Allow auditor to view devops adoption analytics

The auditor role should be able to view devops adoption analytics of a group they are not a member of, as per our docs. Changelog: fixed EE: true

Allow auditor to view devops adoption analytics
The auditor role should be able to view devops adoption analytics of a group they are not a member of, as per our docs. Changelog: fixed EE: true
3aa656ad · Magdalena Frankiewicz · Vasilii Iakliushin · 7fd24446 · 3aa656ad · 3aa656ad
Commit 3aa656ad authored Mar 28, 2022 by Magdalena Frankiewicz Committed by Vasilii Iakliushin Mar 30, 2022
3 changed files
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -173,6 +173,7 @@ module EE

      rule { auditor }.policy do
        enable :view_productivity_analytics
+        enable :view_group_devops_adoption
      end

      rule { owner | admin }.policy do

--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -1731,6 +1731,7 @@ RSpec.describe GroupPolicy do
        :reporter         | true
        :guest            | false
        :non_group_member | false
+        :auditor          | true
      end

      before do

--- a/ee/spec/requests/groups/analytics/devops_adoption_controller_spec.rb
+++ b/ee/spec/requests/groups/analytics/devops_adoption_controller_spec.rb
@@ -17,33 +17,59 @@ RSpec.describe Groups::Analytics::DevopsAdoptionController do
      get group_analytics_devops_adoption_path(group)
    end

-    before do
-      group.add_maintainer(current_user)
+    context 'when user is not authorized to view devops adoption analytics' do
+      before do
+        allow(Ability).to receive(:allowed?).and_call_original
+        expect(Ability).to receive(:allowed?).with(current_user, :read_group, group).and_return(true)
+        expect(Ability).to receive(:allowed?).with(current_user, :view_group_devops_adoption, group).and_return(false)
+      end
+
+      it 'renders 403, forbidden error' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:forbidden)
+      end
    end

-    it 'renders the devops adoption page' do
-      subject
+    context 'when user is an auditor' do
+      let(:current_user) { create(:user, :auditor) }
+
+      it 'allows access' do
+        subject

-      expect(response).to render_template :show
+        expect(response).to have_gitlab_http_status(:success)
+      end
    end

-    context 'when the feature is not available' do
+    context 'when the user is a group maintainer' do
      before do
-        stub_licensed_features(group_level_devops_adoption: false)
+        group.add_maintainer(current_user)
      end

-      it 'renders forbidden' do
+      it 'renders the devops adoption page' do
        subject

-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to render_template :show
      end
-    end

-    it 'tracks devops_adoption usage event' do
-      expect(Gitlab::UsageDataCounters::HLLRedisCounter)
-        .to receive(:track_event).with('users_viewing_analytics_group_devops_adoption', values: kind_of(String))
+      context 'when the feature is not available' do
+        before do
+          stub_licensed_features(group_level_devops_adoption: false)
+        end

-      subject
+        it 'renders forbidden' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end
+      end
+
+      it 'tracks devops_adoption usage event' do
+        expect(Gitlab::UsageDataCounters::HLLRedisCounter)
+          .to receive(:track_event).with('users_viewing_analytics_group_devops_adoption', values: kind_of(String))
+
+        subject
+      end
    end
  end
 end