From 1ef7b2e5b9941924a9abdabc32fcd95081e2e66b Mon Sep 17 00:00:00 2001
From: David Gageot <david@gageot.net>
Date: Tue, 22 May 2012 19:13:55 +0200
Subject: [PATCH] FIX we shouldn't be able to unfollow a non-shared dashboard

---
 .../WEB-INF/app/controllers/dashboards_controller.rb     | 9 ++++++---
 .../webapp/WEB-INF/app/views/dashboards/index.html.erb   | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboards_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboards_controller.rb
index 587c81fc80f..bf45f8149de 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboards_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/dashboards_controller.rb
@@ -135,10 +135,13 @@ class DashboardsController < ApplicationController
   def unfollow
     add_default_dashboards_if_first_user_dashboard
 
-    ActiveDashboard.destroy_all(['user_id=? AND dashboard_id=?', current_user.id, params[:id].to_i])
+    dashboard=Dashboard.find(:first, :conditions => ['shared=? and id=? and (user_id is null or user_id<>?)', true, params[:id].to_i, current_user.id])
+    if dashboard
+      ActiveDashboard.destroy_all(['user_id=? AND dashboard_id=?', current_user.id, params[:id].to_i])
 
-    if ActiveDashboard.count(:conditions => ['user_id=?', current_user.id])==0
-      flash[:notice]=Api::Utils.message('dashboard.default_restored')
+      if ActiveDashboard.count(:conditions => ['user_id=?', current_user.id])==0
+        flash[:notice]=Api::Utils.message('dashboard.default_restored')
+      end
     end
     redirect_to :action => 'index', :resource => params[:resource]
   end
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboards/index.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboards/index.html.erb
index 23cb6fcbf60..a213bae9df9 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/dashboards/index.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/dashboards/index.html.erb
@@ -55,7 +55,7 @@
                               :confirm => message('dashboard.do_you_want_to_delete_dashboard'), :id => "delete-#{u active.name}", :class => 'link-action' %>
                 <% end %>
               <% end %>
-              <% if @actives.size() > 1 %>
+              <% if @actives.size() > 1 and active.shared? %>
                 |
                 <%= link_to message('unfollow'), {:action => :unfollow, :id => active.dashboard_id, :resource => params[:resource]}, :method => :post,
                             :id => "unfollow-#{u active.name}", :class => 'link-action' %>
-- 
2.39.5