Merge branch 'issue_338706_add_read_usage_quota' into 'master'

Added read_usage_quotas ability to ProjectPolicy See merge request gitlab-org/gitlab!82396

Merge branch 'issue_338706_add_read_usage_quota' into 'master'
Added read_usage_quotas ability to ProjectPolicy See merge request gitlab-org/gitlab!82396
1023f7c2 · Markus Koller · b8410b37 · efcc97cc · 1023f7c2 · 1023f7c2
Commit 1023f7c2 authored Mar 28, 2022 by Markus Koller
4 changed files
--- a/app/controllers/projects/usage_quotas_controller.rb
+++ b/app/controllers/projects/usage_quotas_controller.rb
 # frozen_string_literal: true

 class Projects::UsageQuotasController < Projects::ApplicationController
-  before_action :authorize_admin_project!
+  before_action :authorize_read_usage_quotas!

  layout "project_settings"


--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -724,6 +724,10 @@ class ProjectPolicy < BasePolicy
    enable :create_resource_access_tokens
  end

+  rule { can?(:admin_project) }.policy do
+    enable :read_usage_quotas
+  end
+
  rule { can?(:project_bot_access) }.policy do
    prevent :create_resource_access_tokens
  end

--- a/spec/controllers/projects/usage_quotas_controller_spec.rb
+++ b/spec/controllers/projects/usage_quotas_controller_spec.rb
@@ -4,17 +4,44 @@ require 'spec_helper'

 RSpec.describe Projects::UsageQuotasController do
  let_it_be(:user) { create(:user) }
-  let_it_be(:project) { create(:project, namespace: user.namespace) }
+  let_it_be(:group) { create(:group) }
+  let_it_be(:project) { create(:project, group: group) }

  describe 'GET #index' do
    render_views

-    it 'does not render search settings partial' do
+    subject { get(:index, params: { namespace_id: project.namespace, project_id: project }) }
+
+    before do
      sign_in(user)
-      get(:index, params: { namespace_id: user.namespace, project_id: project })
+    end
+
+    context 'when user does not have read_usage_quotas permission' do
+      before do
+        project.add_developer(user)
+      end
+
+      it 'renders not_found' do
+        subject
+
+        expect(response).to render_template('errors/not_found')
+        expect(response).not_to render_template('shared/search_settings')
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
+    context 'when user has read_usage_quotas permission' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      it 'renders index with 200 status code' do
+        subject

-      expect(response).to render_template('index')
-      expect(response).not_to render_template('shared/search_settings')
+        expect(response).to render_template('index')
+        expect(response).not_to render_template('shared/search_settings')
+        expect(response).to have_gitlab_http_status(:ok)
+      end
    end
  end
 end
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -309,6 +309,36 @@ RSpec.describe ProjectPolicy do
    end
  end

+  context 'reading usage quotas' do
+    %w(maintainer owner).each do |role|
+      context "with #{role}" do
+        let(:current_user) { send(role) }
+
+        it { is_expected.to be_allowed(:read_usage_quotas) }
+      end
+    end
+
+    %w(guest reporter developer anonymous).each do |role|
+      context "with #{role}" do
+        let(:current_user) { send(role) }
+
+        it { is_expected.to be_disallowed(:read_usage_quotas) }
+      end
+    end
+
+    context 'with an admin' do
+      let(:current_user) { admin }
+
+      context 'when admin mode is enabled', :enable_admin_mode do
+        it { expect_allowed(:read_usage_quotas) }
+      end
+
+      context 'when admin mode is disabled' do
+        it { expect_disallowed(:read_usage_quotas) }
+      end
+    end
+  end
+
  it_behaves_like 'clusterable policies' do
    let_it_be(:clusterable) { create(:project, :repository) }
    let_it_be(:cluster) do