SONAR-3825 system filters should be editable by administrators

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb
index 82c27224d29bf8fa5758ff467d76807e723535d5..6245780508d7fa11f9e3d6cb14d065622c28da61 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb
@@ -111,7 +111,7 @@ class MeasuresController < ApplicationController
     require_parameters :id
 
     @filter = MeasureFilter.find(params[:id])
-    access_denied unless owner?(@filter)
+    access_denied unless @filter.owner?(current_user)
     @filter.name=params[:name]
     @filter.description=params[:description]
     @filter.shared=(params[:shared]=='true')
@@ -177,7 +177,7 @@ class MeasuresController < ApplicationController
                                              :conditions => ['user_id=? and measure_filter_id=?', current_user.id, params[:id]])
     if favourites.empty?
       filter = find_filter(params[:id])
-      current_user.favourited_measure_filters<<filter if filter.shared || owner?(filter)
+      current_user.favourited_measure_filters<<filter if filter.shared || filter.owner?(current_user)
       is_favourite = true
     else
       favourites.each { |fav| fav.delete }
@@ -190,11 +190,7 @@ class MeasuresController < ApplicationController
   private
   def find_filter(id)
     filter = MeasureFilter.find(id)
-    access_denied unless filter.shared || owner?(filter)
+    access_denied unless filter.shared || filter.owner?(current_user)
     filter
   end
-
-  def owner?(filter)
-    current_user && (filter.user_id==current_user.id || (filter.user_id==nil && has_role?(:admin)))
-  end
 end

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/models/measure_filter.rb b/sonar-server/src/main/webapp/WEB-INF/app/models/measure_filter.rb
index 9269e17bf0f7f27d158b91761320fbe2242f2558..de0c2d546d4feff9a1f9a82fd1d77ef9a418f93b 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/models/measure_filter.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/models/measure_filter.rb
@@ -190,6 +190,11 @@ class MeasureFilter < ActiveRecord::Base
     self
   end
 
+  def owner?(user)
+    return false if user==nil || user.id==nil
+    (self.id==nil) || (self.user_id==user.id) || (self.user_id==nil && user.has_role?(:admin))
+  end
+
   private
 
   def init_results

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/measures/search.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/measures/search.html.erb
index e053664229081da83dfd8fd48e94d69150f7bd19..6ce16c9508735873ec1bb24517ff3cfb32caf415 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/measures/search.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/measures/search.html.erb
@@ -26,7 +26,7 @@
               <% if @filter.id %>
                 <li><a id="copy" href="<%= url_for params.merge({:action => 'copy_form', :id => @filter.id}) -%>" class="link-action open-modal"><%= message('copy') -%></a></li>
               <% end %>
-              <% if @filter.id==nil || @filter.user_id==current_user.id %>
+              <% if @filter.owner?(current_user) %>
                 <li><a id="save" href="<%= url_for params.merge({:action => 'save_form', :id => @filter.id}) -%>" class="link-action open-modal"><%= message('save') -%></a></li>
               <% end %>
             <% end %>