From 4855ea135e5685bb818985dc58603746d2fb8676 Mon Sep 17 00:00:00 2001
From: Simon Brandhof <simon.brandhof@gmail.com>
Date: Thu, 6 Dec 2012 17:09:17 +0100
Subject: [PATCH] SONAR-3825 system filters should be editable by
 administrators

---
 .../WEB-INF/app/controllers/measures_controller.rb     | 10 +++-------
 .../main/webapp/WEB-INF/app/models/measure_filter.rb   |  5 +++++
 .../webapp/WEB-INF/app/views/measures/search.html.erb  |  2 +-
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb
index 82c27224d29..6245780508d 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb
@@ -111,7 +111,7 @@ class MeasuresController < ApplicationController
     require_parameters :id
 
     @filter = MeasureFilter.find(params[:id])
-    access_denied unless owner?(@filter)
+    access_denied unless @filter.owner?(current_user)
     @filter.name=params[:name]
     @filter.description=params[:description]
     @filter.shared=(params[:shared]=='true')
@@ -177,7 +177,7 @@ class MeasuresController < ApplicationController
                                              :conditions => ['user_id=? and measure_filter_id=?', current_user.id, params[:id]])
     if favourites.empty?
       filter = find_filter(params[:id])
-      current_user.favourited_measure_filters<<filter if filter.shared || owner?(filter)
+      current_user.favourited_measure_filters<<filter if filter.shared || filter.owner?(current_user)
       is_favourite = true
     else
       favourites.each { |fav| fav.delete }
@@ -190,11 +190,7 @@ class MeasuresController < ApplicationController
   private
   def find_filter(id)
     filter = MeasureFilter.find(id)
-    access_denied unless filter.shared || owner?(filter)
+    access_denied unless filter.shared || filter.owner?(current_user)
     filter
   end
-
-  def owner?(filter)
-    current_user && (filter.user_id==current_user.id || (filter.user_id==nil && has_role?(:admin)))
-  end
 end
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/models/measure_filter.rb b/sonar-server/src/main/webapp/WEB-INF/app/models/measure_filter.rb
index 9269e17bf0f..de0c2d546d4 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/models/measure_filter.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/models/measure_filter.rb
@@ -190,6 +190,11 @@ class MeasureFilter < ActiveRecord::Base
     self
   end
 
+  def owner?(user)
+    return false if user==nil || user.id==nil
+    (self.id==nil) || (self.user_id==user.id) || (self.user_id==nil && user.has_role?(:admin))
+  end
+
   private
 
   def init_results
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/measures/search.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/measures/search.html.erb
index e0536642290..6ce16c95087 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/measures/search.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/measures/search.html.erb
@@ -26,7 +26,7 @@
               <% if @filter.id %>
                 <li><a id="copy" href="<%= url_for params.merge({:action => 'copy_form', :id => @filter.id}) -%>" class="link-action open-modal"><%= message('copy') -%></a></li>
               <% end %>
-              <% if @filter.id==nil || @filter.user_id==current_user.id %>
+              <% if @filter.owner?(current_user) %>
                 <li><a id="save" href="<%= url_for params.merge({:action => 'save_form', :id => @filter.id}) -%>" class="link-action open-modal"><%= message('save') -%></a></li>
               <% end %>
             <% end %>
-- 
2.39.5