Commit 25907d0f authored by Kamil Trzciński's avatar Kamil Trzciński

Limit feature flags to EEP

parent 6e01d70d
......@@ -67,6 +67,7 @@ class License < ActiveRecord::Base
custom_project_templates
packages
code_owner_as_approver_suggestion
feature_flags
].freeze
EEU_FEATURES = EEP_FEATURES + %i[
......
......@@ -65,6 +65,11 @@ module EE
@subject.feature_available?(:license_management)
end
with_scope :subject
condition(:feature_flags_disabled) do
!@subject.feature_available?(:feature_flags)
end
rule { admin }.enable :change_repository_storage
rule { support_bot }.enable :guest_access
......@@ -122,6 +127,10 @@ module EE
prevent(*create_read_update_admin_destroy(:package))
end
rule { feature_flags_disabled }.policy do
prevent(*create_read_update_admin_destroy(:feature_flag))
end
rule { can?(:maintainer_access) }.policy do
enable :push_code_to_protected_branches
enable :admin_path_locks
......
......@@ -10,7 +10,8 @@ module API
end
route_param :project_id do
before do
authenticate_by_unleash_instanceid!
authorize_by_unleash_instanceid!
authorize_feature_flags_feature!
end
get 'features' do
......@@ -39,10 +40,14 @@ module API
params[:instanceid] || env['HTTP_UNLEASH_INSTANCEID']
end
def authenticate_by_unleash_instanceid!
def authorize_by_unleash_instanceid!
unauthorized! unless Operations::FeatureFlagsClient
.find_for_project_and_token(project, unleash_instanceid)
end
def authorize_feature_flags_feature!
forbidden! unless project.feature_available?(:feature_flags)
end
end
end
end
......@@ -5,11 +5,13 @@ describe Projects::FeatureFlagsController do
set(:user) { create(:user) }
set(:project) { create(:project) }
let(:feature_enabled) { true }
before do
project.add_developer(user)
sign_in(user)
stub_licensed_features(feature_flags: feature_enabled)
end
describe 'GET index' do
......@@ -44,6 +46,18 @@ describe Projects::FeatureFlagsController do
expect(response).to render_template('_new_feature_flag_button')
end
end
context 'when feature is not available' do
let(:feature_enabled) { false }
before do
subject
end
it 'shows not found' do
expect(subject).to have_gitlab_http_status(404)
end
end
end
describe 'GET new' do
......
......@@ -3,9 +3,14 @@ require 'spec_helper'
describe API::Unleash do
set(:project) { create(:project) }
let(:project_id) { project.id }
let(:feature_enabled) { true }
let(:params) { }
let(:headers) { }
before do
stub_licensed_features(feature_flags: feature_enabled)
end
shared_examples 'authenticated request' do
context 'when using instanceid' do
let(:client) { create(:operations_feature_flags_client, project: project) }
......@@ -16,6 +21,16 @@ describe API::Unleash do
expect(response).to have_gitlab_http_status(200)
end
context 'when feature is not available' do
let(:feature_enabled) { false }
it 'responds with forbidden' do
subject
expect(response).to have_gitlab_http_status(403)
end
end
end
context 'when using header' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment