From e1e54e5839138129dca33eea3f8d2e781fceab34 Mon Sep 17 00:00:00 2001
From: Julien Lancelot <julien.lancelot@sonarsource.com>
Date: Thu, 28 Aug 2014 18:18:27 +0200
Subject: [PATCH] SONAR-5542 /batch/file should never be secured

---
 .../WEB-INF/app/controllers/api/java_ws_controller.rb       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/java_ws_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/java_ws_controller.rb
index a30a743e98a..4be0899f0b4 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/java_ws_controller.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/api/java_ws_controller.rb
@@ -21,7 +21,7 @@
 # since 4.2
 class Api::JavaWsController < Api::ApiController
 
-  before_filter :check_authentication, :unless => ['skip_authentication_check_for_batch_index']
+  before_filter :check_authentication, :unless => ['skip_authentication_check_for_batch']
 
   def index
     ws_request = Java::OrgSonarServerWs::ServletRequest.new(servlet_request, params.to_java)
@@ -40,8 +40,8 @@ class Api::JavaWsController < Api::ApiController
   end
 
 
-  def skip_authentication_check_for_batch_index
-    params[:wspath]=='batch' && params[:wsaction]=='index'
+  def skip_authentication_check_for_batch
+    (params[:wspath]=='batch' && params[:wsaction]=='index') || (params[:wspath]=='batch' && params[:wsaction]=='file')
   end
 
 end
-- 
2.39.5