From cbf0b7bdaa96aa15cdccb58fd8067cbc809c8e0b Mon Sep 17 00:00:00 2001
From: Julien Lancelot <julien.lancelot@sonarsource.com>
Date: Mon, 25 Aug 2014 16:33:13 +0200
Subject: [PATCH] SONAR-5036 When drilling down on a measure, return all
 projects (even the projects the user don't have access to), but display a
 message when user click on a project he's not authorized to see

---
 .../webapp/WEB-INF/app/models/drilldown.rb    | 16 +++++++-------
 .../app/views/drilldown/issues.html.erb       | 21 +++++++++++--------
 .../app/views/drilldown/measures.html.erb     | 15 +++++++------
 .../resources/org/sonar/l10n/core.properties  |  1 +
 4 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/models/drilldown.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/models/drilldown.rb
index 012d8eacceb..bbd44a080e0 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/models/drilldown.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/models/drilldown.rb
@@ -19,7 +19,7 @@
 #
 class Drilldown
 
-  attr_reader :resource, :metric, :selected_resource_ids, :controller
+  attr_reader :resource, :metric, :selected_resource_ids, :controller, :selected_project_not_authorized
   attr_reader :snapshot, :columns, :highlighted_resource, :highlighted_snapshot
 
   def initialize(resource, metric, selected_resource_ids, controller, options={})
@@ -39,6 +39,11 @@ class Drilldown
           if column.selected_snapshot
             @highlighted_snapshot=column.selected_snapshot
             @highlighted_resource=column.selected_snapshot.project
+            # User should only access projects he's authorized to see.
+            unless controller.has_role?(:user, (column.selected_snapshot.project.copy_resource_id || column.selected_snapshot.resource_id_for_authorization))
+              @selected_project_not_authorized = true
+              break
+            end
           end
         end
         column=DrilldownColumn.new(self, column)
@@ -142,13 +147,7 @@ class DrilldownColumn
     sids=@measures.map { |m| m.snapshot_id }.compact.uniq
     unless sids.empty?
       snapshots = Snapshot.all(:include => :project, :conditions => {'snapshots.id' => sids})
-
-      # User should only see projects he's authorized to see.
-      authorized_project_ids = snapshots.map{|s| s.project.copy_resource_id || s.resource_id_for_authorization}.compact
-      authorized_project_ids = @drilldown.controller.select_authorized(:user, authorized_project_ids) unless authorized_project_ids.empty?
-      authorized_snapshots = snapshots.select{|s| authorized_project_ids.include?(s.project.copy_resource_id || s.resource_id_for_authorization)}
-
-      authorized_snapshots.each do |snapshot|
+      snapshots.each do |snapshot|
         @resource_per_sid[snapshot.id]=snapshot.project
         if @drilldown.selected_resource_ids.include?(snapshot.project_id)
           @selected_snapshot=snapshot
@@ -157,7 +156,6 @@ class DrilldownColumn
     end
   end
 
-  # The resource can be null if it's linked to a copy (on a View or a Developer)
   def resource(measure)
     @resource_per_sid[measure.snapshot_id]
   end
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb
index 03f26531bd7..1f9d2a805bd 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb
@@ -127,6 +127,7 @@
    rids=[]
    first_column=true
    last_base_snapshot=nil
+   last_column = nil
    @drilldown.columns.each_with_index do |column, index|
 %>
   <% if first_column %>
@@ -139,13 +140,12 @@
         <%
            column.measures.each_with_index do |measure, row_index|
              resource=column.resource(measure)
-             if resource
-               clazz = cycle('even', 'odd', :name => "col_#{index}")
-               selected = column.selected_snapshot && column.selected_snapshot.project_id==resource.id
-               if selected
-                 clazz += ' selected'
-                 paths << [h(resource.name), @selected_rids-[resource.id]]
-               end
+             clazz = cycle('even', 'odd', :name => "col_#{index}")
+             selected = column.selected_snapshot && column.selected_snapshot.project_id==resource.id
+             if selected
+               clazz += ' selected'
+               paths << [h(resource.name), @selected_rids-[resource.id]]
+             end
         %>
           <tr class="<%= clazz -%>" id="row_<%= index -%>_<%= row_index -%>">
             <td nowrap>
@@ -170,8 +170,7 @@
               <%= @period ? format_variation(measure, :period => @period, :style => 'light') : measure.formatted_value -%>
             </td>
           </tr>
-          <% end
-             end %>
+        <% end %>
       </table>
     </div>
   </td>
@@ -181,11 +180,15 @@
   <% end
      first_column = column.switch?
      rids<<column.selected_snapshot.project_id if column.selected_snapshot
+     last_column = column
 
      # column.base_snapshot contain the real snapshot that is selected. We have to use in when loading issues in order to corretly load issues, for instance on views.
      last_base_snapshot = column.base_snapshot
      end
   %>
+  <% if last_column && @drilldown.selected_project_not_authorized %>
+    <p class="notes"><%= message('not_authorized_to_access_project', {:params => last_column.selected_snapshot.project.name}) -%></p>
+  <% end %>
 
 <script>
   $j('#col_rules tr.selected').each(function (index,item) {
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/measures.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/measures.html.erb
index 142eb95bb77..56e4d0500d7 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/measures.html.erb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/measures.html.erb
@@ -56,6 +56,7 @@
   <%
      rids=[]
      first_column=true
+     last_column = nil
      @drilldown.columns.each_with_index do |column, index|
   %>
     <% if first_column %>
@@ -68,10 +69,9 @@
         <table class="spaced">
           <% column.measures.each_with_index do |measure, row_index|
             resource=column.resource(measure)
-            if resource
-              selected = column.selected_snapshot && column.selected_snapshot.project_id==resource.id
-              clazz = cycle("even", "odd", :name => "col_#{index}")
-              clazz = clazz + ' selected' if selected
+            selected = column.selected_snapshot && column.selected_snapshot.project_id==resource.id
+            clazz = cycle("even", "odd", :name => "col_#{index}")
+            clazz = clazz + ' selected' if selected
           %>
             <tr class="<%= clazz -%>" id="row_<%= index -%>_<%= row_index -%>">
               <td nowrap>
@@ -95,8 +95,7 @@
                 <%= format_measure(measure, :skip_span_id => true, :period => @period) -%>
               </td>
             </tr>
-          <% end
-            end %>
+          <% end %>
         </table>
       </div>
     </td>
@@ -107,8 +106,12 @@
     <% end
        first_column = column.switch?
        rids<<column.selected_snapshot.project_id if column.selected_snapshot
+       last_column = column
        end
     %>
+    <% if last_column && @drilldown.selected_project_not_authorized %>
+      <p class="notes"><%= message('not_authorized_to_access_project', {:params => last_column.selected_snapshot.project.name}) -%></p>
+    <% end %>
 </div>
 <script>
   <% for i in 0...@drilldown.columns.size do  %>
diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
index 6ec7275a21f..bc649128268 100644
--- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties
+++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
@@ -222,6 +222,7 @@ new_window=New window
 no_data=No data
 no_lines_match_your_filter_criteria=No lines match your filter criteria.
 no_results=No results
+not_authorized_to_access_project=You are not authorized to access to this '{0}' project
 over_x_days=over {0} days
 over_x_days.short={0} days
 over_x_days_detailed=over {0} days ({1})
-- 
2.39.5