From 4fd3ef565482eddf5fae5458c5e7b3f0a28ef6d9 Mon Sep 17 00:00:00 2001
From: Julien Lancelot <julien.lancelot@gmail.com>
Date: Wed, 18 Sep 2013 16:58:57 +0200
Subject: [PATCH] SONAR-4686 Without the 'Code Viewer' permission it should not
 be possible to see the code snippet attached to each issue (cherry picked
 from commit 77eb8da)

---
 .../src/main/webapp/WEB-INF/app/views/issue/_show.html.erb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb
index 14a8520d3b5..54f8f0ea89a 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issue/_show.html.erb
@@ -25,13 +25,14 @@
   <%= render :partial => 'issue/issue', :locals => {:issue => @issue_results.first} -%>
   </div>
 
-  <% if @snapshot && @issue.line && params[:source]!='false' %>
+  <!-- SONAR-4686 Do not display source code if user has not the "Code Viewer" permission -->
+  <% if @snapshot && @issue.line && params[:source]!='false' && has_role?(:codeviewer, @snapshot.project) %>
     <div class="bordered">
       <%= snapshot_html_source(@snapshot, {:line_range => (@issue.line-5)..(@issue.line+5), :highlighted_lines => [@issue.line]}) -%>
     </div>
   <% else %>
-    <!-- SONAR-4438
-      If no source code, add a blank component in order for the "more action" link to be weel displayed
+    <!--
+      SONAR-4438 If no source code, add blank lines in order for the "more action" link to be well displayed
     -->
     <div style="height: 60px;"></div>
   <% end %>
-- 
2.39.5