Prevent Wiki Pages from being pasted to anywhere but a Wiki Master.

Add provisions for other assets to behave similarly.

docs/changelog/7.x.x.txt

@@ -5,6 +5,7 @@
  - fixed #9592: DataForm deleteAttachedFiles method can crash
  - fixed #9580: Gallery: albums shown in navigation
  - fixed #9578: Use of "quotes" in badge name causes error
+ - fixed #9603: moving wiki page
 
 7.6.10
  - fixed #9577: WebGUI::Form::Url::getValue returns blank rather than undef for blank fields

lib/WebGUI/Asset/WikiPage.pm

@@ -59,10 +59,30 @@ sub canAdd {
 #-------------------------------------------------------------------
 sub canEdit {
 	my $self = shift;
-	my $form = $self->session->form;
-	return (($form->process("func") eq "add" || ($form->process("assetId") eq "new" && $form->process("func") eq "editSave" && $form->process("class","className") eq "WebGUI::Asset::WikiPage")) && $self->getWiki->canEditPages) # account for new pages
-		|| (!$self->isProtected && $self->getWiki->canEditPages)  # account for normal editing
-		|| $self->getWiki->canAdminister; # account for admins
+    my $wiki = $self->getWiki;
+    return undef unless defined $wiki;
+
+	my $form      = $self->session->form;
+    my $addNew    = $form->process("func"              ) eq "add";
+    my $editSave  = $form->process("assetId"           ) eq "new"
+                 && $form->process("func"              ) eq "editSave"
+                 && $form->process("class","className" ) eq "WebGUI::Asset::WikiPage";
+    return $wiki->canAdminister
+        || ( $wiki->canEditPages && ( $addNew || $editSave || !$self->isProtected) );
+}
+
+#-------------------------------------------------------------------
+
+=head2 canPaste
+
+Since so much of the Wiki Page depends on the Wiki Master, do not allow it
+to be pasted to anywhere but a WikiMaster.
+
+=cut
+
+sub canPaste {
+	my $self = shift;
+    return $self->session->asset->isa('WebGUI::Asset::Wobject::WikiMaster');
 }
 
 #-------------------------------------------------------------------

lib/WebGUI/AssetClipboard.pm

@@ -38,6 +38,19 @@ These methods are available from this class:
 
 
 
+#-------------------------------------------------------------------
+
+=head2 canPaste ( )
+
+Allows assets to have a say if they can be pasted.  For example, it makes no sense to
+paste a wiki page anywhere else but a wiki master.
+
+=cut
+
+sub canPaste {
+    return 1;
+}
+
 #-------------------------------------------------------------------
 
 =head2 cut ( )
@@ -47,12 +60,13 @@ Removes asset from lineage, places it in clipboard state. The "gap" in the linea
 =cut
 
 sub cut {
-	my $self = shift;
-	return undef if ($self->getId eq $self->session->setting->get("defaultPage") || $self->getId eq $self->session->setting->get("notFoundPage"));
-	$self->session->db->beginTransaction;
-	$self->session->db->write("update asset set state='clipboard-limbo' where lineage like ? and state='published'",[$self->get("lineage").'%']);
-	$self->session->db->write("update asset set state='clipboard', stateChangedBy=?, stateChanged=? where assetId=?", [$self->session->user->userId, $self->session->datetime->time(), $self->getId]);
-	$self->session->db->commit;
+	my $self    = shift;
+    my $session = $self->session;
+	return undef if ($self->getId eq $session->setting->get("defaultPage") || $self->getId eq $session->setting->get("notFoundPage"));
+	$session->db->beginTransaction;
+	$session->db->write("update asset set state='clipboard-limbo' where lineage like ? and state='published'",[$self->get("lineage").'%']);
+	$session->db->write("update asset set state='clipboard', stateChangedBy=?, stateChanged=? where assetId=?", [$session->user->userId, $session->datetime->time(), $self->getId]);
+	$session->db->commit;
 	$self->updateHistory("cut");
 	$self->{_properties}{state} = "clipboard";
 	$self->purgeCache;
@@ -172,6 +186,7 @@ sub paste {
 	my $assetId = shift;
 	my $pastedAsset = WebGUI::Asset->newByDynamicClass($self->session,$assetId);
 	return 0 unless ($self->get("state") eq "published");
+    return 0 unless ($pastedAsset->canPaste());  ##Allow pasted assets to have a say about pasting.
 
     # Don't allow a shortcut to create an endless loop
 	return 0 if ($pastedAsset->get("className") eq "WebGUI::Asset::Shortcut" && $pastedAsset->get("shortcutToAssetId") eq $self->getId);
@@ -468,11 +483,12 @@ Returns "". Pastes an asset. If canEdit is False, returns an insufficient privil
 =cut
 
 sub www_paste {
-    my $self = shift;
-    return $self->session->privilege->insufficient() unless $self->canEdit;
-    my $pasteAssetId = $self->session->form->process('assetId');
-    my $pasteAsset = WebGUI::Asset->newPending($self->session, $pasteAssetId);
-    return $self->session->privilege->insufficient() unless $pasteAsset->canEdit;
+    my $self    = shift;
+    my $session = $self->session;
+    return $session->privilege->insufficient() unless $self->canEdit;
+    my $pasteAssetId = $session->form->process('assetId');
+    my $pasteAsset   = WebGUI::Asset->newPending($session, $pasteAssetId);
+    return $session->privilege->insufficient() unless $pasteAsset->canEdit;
     $self->paste($pasteAssetId);
     return "";
 }
@@ -488,10 +504,9 @@ Returns a www_manageAssets() method. Pastes a selection of assets. If canEdit is
 sub www_pasteList {
 	my $self = shift;
 	return $self->session->privilege->insufficient() unless $self->canEdit;
-	foreach my $clipId ($self->session->form->param("assetId")) {
+	ASSET: foreach my $clipId ($self->session->form->param("assetId")) {
         my $pasteAsset = WebGUI::Asset->newPending($self->session, $clipId);
-        next
-            unless $pasteAsset->canEdit;
+        next ASSET unless $pasteAsset->canEdit;
 		$self->paste($clipId);
 	}
 	return $self->www_manageAssets();