From cbf0b7bdaa96aa15cdccb58fd8067cbc809c8e0b Mon Sep 17 00:00:00 2001 From: Julien Lancelot Date: Mon, 25 Aug 2014 16:33:13 +0200 Subject: [PATCH] SONAR-5036 When drilling down on a measure, return all projects (even the projects the user don't have access to), but display a message when user click on a project he's not authorized to see --- .../webapp/WEB-INF/app/models/drilldown.rb | 16 +++++++------- .../app/views/drilldown/issues.html.erb | 21 +++++++++++-------- .../app/views/drilldown/measures.html.erb | 15 +++++++------ .../resources/org/sonar/l10n/core.properties | 1 + 4 files changed, 29 insertions(+), 24 deletions(-) diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/models/drilldown.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/models/drilldown.rb index 012d8eacceb..bbd44a080e0 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/models/drilldown.rb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/models/drilldown.rb @@ -19,7 +19,7 @@ # class Drilldown - attr_reader :resource, :metric, :selected_resource_ids, :controller + attr_reader :resource, :metric, :selected_resource_ids, :controller, :selected_project_not_authorized attr_reader :snapshot, :columns, :highlighted_resource, :highlighted_snapshot def initialize(resource, metric, selected_resource_ids, controller, options={}) @@ -39,6 +39,11 @@ class Drilldown if column.selected_snapshot @highlighted_snapshot=column.selected_snapshot @highlighted_resource=column.selected_snapshot.project + # User should only access projects he's authorized to see. + unless controller.has_role?(:user, (column.selected_snapshot.project.copy_resource_id || column.selected_snapshot.resource_id_for_authorization)) + @selected_project_not_authorized = true + break + end end end column=DrilldownColumn.new(self, column) @@ -142,13 +147,7 @@ class DrilldownColumn sids=@measures.map { |m| m.snapshot_id }.compact.uniq unless sids.empty? snapshots = Snapshot.all(:include => :project, :conditions => {'snapshots.id' => sids}) - - # User should only see projects he's authorized to see. - authorized_project_ids = snapshots.map{|s| s.project.copy_resource_id || s.resource_id_for_authorization}.compact - authorized_project_ids = @drilldown.controller.select_authorized(:user, authorized_project_ids) unless authorized_project_ids.empty? - authorized_snapshots = snapshots.select{|s| authorized_project_ids.include?(s.project.copy_resource_id || s.resource_id_for_authorization)} - - authorized_snapshots.each do |snapshot| + snapshots.each do |snapshot| @resource_per_sid[snapshot.id]=snapshot.project if @drilldown.selected_resource_ids.include?(snapshot.project_id) @selected_snapshot=snapshot @@ -157,7 +156,6 @@ class DrilldownColumn end end - # The resource can be null if it's linked to a copy (on a View or a Developer) def resource(measure) @resource_per_sid[measure.snapshot_id] end diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb b/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb index 03f26531bd7..1f9d2a805bd 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb @@ -127,6 +127,7 @@ rids=[] first_column=true last_base_snapshot=nil + last_column = nil @drilldown.columns.each_with_index do |column, index| %> <% if first_column %> @@ -139,13 +140,12 @@ <% column.measures.each_with_index do |measure, row_index| resource=column.resource(measure) - if resource - clazz = cycle('even', 'odd', :name => "col_#{index}") - selected = column.selected_snapshot && column.selected_snapshot.project_id==resource.id - if selected - clazz += ' selected' - paths << [h(resource.name), @selected_rids-[resource.id]] - end + clazz = cycle('even', 'odd', :name => "col_#{index}") + selected = column.selected_snapshot && column.selected_snapshot.project_id==resource.id + if selected + clazz += ' selected' + paths << [h(resource.name), @selected_rids-[resource.id]] + end %> @@ -170,8 +170,7 @@ <%= @period ? format_variation(measure, :period => @period, :style => 'light') : measure.formatted_value -%> - <% end - end %> + <% end %> @@ -181,11 +180,15 @@ <% end first_column = column.switch? rids< + <% if last_column && @drilldown.selected_project_not_authorized %> +

<%= message('not_authorized_to_access_project', {:params => last_column.selected_snapshot.project.name}) -%>

+ <% end %>