diff options
| author | simonbrandhof <simon.brandhof@gmail.com> | 2010-10-18 11:51:09 +0000 |
|---|---|---|
| committer | simonbrandhof <simon.brandhof@gmail.com> | 2010-10-18 11:51:09 +0000 |
| commit | 7ac4355ccf1dc10656f2d9c8b0eb0307d6fbcfae (patch) | |
| tree | 326edfa628b344ce3dee81b6d426bbb0cae24ca8 | |
| parent | 5a81c5394cca9964e1f11a3acadc9b43fe0e644b (diff) | |
| download | sonarqube-7ac4355ccf1dc10656f2d9c8b0eb0307d6fbcfae.tar.gz sonarqube-7ac4355ccf1dc10656f2d9c8b0eb0307d6fbcfae.zip | |
VIEWS-20 Do not check user authorization on view components
3 files changed, 7 insertions, 6 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb index deff4f44ebc..a8f01446763 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/resources_controller.rb @@ -26,6 +26,7 @@ class Api::ResourcesController < Api::ApiController @resource=Project.by_key(resource_id) @snapshot=(@resource ? @resource.last_snapshot : nil) raise ApiException.new(404, "Resource [#{resource_id}] not found") if @snapshot.nil? + raise ApiException.new(401, "Unauthorized") unless has_role?(:user, @snapshot) else @snapshot=nil if params['scopes'].blank? && params['qualifiers'].blank? @@ -139,8 +140,10 @@ class Api::ResourcesController < Api::ApiController snapshots_including_resource=Snapshot.find(:all, :conditions => [snapshots_conditions.join(' AND '), snapshots_values], :include => 'project') - # ---------- APPLY SECURITY - remove unauthorized resources - snapshots_including_resource=select_authorized(:user, snapshots_including_resource) + # ---------- APPLY SECURITY - remove unauthorized resources - only if no selected resource + if @resource.nil? + snapshots_including_resource=select_authorized(:user, snapshots_including_resource) + end # ---------- PREPARE RESPONSE resource_by_sid={} diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb index 3de423f9bbd..ff850983a88 100644 --- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb +++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/components_controller.rb @@ -35,8 +35,7 @@ class ComponentsController < ApplicationController return access_denied unless has_role?(:user, @project) @snapshot = @project.last_snapshot @snapshots = Snapshot.find(:all, :include => 'project', :conditions => ['snapshots.parent_snapshot_id=? and snapshots.qualifier<>? and projects.qualifier<>?', @snapshot.id, Snapshot::QUALIFIER_UNIT_TEST_CLASS, Snapshot::QUALIFIER_UNIT_TEST_CLASS]) - @snapshots = select_authorized(:user, @snapshots) - + @columns = @dashboard_configuration.selected_columns metrics = @dashboard_configuration.homepage_metrics diff --git a/sonar-server/src/main/webapp/stylesheets/style.css b/sonar-server/src/main/webapp/stylesheets/style.css index 5f7900bcd32..c762d13293d 100644 --- a/sonar-server/src/main/webapp/stylesheets/style.css +++ b/sonar-server/src/main/webapp/stylesheets/style.css @@ -454,8 +454,7 @@ table.data th img, table.data td img { .data thead tr.total { background-color: #eee; font-weight: normal; - border-bottom: 1px solid #ddd; - border-top: 1px solid #ddd; + border: 1px solid #ddd; } .data thead tr.total th { font-weight: normal; |