SONAR-1974 only administrators can create new manual rules + Fix sort of severities...

diff --git a/plugins/sonar-l10n-en-plugin/src/main/resources/org/sonar/l10n/core.properties b/plugins/sonar-l10n-en-plugin/src/main/resources/org/sonar/l10n/core.properties
index bac0836f52664cbfde48b8e8a452cdf4e069e265..09a250d8db9bc372a77f3a7e98f07c01d61d1a02 100644 (file)
--- a/plugins/sonar-l10n-en-plugin/src/main/resources/org/sonar/l10n/core.properties
+++ b/plugins/sonar-l10n-en-plugin/src/main/resources/org/sonar/l10n/core.properties
@@ -655,6 +655,7 @@ code_viewer.create_violation.submit=Create Violation
 code_viewer.create_violation.missing_rule=Missing rule
 code_viewer.create_violation.missing_message=Missing message
 code_viewer.create_violation.missing_severity=Missing severity
+code_viewer.create_violation.no_rules=No rules. Please contact your administrator.
 
 #------------------------------------------------------------------------------
 #

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/reviews_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/reviews_controller.rb
index 59c69bdbd406279f0a5a0d4fc8669049954d801f..0d090f58905afd5ad13334954e0300ed32baa467 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/reviews_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/reviews_controller.rb
@@ -63,7 +63,7 @@ class Api::ReviewsController < Api::ApiController
   # * 'violation_id' : the violation on which the review should be created
   #
   # To create a violation :
-  # * 'rule_name' : the name of the rule in the repository "review". If it does not exist then the rule is created.
+  # * 'rule_name' : the name of the rule in the repository "manual". If it does not exist then the rule is created.
   # * 'resource' : id or key of the resource to review
   # * 'line' : optional line. It starts from 1. If 0 then no specific line. Default value is 0.
   # * 'severity' : BLOCKER, CRITICAL, MAJOR, MINOR or INFO. Default value is MAJOR.
@@ -110,7 +110,8 @@ class Api::ReviewsController < Api::ApiController
         access_denied unless resource && has_rights_to_modify?(resource)
         bad_request("Resource does not exist") unless resource.last_snapshot
 
-        rule = Rule.find_or_create_manual_rule(params[:rule_name])
+        rule = Rule.find_or_create_manual_rule(params[:rule_name], has_role?(:admin))
+        access_denied unless rule
         violation = rule.create_violation!(resource, params)
         violation.create_review!(:assignee => assignee, :user => current_user, :manual_violation => true)
       end

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_rules_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_rules_controller.rb
index 9f489df1d708a9cba8a6ea19593862891d27b72f..05f2ee8c666ed5b2a633f6f6e0c9bb0f4894858c 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_rules_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/manual_rules_controller.rb
@@ -48,8 +48,9 @@ class ManualRulesController < ApplicationController
 
       else
         # Create rule
-        rule=Rule.find_or_create_manual_rule(params[:name])
+        rule=Rule.find_or_create_manual_rule(params[:name], true)
       end
+      rule.name=(params[:name])
       rule.description=params[:description]
       rule.save!
     rescue Exception => e

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb
index b71b4df4962d61cbfe0a7b4a3c1313126dd83e17..c7092352732ced30f050e915ddcf58f5141226be 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb
@@ -80,14 +80,17 @@ class ResourceController < ApplicationController
     access_denied unless resource && current_user
 
     rule_id_or_name = params[:rule]
-    rule_id_or_name = params[:new_rule] if rule_id_or_name.blank?
+    if rule_id_or_name.blank?
+      access_denied if params[:new_rule].present? && !has_role?(:admin)
+      rule_id_or_name = params[:new_rule]
+    end
     bad_request(message('code_viewer.create_violation.missing_rule')) if rule_id_or_name.blank?
     bad_request(message('code_viewer.create_violation.missing_message')) if params[:message].blank?
     bad_request(message('code_viewer.create_violation.missing_severity')) if params[:severity].blank?
 
     violation = nil
     Review.transaction do
-      rule = Rule.find_or_create_manual_rule(rule_id_or_name)
+      rule = Rule.find_or_create_manual_rule(rule_id_or_name, true)
       violation = rule.create_violation!(resource, params)
       violation.create_review!(
           :assignee => current_user,

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/models/rule.rb b/sonar-server/src/main/webapp/WEB-INF/app/models/rule.rb
index 8ebc14b6f4503b1246bd34bc4b4f025e80e063c3..501e467f5cc2ffa1daa1d98ce56be111f5c389f0 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/models/rule.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/models/rule.rb
@@ -69,11 +69,11 @@ class Rule < ActiveRecord::Base
 
   def name
     @l10n_name ||=
-      begin
-        result = Java::OrgSonarServerUi::JRubyFacade.getInstance().getRuleName(I18n.locale, repository_key, plugin_rule_key)
-        result = read_attribute(:name) unless result
-        result
-      end
+        begin
+          result = Java::OrgSonarServerUi::JRubyFacade.getInstance().getRuleName(I18n.locale, repository_key, plugin_rule_key)
+          result = read_attribute(:name) unless result
+          result
+        end
   end
 
   def name=(value)
@@ -82,11 +82,11 @@ class Rule < ActiveRecord::Base
 
   def description
     @l10n_description ||=
-      begin
-        result = Java::OrgSonarServerUi::JRubyFacade.getInstance().getRuleDescription(I18n.locale, repository_key, plugin_rule_key)
-        result = read_attribute(:description) unless result
-        result
-      end
+        begin
+          result = Java::OrgSonarServerUi::JRubyFacade.getInstance().getRuleDescription(I18n.locale, repository_key, plugin_rule_key)
+          result = read_attribute(:description) unless result
+          result
+        end
   end
 
   def description=(value)
@@ -133,13 +133,13 @@ class Rule < ActiveRecord::Base
     Rule.find(:first, :conditions => ['enabled=? and plugin_name=? and id=?', true, MANUAL_REPOSITORY_KEY, id])
   end
 
-  def self.find_or_create_manual_rule(rule_id_or_name)
+  def self.find_or_create_manual_rule(rule_id_or_name, create_if_not_found=false)
     if Api::Utils.is_integer?(rule_id_or_name)
       rule = Rule.find(:first, :conditions => {:enabled => true, :plugin_name => MANUAL_REPOSITORY_KEY, :id => rule_id_or_name.to_i})
     else
       key = rule_id_or_name.strip.downcase.sub(/\s+/, '_')
       rule = Rule.find(:first, :conditions => {:enabled => true, :plugin_name => MANUAL_REPOSITORY_KEY, :plugin_rule_key => key})
-      unless rule
+      if rule==nil && create_if_not_found
         rule = Rule.create!(:enabled => true, :plugin_name => MANUAL_REPOSITORY_KEY, :plugin_rule_key => key, :name => rule_id_or_name)
       end
     end
@@ -151,14 +151,14 @@ class Rule < ActiveRecord::Base
     checksum = nil
     level = Sonar::RulePriority.id(options['severity']||Severity::MAJOR)
     RuleFailure.create!(
-      :snapshot => resource.last_snapshot,
-      :rule => self,
-      :failure_level => level,
-      :message => options['message'],
-      :cost => (options['cost'] ? options['cost'].to_f : nil),
-      :switched_off => false,
-      :line => line,
-      :checksum => checksum)
+        :snapshot => resource.last_snapshot,
+        :rule => self,
+        :failure_level => level,
+        :message => options['message'],
+        :cost => (options['cost'] ? options['cost'].to_f : nil),
+        :switched_off => false,
+        :line => line,
+        :checksum => checksum)
   end
 
 

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/models/severity.rb b/sonar-server/src/main/webapp/WEB-INF/app/models/severity.rb
index f62e4773c148a6533ada46852bf62b01d7b86c73..1df514e7091d2f1fa9839f74faf8f1b4a13ae98f 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/models/severity.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/models/severity.rb
@@ -18,13 +18,13 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
 #
 
-class Severity
+module Severity
 
   INFO = "INFO"
   MINOR = "MINOR"
   MAJOR = "MAJOR"
   CRITICAL = "CRITICAL"
   BLOCKER = "BLOCKER"
-  
-  SEVERITIES=[INFO,MINOR,MAJOR,CRITICAL,BLOCKER]
+
+  KEYS=[BLOCKER, CRITICAL, MAJOR, MINOR, INFO]
 end

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_create_violation_form.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_create_violation_form.html.erb
index 614c515bd81765aab7170a87acd5748f96b05add..208fffefecc8ee1da4ce30a4b9f607423823616c 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_create_violation_form.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_create_violation_form.html.erb
@@ -7,47 +7,58 @@
   <% end %>
   <td class="violations">
     <div id="createViolationCell<%= @line -%>">
-      <% form_remote_tag :url => "#{ApplicationController.root_context}/resource/create_violation",
-                         :update => {:success => "createViolationCell#{@line}"},
-                         :html => {:id => "createViolationForm#{@line}"},
-                         :failure => "$('errorViolationForm#{@line}').update(request.responseText);$('errorViolationForm#{@line}').show()" do -%>
-        <input type="hidden" name="resource" value="<%= params[:resource] -%>">
-        <input type="hidden" name="line" value="<%= @line -%>">
-        <input type="hidden" name="gray_colspan" value="<%= params[:gray_colspan] -%>">
-        <input type="hidden" name="white_colspan" value="<%= params[:white_colspan] -%>">
+      <% if @rules.empty? && !has_role?(:admin) %>
+        <div class="warning"><%= message('code_viewer.create_violation.no_rules') -%> <a href="#" onclick="return hVF(<%= @line -%>)"><%= message('cancel') -%></a></div>
+      <% else %>
+        <% form_remote_tag :url => "#{ApplicationController.root_context}/resource/create_violation",
+                           :update => {:success => "createViolationCell#{@line}"},
+                           :html => {:id => "createViolationForm#{@line}"},
+                           :failure => "$('errorViolationForm#{@line}').update(request.responseText);$('errorViolationForm#{@line}').show()" do -%>
+          <input type="hidden" name="resource" value="<%= params[:resource] -%>">
+          <input type="hidden" name="line" value="<%= @line -%>">
+          <input type="hidden" name="gray_colspan" value="<%= params[:gray_colspan] -%>">
+          <input type="hidden" name="white_colspan" value="<%= params[:white_colspan] -%>">
 
-        <div class="violation">
-          <div class="vtitle">
-            <select name="severity" class="withIcons">
-              <% Severity::SEVERITIES.each do |severity| %>
-                <option class="sev_<%= severity -%>" value="<%= severity -%>" <%= 'selected' if severity==Severity::MAJOR -%>><%= message("severity.#{severity}") -%></option>
-              <% end %>
-            </select>
-            &nbsp;
-            <img src="<%= ApplicationController.root_context -%>/images/sep12.png">
-            &nbsp;
-            <select id="select-rule-<%= @html_id -%>" name="rule" onkeyup="this.blur();this.focus();" onchange="if ($F(this)=='') {$('new_rule_<%= @html_id -%>').show()} else {$('new_rule_<%= @html_id -%>').hide()}">
-              <option value=""><%= message('code_viewer.create_violation.new_rule') -%></option>
-              <% unless @rules.empty? %>
-                <optgroup label="<%= message('code_viewer.create_violation.rules') -%>">
-                  <% @rules.each do |rule| %>
-                    <option value="<%= rule.id -%>"><%= h rule.name -%></option>
-                  <% end %>
-                </optgroup>
+          <div class="violation">
+            <div class="vtitle">
+              <select name="severity" class="withIcons">
+                <% Severity::KEYS.each do |severity| %>
+                  <option class="sev_<%= severity -%>" value="<%= severity -%>" <%= 'selected' if severity==Severity::MAJOR -%>><%= message("severity.#{severity}") -%></option>
+                <% end %>
+              </select>
+              &nbsp;
+              <img src="<%= ApplicationController.root_context -%>/images/sep12.png">
+              &nbsp;
+              <select id="select-rule-<%= @html_id -%>" name="rule" onkeyup="this.blur();this.focus();" onchange="if ($F(this)=='') {$('new_rule_<%= @html_id -%>').show()} else {$('new_rule_<%= @html_id -%>').hide()}">
+                <% is_admin = current_user && has_role?(:admin)
+                   if is_admin
+                %>
+                  <option value=""><%= message('code_viewer.create_violation.new_rule') -%></option>
+                <% end %>
+                <% unless @rules.empty? %>
+                  <optgroup label="<%= message('code_viewer.create_violation.rules') -%>">
+                    <% @rules.each do |rule| %>
+                      <option value="<%= rule.id -%>"><%= h rule.name -%></option>
+                    <% end %>
+                  </optgroup>
+                <% end %>
+              </select>
+
+              <% if is_admin %>
+                <input type="text" name="new_rule" size="50" id="new_rule_<%= @html_id -%>">
               <% end %>
-            </select>
+            </div>
 
-            <input type="text" name="new_rule" size="50" id="new_rule_<%= @html_id -%>">
-          </div>
+            <div class="discussionComment first">
+              <textarea rows="5" name="message" style="width: 100%"></textarea>
 
-          <div class="discussionComment first">
-            <textarea rows="5" name="message" style="width: 100%"></textarea>
+              <div class="error" id="errorViolationForm<%= @line -%>" style="display: none"></div>
+              <input type="submit" value="<%= message('code_viewer.create_violation.submit') -%>">
 
-            <div class="error" id="errorViolationForm<%= @line -%>" style="display: none"></div>
-            <input type="submit" value="<%= message('code_viewer.create_violation.submit') -%>">
-            <a href="#" onclick="return hVF(<%= @line -%>)"><%= message('cancel') -%></a>
+              <a href="#" onclick="return hVF(<%= @line -%>)"><%= message('cancel') -%></a>
+            </div>
           </div>
-        </div>
+        <% end %>
       <% end %>
     </div>
   </td>