changeset 47:ac1c53584add

reported 'access denied per project' error while downloading pdb's
author Evgeniy.Koshkin
date Tue, 01 Oct 2013 10:54:38 +0400
parents dc2b9737654f
children c6dfb8e038ce
files server/src/jetbrains/buildServer/symbols/DownloadSymbolsController.java
diffstat 1 files changed, 14 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/server/src/jetbrains/buildServer/symbols/DownloadSymbolsController.java	Wed Sep 04 19:29:47 2013 +0400
+++ b/server/src/jetbrains/buildServer/symbols/DownloadSymbolsController.java	Tue Oct 01 10:54:38 2013 +0400
@@ -23,6 +23,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.BufferedOutputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.util.Iterator;
 import java.util.Map;
@@ -90,10 +91,19 @@
 
     final SUser user = myAuthHelper.getAuthenticatedUser(request, response, new Predicate<SUser>() {
       public boolean apply(SUser user) {
-        final String projectId = findRelatedProjectId(guid);
-        if(projectId == null) return false;
-        //TODO: response.sendError(HttpServletResponse.SC_FORBIDDEN, "You have no permissions to download PDB files.");
-        return user.isPermissionGrantedForProject(projectId, Permission.VIEW_BUILD_RUNTIME_DATA);
+        try{
+          final String projectId = findRelatedProjectId(guid);
+          if(projectId == null) {
+            WebUtil.notFound(request, response, "File not found", null);
+            return false;
+          }
+          boolean hasPermissions = user.isPermissionGrantedForProject(projectId, Permission.VIEW_BUILD_RUNTIME_DATA);
+          if(!hasPermissions) response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format("You have no access to PDB files in the project with id %s.", projectId));
+          return hasPermissions;
+        } catch (IOException e) {
+          LOG.debug(e);
+          return false;
+        }
       }
     });
     if (user == null) return null;