Commit 2fc4e258 authored by Mark Chao's avatar Mark Chao

Merge branch 'sk/356366-rename-policy' into 'master'

Rename read policy for security orchestration policies

See merge request gitlab-org/gitlab!83649
parents 81ed078a 1149c944
...@@ -5,7 +5,7 @@ module Projects ...@@ -5,7 +5,7 @@ module Projects
class PoliciesController < Projects::ApplicationController class PoliciesController < Projects::ApplicationController
include SecurityAndCompliancePermissions include SecurityAndCompliancePermissions
before_action :authorize_security_orchestration_policies! before_action :authorize_read_security_orchestration_policies!
before_action :validate_policy_configuration, only: :edit before_action :validate_policy_configuration, only: :edit
before_action do before_action do
......
...@@ -8,7 +8,7 @@ module Mutations ...@@ -8,7 +8,7 @@ module Mutations
include FindsProjectOrGroupForSecurityPolicies include FindsProjectOrGroupForSecurityPolicies
authorize :security_orchestration_policies authorize :read_security_orchestration_policies
argument :full_path, GraphQL::Types::String, argument :full_path, GraphQL::Types::String,
required: false, required: false,
......
...@@ -14,7 +14,7 @@ module ResolvesOrchestrationPolicy ...@@ -14,7 +14,7 @@ module ResolvesOrchestrationPolicy
def authorize! def authorize!
Ability.allowed?( Ability.allowed?(
context[:current_user], :security_orchestration_policies, policy_configuration.security_policy_management_project context[:current_user], :read_security_orchestration_policies, policy_configuration.security_policy_management_project
) || raise_resource_not_available_error! ) || raise_resource_not_available_error!
end end
......
...@@ -311,7 +311,7 @@ module EE ...@@ -311,7 +311,7 @@ module EE
end end
rule { security_orchestration_policies_enabled & can?(:developer_access) }.policy do rule { security_orchestration_policies_enabled & can?(:developer_access) }.policy do
enable :security_orchestration_policies enable :read_security_orchestration_policies
end end
rule { security_dashboard_enabled & developer }.policy do rule { security_dashboard_enabled & developer }.policy do
......
...@@ -199,7 +199,7 @@ module EE ...@@ -199,7 +199,7 @@ module EE
rule { can?(:read_project) & iterations_available }.enable :read_iteration rule { can?(:read_project) & iterations_available }.enable :read_iteration
rule { security_orchestration_policies_enabled & can?(:developer_access) }.policy do rule { security_orchestration_policies_enabled & can?(:developer_access) }.policy do
enable :security_orchestration_policies enable :read_security_orchestration_policies
end end
rule { security_orchestration_policies_enabled & can?(:owner_access) }.policy do rule { security_orchestration_policies_enabled & can?(:owner_access) }.policy do
......
...@@ -145,7 +145,7 @@ module EE ...@@ -145,7 +145,7 @@ module EE
end end
def scan_policies_menu_item def scan_policies_menu_item
unless can?(context.current_user, :security_orchestration_policies, context.project) unless can?(context.current_user, :read_security_orchestration_policies, context.project)
return ::Sidebars::NilMenuItem.new(item_id: :scan_policies) return ::Sidebars::NilMenuItem.new(item_id: :scan_policies)
end end
......
...@@ -125,7 +125,7 @@ module Sidebars ...@@ -125,7 +125,7 @@ module Sidebars
def group_level_security_policies_available? def group_level_security_policies_available?
Feature.enabled?(:group_level_security_policies, context.group, default_enabled: :yaml) && Feature.enabled?(:group_level_security_policies, context.group, default_enabled: :yaml) &&
can?(context.current_user, :security_orchestration_policies, context.group) can?(context.current_user, :read_security_orchestration_policies, context.group)
end end
def audit_events_menu_item def audit_events_menu_item
......
...@@ -922,7 +922,7 @@ RSpec.describe GroupPolicy do ...@@ -922,7 +922,7 @@ RSpec.describe GroupPolicy do
with_them do with_them do
let(:current_user) { public_send(role) } let(:current_user) { public_send(role) }
it { is_expected.to be_allowed(:security_orchestration_policies) } it { is_expected.to be_allowed(:read_security_orchestration_policies) }
end end
end end
...@@ -932,7 +932,7 @@ RSpec.describe GroupPolicy do ...@@ -932,7 +932,7 @@ RSpec.describe GroupPolicy do
with_them do with_them do
let(:current_user) { public_send(role) } let(:current_user) { public_send(role) }
it { is_expected.to be_allowed(:security_orchestration_policies) } it { is_expected.to be_allowed(:read_security_orchestration_policies) }
end end
end end
end end
...@@ -1947,7 +1947,7 @@ RSpec.describe GroupPolicy do ...@@ -1947,7 +1947,7 @@ RSpec.describe GroupPolicy do
with_them do with_them do
let(:current_user) { public_send(role) } let(:current_user) { public_send(role) }
it { is_expected.to be_disallowed(:security_orchestration_policies) } it { is_expected.to be_disallowed(:read_security_orchestration_policies) }
it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) } it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
end end
end end
...@@ -1958,7 +1958,7 @@ RSpec.describe GroupPolicy do ...@@ -1958,7 +1958,7 @@ RSpec.describe GroupPolicy do
with_them do with_them do
let(:current_user) { public_send(role) } let(:current_user) { public_send(role) }
it { is_expected.to be_disallowed(:security_orchestration_policies) } it { is_expected.to be_disallowed(:read_security_orchestration_policies) }
it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) } it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
end end
end end
...@@ -1975,7 +1975,7 @@ RSpec.describe GroupPolicy do ...@@ -1975,7 +1975,7 @@ RSpec.describe GroupPolicy do
with_them do with_them do
let(:current_user) { public_send(role) } let(:current_user) { public_send(role) }
it { is_expected.to be_allowed(:security_orchestration_policies) } it { is_expected.to be_allowed(:read_security_orchestration_policies) }
it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) } it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
end end
end end
...@@ -1986,7 +1986,7 @@ RSpec.describe GroupPolicy do ...@@ -1986,7 +1986,7 @@ RSpec.describe GroupPolicy do
with_them do with_them do
let(:current_user) { public_send(role) } let(:current_user) { public_send(role) }
it { is_expected.to be_allowed(:security_orchestration_policies) } it { is_expected.to be_allowed(:read_security_orchestration_policies) }
it { is_expected.to be_allowed(:update_security_orchestration_policy_project) } it { is_expected.to be_allowed(:update_security_orchestration_policy_project) }
end end
end end
......
...@@ -779,7 +779,7 @@ RSpec.describe ProjectPolicy do ...@@ -779,7 +779,7 @@ RSpec.describe ProjectPolicy do
with_them do with_them do
let(:current_user) { public_send(role) } let(:current_user) { public_send(role) }
it { is_expected.to be_allowed(:security_orchestration_policies) } it { is_expected.to be_allowed(:read_security_orchestration_policies) }
it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) } it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
end end
end end
...@@ -790,7 +790,7 @@ RSpec.describe ProjectPolicy do ...@@ -790,7 +790,7 @@ RSpec.describe ProjectPolicy do
with_them do with_them do
let(:current_user) { public_send(role) } let(:current_user) { public_send(role) }
it { is_expected.to be_allowed(:security_orchestration_policies) } it { is_expected.to be_allowed(:read_security_orchestration_policies) }
it { is_expected.to be_allowed(:update_security_orchestration_policy_project) } it { is_expected.to be_allowed(:update_security_orchestration_policy_project) }
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment