SONAR-4099 Issues & Measures filters should also be sharable only by users who have this permission.

author: Julien Lancelot <julien.lancelot@gmail.com> 2013-07-17 15:00:36 +0200
committer: Julien Lancelot <julien.lancelot@gmail.com> 2013-07-17 15:00:47 +0200
commit: f50240d53b1f6f67daecfeabb26bd45af0072f55 (patch)
tree: 0fc663b3bae4092551166de1cc37fc75bc99d79a /sonar-server/src/main/webapp
parent: 0db9eedd3e086a2b18a4e3395f970693cf998b1c (diff)
download: sonarqube-f50240d53b1f6f67daecfeabb26bd45af0072f55.tar.gz
sonarqube-f50240d53b1f6f67daecfeabb26bd45af0072f55.zip
5 files changed, 32 insertions, 23 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/api_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/api_controller.rb
index 80976c8ae09..2e09ab554ea 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/api_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/api/api_controller.rb
@@ -78,7 +78,7 @@ class Api::ApiController < ApplicationController
   #
   #
 
-  def render_native_access_denied
+  def render_native_access_denied(exception)
     render_access_denied
   end
 
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/application_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/application_controller.rb
index 869c6b61458..fb7fa6d6b2b 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/application_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/application_controller.rb
@@ -174,17 +174,21 @@ class ApplicationController < ActionController::Base
     render :text => message, :status => exception.httpCode
   end
 
-  def render_native_access_denied
-    access_denied
+  def render_native_access_denied(exception)
+    if request.xhr?
+      render_server_exception(exception)
+    else
+      access_denied
+    end
   end
 
   def render_native_exception(error)
     if error.cause.java_kind_of? Java::JavaLang::IllegalArgumentException
       render_bad_request(error.cause.getMessage)
     elsif error.cause.java_kind_of? Java::OrgSonarServerExceptions::UnauthorizedException
-      render_native_access_denied
+      render_native_access_denied(error.cause)
     elsif error.cause.java_kind_of? Java::OrgSonarServerExceptions::ForbiddenException
-      render_native_access_denied
+      render_native_access_denied(error.cause)
     elsif error.cause.java_kind_of? Java::OrgSonarServerExceptions::HttpException
       render_server_exception(error.cause)
     else
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb
index 078f69f9f27..e83daf4af9a 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/measures_controller.rb
@@ -85,7 +85,7 @@ class MeasuresController < ApplicationController
     end
     @filter.name=params[:name]
     @filter.description=params[:description]
-    @filter.shared=(params[:shared]=='true')
+    @filter.shared=(params[:shared]=='true') && has_role?(:shareDashboard)
     @filter.data=URI.unescape(params[:data])
     if @filter.save
       current_user.favourited_measure_filters<<@filter if add_to_favourites
@@ -138,7 +138,7 @@ class MeasuresController < ApplicationController
 
     @filter.name=params[:name]
     @filter.description=params[:description]
-    @filter.shared=(params[:shared]=='true')
+    @filter.shared=(params[:shared]=='true') && has_role?(:shareDashboard)
     if has_role?(:admin) && params[:owner]
       @filter.user = User.find_by_login(params[:owner])
     end
@@ -171,7 +171,8 @@ class MeasuresController < ApplicationController
     target.name=params[:name]
     target.description=params[:description]
     target.user_id=current_user.id
-    target.shared=(params[:shared]=='true')
+    # Copy of filter should never be shared
+    target.shared=false
     target.data=source.data
     if target.save
       current_user.favourited_measure_filters << target
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/issues/_filter_shared_form.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/issues/_filter_shared_form.html.erb
index d595611f70e..5945781f885 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/issues/_filter_shared_form.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/issues/_filter_shared_form.html.erb
@@ -20,12 +20,14 @@
   <% else %>
     <input id="user" name="user" type="hidden" value="<%= h(@filter.user) if @filter -%>"/>
   <% end %>
-  <div class="modal-field">
-    <% if !@filter || @filter.user == current_user.login %>
-      <label for="shared"><%= message('issue_filter.form.share') -%></label>
-      <input id="shared" name="shared" type="checkbox" value="true" <%= 'checked' if (@filter && @filter.shared) -%>/>
-    <% else %>
-      <input id="shared" name="shared" type="hidden" value="<%= @filter.shared if @filter -%>"/>
-    <% end %>
-  </div>
+  <% if Internal.issues.canUserShareIssueFilter() %>
+    <div class="modal-field">
+      <% if !@filter || @filter.user == current_user.login %>
+        <label for="shared"><%= message('issue_filter.form.share') -%></label>
+        <input id="shared" name="shared" type="checkbox" value="true" <%= 'checked' if (@filter && @filter.shared) -%>/>
+      <% else %>
+        <input id="shared" name="shared" type="hidden" value="<%= @filter.shared if @filter -%>"/>
+      <% end %>
+    </div>
+  <% end %>
 </div>
 \ No newline at end of file
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/measures/_shared_form.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/measures/_shared_form.html.erb
index f5a6ed43dbe..6b551d48a38 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/measures/_shared_form.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/measures/_shared_form.html.erb
@@ -19,12 +19,14 @@
       <%= user_select_tag('owner', :html_id => 'select-filter-owner', :selected_user => @filter.user) -%>
     </div>
   <% end %>
-  <% if @filter.user_id.nil? || @filter.user_id == current_user.id %>
-    <div class="modal-field">
-      <label for="shared"><%= h message('measure_filter.shared_with_all_users') -%></label>
-      <input id="shared" name="shared" type="checkbox" value="true" <%= 'checked' if @filter.shared -%>/>
-    </div>
-  <% else %>
-    <input id="shared" name="shared" type="hidden" value="<%= @filter.shared -%>"/>
+  <% if has_role?(:shareDashboard) %>
+    <% if @filter.user_id.nil? || @filter.user_id == current_user.id %>
+      <div class="modal-field">
+        <label for="shared"><%= h message('measure_filter.shared_with_all_users') -%></label>
+        <input id="shared" name="shared" type="checkbox" value="true" <%= 'checked' if @filter.shared -%>/>
+      </div>
+    <% else %>
+      <input id="shared" name="shared" type="hidden" value="<%= @filter.shared -%>"/>
+    <% end %>
   <% end %>
 </div>
 \ No newline at end of file
author	Julien Lancelot <julien.lancelot@gmail.com>	2013-07-17 15:00:36 +0200
committer	Julien Lancelot <julien.lancelot@gmail.com>	2013-07-17 15:00:47 +0200
commit	f50240d53b1f6f67daecfeabb26bd45af0072f55 (patch)
tree	0fc663b3bae4092551166de1cc37fc75bc99d79a /sonar-server/src/main/webapp
parent	0db9eedd3e086a2b18a4e3395f970693cf998b1c (diff)
download	sonarqube-f50240d53b1f6f67daecfeabb26bd45af0072f55.tar.gz sonarqube-f50240d53b1f6f67daecfeabb26bd45af0072f55.zip