@resource=Project.by_key(resource_id)
@snapshot=(@resource ? @resource.last_snapshot : nil)
raise ApiException.new(404, "Resource [#{resource_id}] not found") if @snapshot.nil?
+ raise ApiException.new(401, "Unauthorized") unless has_role?(:user, @snapshot)
else
@snapshot=nil
if params['scopes'].blank? && params['qualifiers'].blank?
snapshots_including_resource=Snapshot.find(:all, :conditions => [snapshots_conditions.join(' AND '), snapshots_values], :include => 'project')
- # ---------- APPLY SECURITY - remove unauthorized resources
- snapshots_including_resource=select_authorized(:user, snapshots_including_resource)
+ # ---------- APPLY SECURITY - remove unauthorized resources - only if no selected resource
+ if @resource.nil?
+ snapshots_including_resource=select_authorized(:user, snapshots_including_resource)
+ end
# ---------- PREPARE RESPONSE
resource_by_sid={}
return access_denied unless has_role?(:user, @project)
@snapshot = @project.last_snapshot
@snapshots = Snapshot.find(:all, :include => 'project', :conditions => ['snapshots.parent_snapshot_id=? and snapshots.qualifier<>? and projects.qualifier<>?', @snapshot.id, Snapshot::QUALIFIER_UNIT_TEST_CLASS, Snapshot::QUALIFIER_UNIT_TEST_CLASS])
- @snapshots = select_authorized(:user, @snapshots)
-
+
@columns = @dashboard_configuration.selected_columns
metrics = @dashboard_configuration.homepage_metrics