2 files changed, 42 insertions, 12 deletions

diff --git a/plugins/sonar-core-plugin/src/main/resources/org/sonar/plugins/core/widgets/issues/issue_filter.html.erb b/plugins/sonar-core-plugin/src/main/resources/org/sonar/plugins/core/widgets/issues/issue_filter.html.erb
index 6e5203df6c1..10a2f1ae5e5 100644
--- a/plugins/sonar-core-plugin/src/main/resources/org/sonar/plugins/core/widgets/issues/issue_filter.html.erb
+++ b/plugins/sonar-core-plugin/src/main/resources/org/sonar/plugins/core/widgets/issues/issue_filter.html.erb
@@ -3,10 +3,13 @@
    filter_id = widget_properties['filter']
    filter = Internal.issues.findIssueFilterById(filter_id.to_i)
    distribution_axis = widget_properties['distributionAxis']
+   is_enough_permissions = filter.shared || (current_user && filter.userLogin == current_user.login)
 %>
 
 <% if filter %>
 
+  <% if is_enough_permissions %>
+
     <% @widget_title = "<a href=\"#{url_for({:controller => 'issues', :action => 'index'})}#id=#{filter.id}\">#{h(filter.name)}</a>" %>
     <% if widget_properties['displayFilterDescription'] && !filter.description.blank? %>
       <p class="note spacer-bottom"><%= h filter.description -%></p>
@@ -16,6 +19,7 @@
     <script>
       (function () {
         var query = '<%= filter.data -%>';
+
         // do not show widget if the filter contains "my" criterion,
         // and a user is not authenticated
         if (query && query.indexOf('__me__') !== -1 && !window.SS.user) {
@@ -35,6 +39,12 @@
       })();
     </script>
 
+  <% else %>
+
+    <p class="alert alert-warning"><%= message 'widget.issue_filter.insufficient_privileges_warning' -%></p>
+
+  <% end %>
+
 <% else %>
 
   <p class="alert alert-warning"><%= message 'widget.issue_filter.unknown_filter_warning' -%></p>
diff --git a/plugins/sonar-core-plugin/src/main/resources/org/sonar/plugins/core/widgets/issues/project_issue_filter.html.erb b/plugins/sonar-core-plugin/src/main/resources/org/sonar/plugins/core/widgets/issues/project_issue_filter.html.erb
index e901d6f0cfa..46a1e088d7d 100644
--- a/plugins/sonar-core-plugin/src/main/resources/org/sonar/plugins/core/widgets/issues/project_issue_filter.html.erb
+++ b/plugins/sonar-core-plugin/src/main/resources/org/sonar/plugins/core/widgets/issues/project_issue_filter.html.erb
@@ -3,6 +3,7 @@
    filter_id = widget_properties['filter']
    filter = Internal.issues.findIssueFilterById(filter_id.to_i)
    distribution_axis = widget_properties['distributionAxis']
+   is_enough_permissions = filter.shared || (current_user && filter.userLogin == current_user.login)
 
    if @dashboard_configuration.selected_period?
      period_date = @snapshot.period_datetime(@dashboard_configuration.period_index).strftime('%FT%T%z')
@@ -13,6 +14,8 @@
 
 <% if filter %>
 
+  <% if is_enough_permissions %>
+
     <% @widget_title = "<a href=\"#{url_for({:controller => 'component_issues', :action => 'index'})}?id=#{u(@project.key)}##{filter.data}\">#{h(filter.name)}</a>" %>
     <% if widget_properties['displayFilterDescription'] && !filter.description.blank? %>
       <p class="note spacer-bottom"><%= h filter.description -%></p>
@@ -20,22 +23,39 @@
 
     <div id="<%= container_id -%>"></div>
     <script>
-      require(['widgets/issue-filter'], function (IssueFilter) {
-        window.requestMessages().done(function () {
-          new IssueFilter({
-            el: '#<%= container_id -%>',
-            query: '<%= filter.data -%>',
-            distributionAxis: '<%= distribution_axis -%>',
-            <% if period_date %>
-            periodDate: '<%= period_date -%>',
-            <% end %>
-            componentUuid: '<%= @project.uuid -%>',
-            componentKey: '<%= @project.key -%>'
+      (function () {
+        var query = '<%= filter.data -%>';
+
+        // do not show widget if the filter contains "my" criterion,
+        // and a user is not authenticated
+        if (query && query.indexOf('__me__') !== -1 && !window.SS.user) {
+          jQuery('#<%= container_id -%>').closest('.block').addClass('hidden');
+          return;
+        }
+
+        require(['widgets/issue-filter'], function (IssueFilter) {
+          window.requestMessages().done(function () {
+            new IssueFilter({
+              el: '#<%= container_id -%>',
+              query: query,
+              distributionAxis: '<%= distribution_axis -%>',
+              <% if period_date %>
+              periodDate: '<%= period_date -%>',
+              <% end %>
+              componentUuid: '<%= @project.uuid -%>',
+              componentKey: '<%= @project.key -%>'
+            });
           });
         });
-      });
+      })();
     </script>
 
+  <% else %>
+
+    <p class="alert alert-warning"><%= message 'widget.issue_filter.insufficient_privileges_warning' -%></p>
+
+  <% end %>
+
 <% else %>
 
   <p class="alert alert-warning"><%= message 'widget.issue_filter.unknown_filter_warning' -%></p>