From d96219c143aa41a5be020c850e45425c51c3d428 Mon Sep 17 00:00:00 2001
From: Julien Lancelot <julien.lancelot@gmail.com>
Date: Fri, 20 Sep 2013 13:44:49 +0200
Subject: SONAR-4537 Code Viewer permission should only prevent users from
 seeing the code, not from using any other feature

---
 .../java/org/sonar/server/ui/DefaultPages.java     |   8 +-
 .../WEB-INF/app/controllers/resource_controller.rb |   2 +-
 .../app/views/resource/_duplications.html.erb      | 139 +++++++++++----------
 .../WEB-INF/app/views/resource/_index.html.erb     |  30 +++--
 .../WEB-INF/app/views/resource/_options.html.erb   |   2 +-
 .../WEB-INF/app/views/shared/_source_display.erb   |  16 +--
 6 files changed, 103 insertions(+), 94 deletions(-)

(limited to 'sonar-server/src/main')

diff --git a/sonar-server/src/main/java/org/sonar/server/ui/DefaultPages.java b/sonar-server/src/main/java/org/sonar/server/ui/DefaultPages.java
index f2f25d9c307..09d958c2176 100644
--- a/sonar-server/src/main/java/org/sonar/server/ui/DefaultPages.java
+++ b/sonar-server/src/main/java/org/sonar/server/ui/DefaultPages.java
@@ -42,7 +42,7 @@ public final class DefaultPages {
   @NavigationSection(NavigationSection.RESOURCE_TAB)
   @DefaultTab
   @ResourceQualifier({Qualifiers.FILE, Qualifiers.CLASS, Qualifiers.UNIT_TEST_FILE})
-  @UserRole(UserRole.CODEVIEWER)
+  @UserRole(UserRole.USER)
   private static final class SourceTab implements RubyRailsPage {
     public String getTemplate() {
       return NOT_APPLICABLE;
@@ -80,7 +80,7 @@ public final class DefaultPages {
       CoreMetrics.NEW_OVERALL_LINES_TO_COVER_KEY, CoreMetrics.NEW_OVERALL_BRANCH_COVERAGE_KEY, CoreMetrics.NEW_OVERALL_CONDITIONS_TO_COVER_KEY,
       CoreMetrics.NEW_OVERALL_UNCOVERED_CONDITIONS_KEY})
   @RequiredMeasures(anyOf = {CoreMetrics.COVERAGE_KEY, CoreMetrics.IT_COVERAGE_KEY, CoreMetrics.OVERALL_COVERAGE_KEY})
-  @UserRole(UserRole.CODEVIEWER)
+  @UserRole(UserRole.USER)
   private static final class CoverageTab implements RubyRailsPage {
     public String getTemplate() {
       return NOT_APPLICABLE;
@@ -106,7 +106,7 @@ public final class DefaultPages {
   @ResourceQualifier(
       value = {Qualifiers.VIEW, Qualifiers.SUBVIEW, Qualifiers.PROJECT, Qualifiers.MODULE, Qualifiers.PACKAGE, Qualifiers.DIRECTORY, Qualifiers.FILE, Qualifiers.CLASS,
           Qualifiers.UNIT_TEST_FILE})
-  @UserRole(UserRole.CODEVIEWER)
+  @UserRole(UserRole.USER)
   private static final class IssuesTab implements RubyRailsPage {
     public String getTemplate() {
       return NOT_APPLICABLE;
@@ -124,7 +124,7 @@ public final class DefaultPages {
   @NavigationSection(NavigationSection.RESOURCE_TAB)
   @DefaultTab(metrics = {CoreMetrics.DUPLICATED_LINES_KEY, CoreMetrics.DUPLICATED_BLOCKS_KEY, CoreMetrics.DUPLICATED_FILES_KEY, CoreMetrics.DUPLICATED_LINES_DENSITY_KEY})
   @ResourceQualifier({Qualifiers.FILE, Qualifiers.CLASS})
-  @UserRole(UserRole.CODEVIEWER)
+  @UserRole(UserRole.USER)
   private static final class DuplicationsTab implements RubyRailsPage {
     public String getTemplate() {
       return NOT_APPLICABLE;
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb
index 6861d7c4748..285dfd37656 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/resource_controller.rb
@@ -389,4 +389,4 @@ class ResourceController < ApplicationController
     render :partial => 'resource_deleted'
   end
 
-end
\ No newline at end of file
+end
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_duplications.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_duplications.html.erb
index a9cf8d75b52..3760a8456b3 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_duplications.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_duplications.html.erb
@@ -12,77 +12,82 @@
   <div class="duplicationsMessage"><%= @duplication_group_warning -%></div>
   <% end %>
 
-  <table class="data duplications">
-    <thead>
-      <tr>
-        <th class="thin nowrap"><%= message('duplications.blocks') -%></th>
-        <th class="thin nowrap"><%= message('duplications.number_of_lines') -%></th>
-        <th class="thin nowrap"><%= message('duplications.from_line') -%></th>
-        <th class="thin nowrap"><%= message('duplications.file') -%></th>
-        <th><%= message('duplications.details') -%></th>
-      </tr>
-    </thead>
+  <% if has_role?('codeviewer', @resource) %>
+    <table class="data duplications">
+      <thead>
+        <tr>
+          <th class="thin nowrap"><%= message('duplications.blocks') -%></th>
+          <th class="thin nowrap"><%= message('duplications.number_of_lines') -%></th>
+          <th class="thin nowrap"><%= message('duplications.from_line') -%></th>
+          <th class="thin nowrap"><%= message('duplications.file') -%></th>
+          <th><%= message('duplications.details') -%></th>
+        </tr>
+      </thead>
 
-    <tbody>
-    <%
-      @duplication_groups.each_with_index do |group, group_index|
-    %>
-      <tr>
-        <td colspan="5" style="height: 10px"> </td>
-      </tr>
-      <tr id="duplGroup_<%= group_index -%>">
-        <td class="item">
-          <p><b><%=  group.size() -%></b></p>
-        </td>
+      <tbody>
+      <%
+        @duplication_groups.each_with_index do |group, group_index|
+      %>
+        <tr>
+          <td colspan="5" style="height: 10px"> </td>
+        </tr>
+        <tr id="duplGroup_<%= group_index -%>">
+          <td class="item">
+            <p><b><%=  group.size() -%></b></p>
+          </td>
 
-        <td class="item">
-          <% group.each_with_index do |dup, index| %>
-            <p id="duplCount-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>"><%= dup[:lines_count].to_i -%></p>
-          <% end %>
-        </td>
+          <td class="item">
+            <% group.each_with_index do |dup, index| %>
+              <p id="duplCount-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>"><%= dup[:lines_count].to_i -%></p>
+            <% end %>
+          </td>
 
-        <td class="item">
-          <% group.each_with_index do |dup, index| %>
-            <p id="duplFrom-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>"><%= dup[:from_line].to_i -%></p>
-          <% end %>
-        </td>
+          <td class="item">
+            <% group.each_with_index do |dup, index| %>
+              <p id="duplFrom-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>"><%= dup[:from_line].to_i -%></p>
+            <% end %>
+          </td>
 
-        <td class="fileItem">
-          <% group.each_with_index do |dup, index|
-            resource = dup[:resource]
-            external = resource.root_id != @resource.root_id
-            lines_count = dup[:lines_count].to_i
-            from_line = dup[:from_line].to_i
-            included_to_line = from_line + [ResourceHelper::DUPLICATION_SNIPPET_DEFAULT_NB_OF_LINES, lines_count].min - 1
-            lines_count = dup[:lines_count].to_i
-            update_snippet_script = "updateDuplicationLines('#{url_for :action => :show_duplication_snippet, :params => {:id => resource.id, :original_resource_id => @resource.id}}',#{group_index}, #{index}, #{lines_count}, #{from_line}, #{included_to_line});"
-          %>
-            <p id="duplName-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>">
-              <a href="#" onclick="return <%= update_snippet_script -%>;"><%= h resource.name -%></a>
-              <%= image_tag "links/external.png" if external -%>
-            </p>
-          <% end %>
+          <td class="fileItem">
+            <% group.each_with_index do |dup, index|
+              resource = dup[:resource]
+              external = resource.root_id != @resource.root_id
+              lines_count = dup[:lines_count].to_i
+              from_line = dup[:from_line].to_i
+              included_to_line = from_line + [ResourceHelper::DUPLICATION_SNIPPET_DEFAULT_NB_OF_LINES, lines_count].min - 1
+              lines_count = dup[:lines_count].to_i
+              update_snippet_script = "updateDuplicationLines('#{url_for :action => :show_duplication_snippet, :params => {:id => resource.id, :original_resource_id => @resource.id}}',#{group_index}, #{index}, #{lines_count}, #{from_line}, #{included_to_line});"
+            %>
+              <p id="duplName-<%= group_index -%>-<%= index -%>" class="<%= 'selected' if index==0 -%>">
+                <a href="#" onclick="return <%= update_snippet_script -%>;"><%= h resource.name -%></a>
+                <%= image_tag "links/external.png" if external -%>
+              </p>
+            <% end %>
 
-        </td>
+          </td>
 
-        <td class="sourceItem">
-          <%
-            duplication = group[0]
-            resource = duplication[:resource]
-            from_line = duplication[:from_line].to_i
-            lines_count = duplication[:lines_count].to_i
-            external = resource.root_id != @resource.root_id
-            included_to_line = from_line + [ResourceHelper::DUPLICATION_SNIPPET_DEFAULT_NB_OF_LINES, lines_count].min - 1
-          %>
-          <div id="source-<%= group_index -%>">
-            <%= render :partial => 'duplications_source_snippet', :locals => {:resource => resource, :original_resource => @resource, :from_line => from_line, :to_line => included_to_line, :lines_count => lines_count, :external => external, :group_index => group_index} -%>
-          </div>
-        </td>
-      </tr>
-    <%
-        end
-    %>
-    </tbody>
+          <td class="sourceItem">
+            <%
+              duplication = group[0]
+              resource = duplication[:resource]
+              from_line = duplication[:from_line].to_i
+              lines_count = duplication[:lines_count].to_i
+              external = resource.root_id != @resource.root_id
+              included_to_line = from_line + [ResourceHelper::DUPLICATION_SNIPPET_DEFAULT_NB_OF_LINES, lines_count].min - 1
+            %>
+            <div id="source-<%= group_index -%>">
+              <%= render :partial => 'duplications_source_snippet', :locals => {:resource => resource, :original_resource => @resource, :from_line => from_line, :to_line => included_to_line, :lines_count => lines_count, :external => external, :group_index => group_index} -%>
+            </div>
+          </td>
+        </tr>
+      <%
+          end
+      %>
+      </tbody>
 
-  </table>
-<% end %>
\ No newline at end of file
+    </table>
+  <% else %>
+    <div class="note" style="margin: 5px;"><%= message('code_viewer.no_source_code_displayed_due_to_security') -%></div>
+  <% end %>
+
+  <% end %>
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_index.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_index.html.erb
index eea1aa3371f..624ad76e79e 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_index.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_index.html.erb
@@ -15,19 +15,23 @@
     <% end %>
 
     <% if @lines && @lines.size>0 %>
-      <%= render :partial => "shared/source_display", :locals => { :display_manual_violation_form => @display_manual_violation_form, \
-                                                                   :scm_available => @scm_available, \
-                                                                   :display_coverage => @display_coverage, \
-                                                                   :lines => @lines, \
-                                                                   :expanded => @expanded, \
-                                                                   :display_violations => @display_violations, \
-                                                                   :display_issues => @display_issues, \
-                                                                   :has_global_issues => @global_issues && @global_issues.size>0, \
-                                                                   :resource => @resource, \
-                                                                   :snapshot => @snapshot, \
-                                                                   :review_screens_by_vid => @review_screens_by_vid, \
-                                                                   :filtered => @filtered}
-      %>
+      <% if has_role?('codeviewer', @resource) %>
+        <%= render :partial => "shared/source_display", :locals => { :display_manual_violation_form => @display_manual_violation_form,
+                                                                     :scm_available => @scm_available,
+                                                                     :display_coverage => @display_coverage,
+                                                                     :lines => @lines,
+                                                                     :expanded => @expanded,
+                                                                     :display_violations => @display_violations,
+                                                                     :display_issues => @display_issues,
+                                                                     :has_global_issues => @global_issues && @global_issues.size>0,
+                                                                     :resource => @resource,
+                                                                     :snapshot => @snapshot,
+                                                                     :review_screens_by_vid => @review_screens_by_vid,
+                                                                     :filtered => @filtered}%>
+
+      <% else %>
+        <div class="note" style="margin: 5px;"><%= message('code_viewer.no_source_code_displayed_due_to_security') -%></div>
+      <% end %>
     <% end %>
 
     <% if @duplication_groups %>
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_options.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_options.html.erb
index 8d7706cdf9b..2f2901c8369 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_options.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/resource/_options.html.erb
@@ -1,4 +1,4 @@
-<% display_options = @scm_available || @expandable || @filtered || @display_issues
+<% display_options = (@scm_available || @expandable || @filtered || @display_issues) && has_role?('codeviewer', @resource)
    if display_options
 %>
 
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/shared/_source_display.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/shared/_source_display.erb
index e48fcafaa35..d24cae1a30e 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/shared/_source_display.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/shared/_source_display.erb
@@ -76,9 +76,9 @@
       <tr class="row pos<%= index+1 -%>">
 
           <% if display_manual_violation_form %>
-            <%= render :partial => "shared/source_issue_form", :locals => { :resource_id => resource.id, \
-                                                                                :index => index, \
-                                                                                :gray_colspan => gray_colspan, \
+            <%= render :partial => "shared/source_issue_form", :locals => { :resource_id => resource.id,
+                                                                                :index => index,
+                                                                                :gray_colspan => gray_colspan,
                                                                                 :white_colspan => white_colspan} %>
           <% end %>
 
@@ -99,9 +99,9 @@
           <%= render :partial => "shared/source_line_numbers", :locals => {:index => line.id} %>
 
           <% if display_coverage %>
-            <%= render :partial => "shared/source_coverage", :locals => {:line => line, \
-                                                                          :statuses => {:hits => hits_status, :conditions => conditions_status}, \
-                                                                          :index => index, \
+            <%= render :partial => "shared/source_coverage", :locals => {:line => line,
+                                                                          :statuses => {:hits => hits_status, :conditions => conditions_status},
+                                                                          :index => index,
                                                                           :resource_key => snapshot.resource.key} %>
           <% end %>
 
@@ -110,8 +110,8 @@
       </tr>
 
       <% if display_issues && line.issues? %>
-        <%= render :partial => "shared/source_issues", :locals => { :line => line, \
-                                                                    :display_manual_violation_form => display_manual_violation_form, \
+        <%= render :partial => "shared/source_issues", :locals => { :line => line,
+                                                                    :display_manual_violation_form => display_manual_violation_form,
                                                                     :scm_available => scm_available} %>
       <% end %>
 
-- 
cgit v1.2.3