mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
Browse Source

VIEWS-20 Do not check user authorization on view components

tags/2.6
simonbrandhof 13 years ago
parent
5a81c5394c
commit
7ac4355ccf
3 changed files with 7 additions and 6 deletions
Split View Show Diff Stats
  1. 5
    2
      sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb
  2. 1
    2
      sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb
  3. 1
    2
      sonar-server/src/main/webapp/stylesheets/style.css

+ 5
- 2
sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb View File

@@ -26,6 +26,7 @@ class Api::ResourcesController < Api::ApiController
@resource=Project.by_key(resource_id)
@snapshot=(@resource ? @resource.last_snapshot : nil)
raise ApiException.new(404, "Resource [#{resource_id}] not found") if @snapshot.nil?
raise ApiException.new(401, "Unauthorized") unless has_role?(:user, @snapshot)
else
@snapshot=nil
if params['scopes'].blank? && params['qualifiers'].blank?
@@ -139,8 +140,10 @@ class Api::ResourcesController < Api::ApiController

snapshots_including_resource=Snapshot.find(:all, :conditions => [snapshots_conditions.join(' AND '), snapshots_values], :include => 'project')

# ---------- APPLY SECURITY - remove unauthorized resources
snapshots_including_resource=select_authorized(:user, snapshots_including_resource)
# ---------- APPLY SECURITY - remove unauthorized resources - only if no selected resource
if @resource.nil?
snapshots_including_resource=select_authorized(:user, snapshots_including_resource)
end

# ---------- PREPARE RESPONSE
resource_by_sid={}

+ 1
- 2
sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb View File

@@ -35,8 +35,7 @@ class ComponentsController < ApplicationController
return access_denied unless has_role?(:user, @project)
@snapshot = @project.last_snapshot
@snapshots = Snapshot.find(:all, :include => 'project', :conditions => ['snapshots.parent_snapshot_id=? and snapshots.qualifier<>? and projects.qualifier<>?', @snapshot.id, Snapshot::QUALIFIER_UNIT_TEST_CLASS, Snapshot::QUALIFIER_UNIT_TEST_CLASS])
@snapshots = select_authorized(:user, @snapshots)

@columns = @dashboard_configuration.selected_columns
metrics = @dashboard_configuration.homepage_metrics


+ 1
- 2
sonar-server/src/main/webapp/stylesheets/style.css View File

@@ -454,8 +454,7 @@ table.data th img, table.data td img {
.data thead tr.total {
background-color: #eee;
font-weight: normal;
border-bottom: 1px solid #ddd;
border-top: 1px solid #ddd;
border: 1px solid #ddd;
}
.data thead tr.total th {
font-weight: normal;

Write Preview
Loading…
Cancel
Save