From: Julien Lancelot <julien.lancelot@gmail.com>
Date: Wed, 18 Sep 2013 14:58:57 +0000 (+0200)
Subject: SONAR-4686 Without the 'Code Viewer' permission it should not be possible to see... 
X-Git-Tag: 4.0~388
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=77eb8da28272430488ee7e1ff79593b074efbe21;p=sonarqube.git

SONAR-4686 Without the 'Code Viewer' permission it should not be possible to see the code snippet attached to each issue
---

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb
index 14a8520d3b5..54f8f0ea89a 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb
@@ -25,13 +25,14 @@
   <%= render :partial => 'issue/issue', :locals => {:issue => @issue_results.first} -%>
   </div>
 
-  <% if @snapshot && @issue.line && params[:source]!='false' %>
+  <!-- SONAR-4686 Do not display source code if user has not the "Code Viewer" permission -->
+  <% if @snapshot && @issue.line && params[:source]!='false' && has_role?(:codeviewer, @snapshot.project) %>
     <div class="bordered">
       <%= snapshot_html_source(@snapshot, {:line_range => (@issue.line-5)..(@issue.line+5), :highlighted_lines => [@issue.line]}) -%>
     </div>
   <% else %>
-    <!-- SONAR-4438
-      If no source code, add a blank component in order for the "more action" link to be weel displayed
+    <!--
+      SONAR-4438 If no source code, add blank lines in order for the "more action" link to be well displayed
     -->
     <div style="height: 60px;"></div>
   <% end %>