Append logs_path based on user entitlements

To avoid presenting un reachable links to users with to low entitlement level we should check user permissions before logs_path link is appended.

Append logs_path based on user entitlements
To avoid presenting un reachable links to users with to low entitlement level we should check user permissions before logs_path link is appended.
0a1160cb · Mikolaj Wawrzyniak · 63c48c56 · 0a1160cb · 0a1160cb · 0a1160cb
Commit 0a1160cb authored Feb 25, 2020 by Mikolaj Wawrzyniak
3 changed files
--- a/changelogs/unreleased/mwaw-remove_logs_path_for_not_authorised_users.yml
+++ b/changelogs/unreleased/mwaw-remove_logs_path_for_not_authorised_users.yml
+---
+title: Remove unreachable link from embded dashboard context menu
+merge_request: 25892
+author:
+type: fixed
--- a/ee/app/helpers/ee/environments_helper.rb
+++ b/ee/app/helpers/ee/environments_helper.rb
@@ -45,9 +45,9 @@ module EE
        "validate-query-path" => validate_query_project_prometheus_metrics_path(project),
        "custom-metrics-available" => "#{custom_metrics_available?(project)}",
        "alerts-endpoint" => project_prometheus_alerts_path(project, environment_id: environment.id, format: :json),
-        "prometheus-alerts-available" => "#{can?(current_user, :read_prometheus_alerts, project)}",
-        "logs_path" => project_logs_path(project, environment_name: environment.name)
+        "prometheus-alerts-available" => "#{can?(current_user, :read_prometheus_alerts, project)}"
      }
+      ee_metrics_data["logs_path"] = project_logs_path(project, environment_name: environment.name) if can?(current_user, :read_pod_logs, project)

      super.merge(ee_metrics_data)
    end

--- a/ee/spec/helpers/ee/environments_helper_spec.rb
+++ b/ee/spec/helpers/ee/environments_helper_spec.rb
@@ -10,25 +10,49 @@ describe EnvironmentsHelper do
  describe '#metrics_data' do
    subject { helper.metrics_data(project, environment) }

-    before do
-      allow(helper).to receive(:current_user).and_return(user)
-      allow(helper).to receive(:can?)
-        .with(user, :read_prometheus_alerts, project)
-        .and_return(true)
-      allow(helper).to receive(:can?)
-        .with(user, :admin_project, project)
-        .and_return(true)
+    context 'user has all accesses' do
+      before do
+        allow(helper).to receive(:current_user).and_return(user)
+        allow(helper).to receive(:can?)
+          .with(user, :read_prometheus_alerts, project)
+          .and_return(true)
+        allow(helper).to receive(:can?)
+          .with(user, :admin_project, project)
+          .and_return(true)
+        allow(helper).to receive(:can?)
+          .with(user, :read_pod_logs, project)
+          .and_return(true)
+      end
+
+      it 'returns additional configuration' do
+        expect(subject).to include(
+          'custom-metrics-path' => project_prometheus_metrics_path(project),
+          'validate-query-path' => validate_query_project_prometheus_metrics_path(project),
+          'custom-metrics-available' => 'false',
+          'alerts-endpoint' => project_prometheus_alerts_path(project, environment_id: environment.id, format: :json),
+          'prometheus-alerts-available' => 'true',
+          'logs_path' => project_logs_path(project, environment_name: environment.name)
+        )
+      end
    end

-    it 'returns additional configuration' do
-      expect(subject).to include(
-        'custom-metrics-path' => project_prometheus_metrics_path(project),
-        'validate-query-path' => validate_query_project_prometheus_metrics_path(project),
-        'custom-metrics-available' => 'false',
-        'alerts-endpoint' => project_prometheus_alerts_path(project, environment_id: environment.id, format: :json),
-        'prometheus-alerts-available' => 'true',
-        'logs_path' => project_logs_path(project, environment_name: environment.name)
-      )
+    context 'user does not have access to pod logs' do
+      before do
+        allow(helper).to receive(:current_user).and_return(user)
+        allow(helper).to receive(:can?)
+                           .with(user, :read_prometheus_alerts, project)
+                           .and_return(true)
+        allow(helper).to receive(:can?)
+                           .with(user, :admin_project, project)
+                           .and_return(true)
+        allow(helper).to receive(:can?)
+                           .with(user, :read_pod_logs, project)
+                           .and_return(false)
+      end
+
+      it 'returns additional configuration' do
+        expect(subject.keys).not_to include('logs_path')
+      end
    end
  end