SONAR-4686 Without the 'Code Viewer' permission it should not be possible to see...

author Julien Lancelot <julien.lancelot@gmail.com>

Wed, 18 Sep 2013 14:58:57 +0000 (16:58 +0200)

committer Julien Lancelot <julien.lancelot@gmail.com>

Wed, 18 Sep 2013 14:59:12 +0000 (16:59 +0200)
author Julien Lancelot <julien.lancelot@gmail.com>
Wed, 18 Sep 2013 14:58:57 +0000 (16:58 +0200)
committer Julien Lancelot <julien.lancelot@gmail.com>
Wed, 18 Sep 2013 14:59:12 +0000 (16:59 +0200)
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb

index 14a8520d3b513db41ce3a31578a77fe30a429832..54f8f0ea89a1d276dbac627bfe1bae37744cbec8 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb
@@ -25,13 +25,14 @@
    <%= render :partial => 'issue/issue', :locals => {:issue => @issue_results.first} -%>
    </div>
  
-  <% if @snapshot && @issue.line && params[:source]!='false' %>
+  <!-- SONAR-4686 Do not display source code if user has not the "Code Viewer" permission -->
+  <% if @snapshot && @issue.line && params[:source]!='false' && has_role?(:codeviewer, @snapshot.project) %>
      <div class="bordered">
        <%= snapshot_html_source(@snapshot, {:line_range => (@issue.line-5)..(@issue.line+5), :highlighted_lines => [@issue.line]}) -%>
      </div>
    <% else %>
-    <!-- SONAR-4438
-      If no source code, add a blank component in order for the "more action" link to be weel displayed
+    <!--
+      SONAR-4438 If no source code, add blank lines in order for the "more action" link to be well displayed
      -->
      <div style="height: 60px;"></div>
    <% end %>
author	Julien Lancelot <julien.lancelot@gmail.com>
	Wed, 18 Sep 2013 14:58:57 +0000 (16:58 +0200)
committer	Julien Lancelot <julien.lancelot@gmail.com>
	Wed, 18 Sep 2013 14:59:12 +0000 (16:59 +0200)