VIEWS-20 Do not check user authorization on view components

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb
index deff4f44ebcf25fb61ac842f66a07461463a8b4e..a8f014467637369ae449dcb068f9bd65fccf2d7c 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb
@@ -26,6 +26,7 @@ class Api::ResourcesController < Api::ApiController
         @resource=Project.by_key(resource_id)
         @snapshot=(@resource ? @resource.last_snapshot : nil)
         raise ApiException.new(404, "Resource [#{resource_id}] not found") if @snapshot.nil?
+        raise ApiException.new(401, "Unauthorized") unless has_role?(:user, @snapshot)
       else
         @snapshot=nil
         if params['scopes'].blank? && params['qualifiers'].blank?
@@ -139,8 +140,10 @@ class Api::ResourcesController < Api::ApiController
 
       snapshots_including_resource=Snapshot.find(:all, :conditions => [snapshots_conditions.join(' AND '), snapshots_values], :include => 'project')
 
-      # ---------- APPLY SECURITY - remove unauthorized resources
-      snapshots_including_resource=select_authorized(:user, snapshots_including_resource)
+      # ---------- APPLY SECURITY - remove unauthorized resources - only if no selected resource
+      if @resource.nil?
+        snapshots_including_resource=select_authorized(:user, snapshots_including_resource)
+      end
 
       # ---------- PREPARE RESPONSE
       resource_by_sid={}

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb
index 3de423f9bbda932768471baf602b21c870b2b7b5..ff850983a8817428591ff6ff6a71e86c54ed0ad9 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb
@@ -35,8 +35,7 @@ class ComponentsController < ApplicationController
     return access_denied unless has_role?(:user, @project)
     @snapshot = @project.last_snapshot
     @snapshots = Snapshot.find(:all, :include => 'project', :conditions => ['snapshots.parent_snapshot_id=? and snapshots.qualifier<>? and projects.qualifier<>?', @snapshot.id, Snapshot::QUALIFIER_UNIT_TEST_CLASS, Snapshot::QUALIFIER_UNIT_TEST_CLASS])
-    @snapshots = select_authorized(:user, @snapshots)
-
+    
     @columns = @dashboard_configuration.selected_columns
     metrics = @dashboard_configuration.homepage_metrics
 

diff --git a/sonar-server/src/main/webapp/stylesheets/style.css b/sonar-server/src/main/webapp/stylesheets/style.css
index 5f7900bcd32e2985909aa1715ca39322ea4917f9..c762d13293d64137448683437c283a87a0541877 100644 (file)
--- a/sonar-server/src/main/webapp/stylesheets/style.css
+++ b/sonar-server/src/main/webapp/stylesheets/style.css
@@ -454,8 +454,7 @@ table.data th img, table.data td img {
 .data thead tr.total {
   background-color: #eee;
   font-weight: normal;
-  border-bottom: 1px solid #ddd;
-  border-top: 1px solid #ddd;
+  border: 1px solid #ddd;
 }
 .data thead tr.total th {
   font-weight: normal;