiki.WikiPage.get(self.sr, item.page)))
 
 class WikiRecentRevisionBuilder(WikiRevisionBuilder):
     show_extended = False
     
     def must_skip(self, item):
-        return (datetime.datetime.now(g.tz) - item.date).days >= WIKI_RECENT_DAYS
+        return (datetime.datetime.now(g.tz) - item.date).days >= wiki.WIKI_RECENT_DAYS
         
 
 def empty_listing(*things):