diff options
| author | Julien Lancelot <julien.lancelot@sonarsource.com> | 2014-08-12 13:52:34 +0200 |
|---|---|---|
| committer | Julien Lancelot <julien.lancelot@sonarsource.com> | 2014-08-12 13:52:34 +0200 |
| commit | cae764c4348e68ceb31012f2bc4224de70a61524 (patch) | |
| tree | 49b1b72c41ef2ff527f29e267c91447f2478c13f /server/sonar-web | |
| parent | 1ca0cfca4d9e7c5c1a45c09a6b59912b93f21273 (diff) | |
| download | sonarqube-cae764c4348e68ceb31012f2bc4224de70a61524.tar.gz sonarqube-cae764c4348e68ceb31012f2bc4224de70a61524.zip | |
SONAR-3806 Secure "dependencies" page
Diffstat (limited to 'server/sonar-web')
| -rw-r--r-- | server/sonar-web/src/main/webapp/WEB-INF/app/controllers/dependencies_controller.rb | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/dependencies_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/dependencies_controller.rb index 26273033a6f..16de4c40c8b 100644 --- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/dependencies_controller.rb +++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/dependencies_controller.rb @@ -24,9 +24,9 @@ class DependenciesController < ApplicationController SEARCH_MINIMUM_SIZE=3 QUALIFIERS=['TRK', 'BRC', 'LIB'] - def index + def index @search=params[:search] || '' - @version=params[:version] + @version=params[:version] @resources=nil @resource=nil @versions=nil @@ -44,6 +44,8 @@ class DependenciesController < ApplicationController # @resources=Project.find(:all, :conditions => ["scope=? AND qualifier IN (?) AND enabled=? AND (UPPER(name) like ? OR kee like ?)", 'PRJ', QUALIFIERS, true, "%#{@search.upcase}%", "%#{@search}%"]) + @resources = select_authorized(:user, @resources) + Api::Utils.insensitive_sort!(@resources){|r| r.name} if params[:resource] @@ -85,18 +87,19 @@ class DependenciesController < ApplicationController # # load all the projects defining the dependencies (third column) # - project_sids=deps.map{|dep| dep.project_snapshot_id}.compact.uniq[0..950] # oracle issue with more than 1000 IN elements. Not annoying to truncate hundreds of results... - if project_sids.size>0 - @project_snapshots=Snapshot.find(:all, :include => 'project', :conditions => ['id IN (?) AND islast=? AND status=?', project_sids, true, 'P']) + @project_snapshots=[] + snapshot_ids = deps.map{|dep| dep.project_snapshot_id} + if snapshot_ids.size>0 + snapshot_ids.each_slice(999) do |safe_for_oracle_ids| + @project_snapshots.concat(Snapshot.all(:include => 'project', :conditions => ['id IN (?) AND islast=? AND status=?', safe_for_oracle_ids, true, 'P'])) + end + @project_snapshots = select_authorized(:user, @project_snapshots) Api::Utils.insensitive_sort!(@project_snapshots) {|s| s.project.name} - else - @project_snapshots=[] end end - + end - private - + end |