pundit: convert wiki pages to pundit.

app/controllers/wiki_pages_controller.rb

@@ -1,31 +1,32 @@
 class WikiPagesController < ApplicationController
   respond_to :html, :xml, :json, :js
-  before_action :member_only, :except => [:index, :search, :show, :show_or_new]
   before_action :normalize_search_params, :only => [:index]
   layout "sidebar"
 
   def new
-    @wiki_page = WikiPage.new(wiki_page_params(:create))
+    @wiki_page = authorize WikiPage.new(permitted_attributes(WikiPage))
     respond_with(@wiki_page)
   end
 
   def edit
     @wiki_page, _found_by = WikiPage.find_by_id_or_title(params[:id])
+    authorize @wiki_page
     respond_with(@wiki_page)
   end
 
   def index
-    @wiki_pages = WikiPage.paginated_search(params)
-
+    @wiki_pages = authorize WikiPage.paginated_search(params)
     respond_with(@wiki_pages)
   end
 
   def search
+    authorize WikiPage
     render layout: "default"
   end
 
   def show
     @wiki_page, found_by = WikiPage.find_by_id_or_title(params[:id])
+
     if request.format.html? && @wiki_page.blank? && found_by == :title
       @wiki_page = WikiPage.new(title: params[:id])
       respond_with @wiki_page, status: 404
@@ -39,13 +40,16 @@ class WikiPagesController < ApplicationController
   end
 
   def create
-    @wiki_page = WikiPage.create(wiki_page_params(:create))
+    @wiki_page = authorize WikiPage.new(permitted_attributes(WikiPage))
+    @wiki_page.save
     respond_with(@wiki_page)
   end
 
   def update
     @wiki_page, _found_by = WikiPage.find_by_id_or_title(params[:id])
-    @wiki_page.update(wiki_page_params(:update))
+    authorize @wiki_page
+
+    @wiki_page.update(permitted_attributes(@wiki_page))
     flash[:notice] = @wiki_page.warnings.full_messages.join(".\n \n") if @wiki_page.warnings.any?
 
     respond_with(@wiki_page)
@@ -53,12 +57,16 @@ class WikiPagesController < ApplicationController
 
   def destroy
     @wiki_page, _found_by = WikiPage.find_by_id_or_title(params[:id])
+    authorize @wiki_page
+
     @wiki_page.update(is_deleted: true)
     respond_with(@wiki_page)
   end
 
   def revert
     @wiki_page, _found_by = WikiPage.find_by_id_or_title(params[:id])
+    authorize @wiki_page
+
     @version = @wiki_page.versions.find(params[:version_id])
     @wiki_page.revert_to!(@version)
     flash[:notice] = "Page was reverted"
@@ -67,7 +75,7 @@ class WikiPagesController < ApplicationController
 
   def show_or_new
     if params[:title].blank?
-      redirect_to new_wiki_page_path(wiki_page_params(:create))
+      redirect_to new_wiki_page_path(permitted_attributes(WikiPage))
     else
       redirect_to wiki_page_path(params[:title])
     end
@@ -89,11 +97,4 @@ class WikiPagesController < ApplicationController
       params[:search][:title] = params.delete(:title)
     end
   end
-
-  def wiki_page_params(context)
-    permitted_params = %i[title body other_names other_names_string is_deleted]
-    permitted_params += %i[is_locked] if CurrentUser.is_builder?
-
-    params.fetch(:wiki_page, {}).permit(permitted_params)
-  end
 end