From 7ac4355ccf1dc10656f2d9c8b0eb0307d6fbcfae Mon Sep 17 00:00:00 2001 From: simonbrandhof Date: Mon, 18 Oct 2010 11:51:09 +0000 Subject: [PATCH] VIEWS-20 Do not check user authorization on view components --- .../WEB-INF/app/controllers/api/resources_controller.rb | 7 +++++-- .../WEB-INF/app/controllers/components_controller.rb | 3 +-- sonar-server/src/main/webapp/stylesheets/style.css | 3 +-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb index deff4f44ebc..a8f01446763 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb @@ -26,6 +26,7 @@ class Api::ResourcesController < Api::ApiController @resource=Project.by_key(resource_id) @snapshot=(@resource ? @resource.last_snapshot : nil) raise ApiException.new(404, "Resource [#{resource_id}] not found") if @snapshot.nil? + raise ApiException.new(401, "Unauthorized") unless has_role?(:user, @snapshot) else @snapshot=nil if params['scopes'].blank? && params['qualifiers'].blank? @@ -139,8 +140,10 @@ class Api::ResourcesController < Api::ApiController snapshots_including_resource=Snapshot.find(:all, :conditions => [snapshots_conditions.join(' AND '), snapshots_values], :include => 'project') - # ---------- APPLY SECURITY - remove unauthorized resources - snapshots_including_resource=select_authorized(:user, snapshots_including_resource) + # ---------- APPLY SECURITY - remove unauthorized resources - only if no selected resource + if @resource.nil? + snapshots_including_resource=select_authorized(:user, snapshots_including_resource) + end # ---------- PREPARE RESPONSE resource_by_sid={} diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb index 3de423f9bbd..ff850983a88 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb @@ -35,8 +35,7 @@ class ComponentsController < ApplicationController return access_denied unless has_role?(:user, @project) @snapshot = @project.last_snapshot @snapshots = Snapshot.find(:all, :include => 'project', :conditions => ['snapshots.parent_snapshot_id=? and snapshots.qualifier<>? and projects.qualifier<>?', @snapshot.id, Snapshot::QUALIFIER_UNIT_TEST_CLASS, Snapshot::QUALIFIER_UNIT_TEST_CLASS]) - @snapshots = select_authorized(:user, @snapshots) - + @columns = @dashboard_configuration.selected_columns metrics = @dashboard_configuration.homepage_metrics diff --git a/sonar-server/src/main/webapp/stylesheets/style.css b/sonar-server/src/main/webapp/stylesheets/style.css index 5f7900bcd32..c762d13293d 100644 --- a/sonar-server/src/main/webapp/stylesheets/style.css +++ b/sonar-server/src/main/webapp/stylesheets/style.css @@ -454,8 +454,7 @@ table.data th img, table.data td img { .data thead tr.total { background-color: #eee; font-weight: normal; - border-bottom: 1px solid #ddd; - border-top: 1px solid #ddd; + border: 1px solid #ddd; } .data thead tr.total th { font-weight: normal; -- 2.39.5