Add EEP license checks

app/models/license.rb

@@ -20,6 +20,7 @@ class License < ActiveRecord::Base
   ISSUE_BOARD_MILESTONE_FEATURE = 'GitLab_IssueBoardMilestone'.freeze
   ISSUE_WEIGHTS_FEATURE = 'GitLab_IssueWeights'.freeze
   JENKINS_INTEGRATION_FEATURE = 'GitLab_JenkinsIntegration'.freeze
+  JIRA_DEV_PANEL_INTEGRATION_FEATURE = 'GitLab_JiraDevelopmentPanelIntegration'.freeze
   LDAP_EXTRAS_FEATURE = 'GitLab_LdapExtras'.freeze
   MERGE_REQUEST_APPROVERS_FEATURE = 'GitLab_MergeRequestApprovers'.freeze
   MERGE_REQUEST_REBASE_FEATURE = 'GitLab_MergeRequestRebase'.freeze
@@ -63,6 +64,7 @@ class License < ActiveRecord::Base
     issue_board_milestone: ISSUE_BOARD_MILESTONE_FEATURE,
     issue_weights: ISSUE_WEIGHTS_FEATURE,
     jenkins_integration: JENKINS_INTEGRATION_FEATURE,
+    jira_dev_panel_integration: JIRA_DEV_PANEL_INTEGRATION_FEATURE,
     merge_request_approvers: MERGE_REQUEST_APPROVERS_FEATURE,
     merge_request_rebase: MERGE_REQUEST_REBASE_FEATURE,
     merge_request_squash: MERGE_REQUEST_SQUASH_FEATURE,
@@ -114,6 +116,7 @@ class License < ActiveRecord::Base
     { FILE_LOCKS_FEATURE => 1 },
     { GEO_FEATURE => 1 },
     { OBJECT_STORAGE_FEATURE => 1 },
+    { JIRA_DEV_PANEL_INTEGRATION_FEATURE => 1 },
     { SERVICE_DESK_FEATURE => 1 },
     { VARIABLE_ENVIRONMENT_SCOPE_FEATURE => 1 }
   ].freeze

ee/app/policies/ee/project_policy.rb

@@ -12,6 +12,11 @@ module EE
       with_scope :subject
       condition(:deploy_board_disabled) { !@subject.feature_available?(:deploy_board) }
 
+      with_scope :subject
+      condition(:jira_dev_panel_integration_disabled) do
+        !@subject.feature_available?(:jira_dev_panel_integration)
+      end
+
       with_scope :global
       condition(:is_development) { Rails.env.development? }
 
@@ -34,12 +39,17 @@ module EE
         prevent :admin_issue_link
       end
 
+      rule { jira_dev_panel_integration_disabled }.policy do
+        prevent :integrate_to_jira_dev_panel
+      end
+
       rule { can?(:read_issue) }.enable :read_issue_link
 
       rule { can?(:reporter_access) }.policy do
         enable :admin_board
         enable :read_deploy_board
         enable :admin_issue_link
+        enable :integrate_to_jira_dev_panel
       end
 
       rule { can?(:developer_access) }.enable :admin_board

lib/api/entities.rb

@@ -1113,13 +1113,13 @@ module API
         expose :id, as: :sha
         expose :author do |commit|
           {
-            login: commit.author.username,
+            login: commit.author&.username,
             email: commit.author_email
           }
         end
         expose :committer do |commit|
           {
-            login: commit.author.username,
+            login: commit.author&.username,
             email: commit.committer_email
           }
         end

lib/api/v3/github_repos.rb

@@ -8,6 +8,12 @@ module API
           requires :namespace, type: String
           requires :project, type: String
         end
+
+        def find_project_with_access(full_path, access_level = :integrate_to_jira_dev_panel)
+          project = find_project!(full_path)
+          authorize! access_level, project
+          project
+        end
       end
 
       resource :orgs do
@@ -24,8 +30,9 @@ module API
 
       resource :users do
         get ':namespace/repos' do
-          present paginate(current_user.authorized_projects),
-                  with: ::API::Entities::Github::Repository
+          projects = current_user.authorized_projects.select { |project| can?(current_user, :integrate_to_jira_dev_panel, project) }
+          projects = ::Kaminari.paginate_array(projects)
+          present paginate(projects), with: ::API::Entities::Github::Repository
         end
       end
 
@@ -40,7 +47,7 @@ module API
         get ':namespace/:project/branches' do
           namespace = params[:namespace]
           project = params[:project]
-          user_project = find_project!("#{namespace}/#{project}")
+          user_project = find_project_with_access("#{namespace}/#{project}")
 
           branches = ::Kaminari.paginate_array(user_project.repository.branches.sort_by(&:name))
 
@@ -55,7 +62,7 @@ module API
         get ':namespace/:project/commits/:sha' do
           namespace = params[:namespace]
           project = params[:project]
-          user_project = find_project!("#{namespace}/#{project}")
+          user_project = find_project_with_access("#{namespace}/#{project}")
 
           commit = user_project.commit(params[:sha])
 

spec/requests/api/v3/github_repos_spec.rb

@@ -21,7 +21,7 @@ describe API::V3::GithubRepos do
 
   describe 'GET /user/repos' do
     it 'returns an empty array' do
-      get v3_api("/user/repos", user)
+      get v3_api('/user/repos', user)
 
       expect(response).to have_http_status(200)
       expect(json_response).to eq([])
@@ -30,7 +30,7 @@ describe API::V3::GithubRepos do
 
   describe 'GET /-/jira/pulls' do
     it 'returns an empty array' do
-      get v3_api("/repos/-/jira/pulls", user)
+      get v3_api('/repos/-/jira/pulls', user)
 
       expect(response).to have_http_status(200)
       expect(json_response).to eq([])
@@ -40,12 +40,13 @@ describe API::V3::GithubRepos do
   describe 'GET /users/:id/repos' do
     context 'authenticated' do
       it 'returns an array of projects with github format' do
+        stub_licensed_features(jira_dev_panel_integration: true)
+
         group = create(:group)
         create(:project, group: group)
-
         group.add_master(user)
 
-        get v3_api("/users/whatever/repos", user)
+        get v3_api('/users/foo/repos', user)
 
         expect(response).to have_http_status(200)
         expect(json_response).to be_an(Array)
@@ -60,54 +61,101 @@ describe API::V3::GithubRepos do
 
     context 'unauthenticated' do
       it 'returns 401' do
-        get v3_api("/users/whatever/repos", nil)
+        get v3_api("/users/foo/repos", nil)
 
         expect(response).to have_http_status(401)
       end
     end
+
+    it 'filters unlicensed namespace projects' do
+      silver_plan = Plan.find_by!(name: 'silver')
+      licensed_project = create(:project, :empty_repo)
+      licensed_project.add_reporter(user)
+      licensed_project.namespace.update!(plan_id: silver_plan.id)
+
+      stub_licensed_features(jira_dev_panel_integration: true)
+      stub_application_setting_on_object(project, should_check_namespace_plan: true)
+      stub_application_setting_on_object(licensed_project, should_check_namespace_plan: true)
+
+      get v3_api('/users/foo/repos', user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response.size).to eq(1)
+      expect(json_response.first['id']).to eq(licensed_project.id)
+    end
   end
 
-  describe 'GET /repos/:namespace/:repo/branches' do
+  describe 'GET /repos/:namespace/:project/branches' do
     context 'authenticated' do
-      context 'when user namespace path' do
-        it 'returns an array of project branches with github format' do
-          get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", user)
-
-          expect(response).to have_http_status(200)
-          expect(json_response).to be_an(Array)
-          expect(json_response.first.keys).to contain_exactly('name', 'commit')
-          expect(json_response.first['commit'].keys).to contain_exactly('sha', 'type')
-        end
+      it 'returns an array of project branches with github format' do
+        stub_licensed_features(jira_dev_panel_integration: true)
+
+        get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", user)
+
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_an(Array)
+        expect(json_response.first.keys).to contain_exactly('name', 'commit')
+        expect(json_response.first['commit'].keys).to contain_exactly('sha', 'type')
       end
     end
 
     context 'unauthenticated' do
+      before do
+      end
+
       it 'returns 401' do
+        stub_licensed_features(jira_dev_panel_integration: true)
+
         get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", nil)
 
         expect(response).to have_http_status(401)
       end
     end
+
+    context 'unauthorized' do
+      it 'returns 403 when lower access level' do
+        unauthorized_user = create(:user)
+        project.add_guest(unauthorized_user)
+
+        get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", unauthorized_user)
+
+        expect(response).to have_http_status(403)
+      end
+
+      it 'returns 403 when not licensed' do
+        stub_licensed_features(jira_dev_panel_integration: false)
+        unauthorized_user = create(:user)
+        project.add_reporter(unauthorized_user)
+
+        get v3_api("/repos/#{project.namespace.path}/#{project.path}/branches", unauthorized_user)
+
+        expect(response).to have_http_status(403)
+      end
+    end
   end
 
-  describe 'GET /repos/:namespace/:repo/commits/:sha' do
+  describe 'GET /repos/:namespace/:project/commits/:sha' do
     let(:commit) { project.repository.commit }
     let(:commit_id) { commit.id }
 
     context 'authenticated' do
-      it 'returns commit with expected format' do
+      it 'returns commit with github format' do
+        stub_licensed_features(jira_dev_panel_integration: true)
+
         get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}", user)
 
         commit_author = {
           'name' => commit.author_name,
           'email' => commit.author_email,
-          'date' => commit.authored_date.iso8601(3)
+          'date' => commit.authored_date.iso8601,
+          'type' => 'User'
         }
 
         commit_committer = {
           'name' => commit.committer_name,
           'email' => commit.committer_email,
-          'date' => commit.committed_date.iso8601(3)
+          'date' => commit.committed_date.iso8601,
+          'type' => 'User'
         }
 
         parent_commits = commit.parent_ids.map { |id| { 'sha' => id } }
@@ -128,5 +176,28 @@ describe API::V3::GithubRepos do
         expect(response).to have_http_status(401)
       end
     end
+
+    context 'unauthorized' do
+      it 'returns 403 when lower access level' do
+        unauthorized_user = create(:user)
+        project.add_guest(unauthorized_user)
+
+        get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}",
+                   unauthorized_user)
+
+        expect(response).to have_http_status(403)
+      end
+
+      it 'returns 403 when not licensed' do
+        stub_licensed_features(jira_dev_panel_integration: false)
+        unauthorized_user = create(:user)
+        project.add_reporter(unauthorized_user)
+
+        get v3_api("/repos/#{project.namespace.path}/#{project.path}/commits/#{commit_id}",
+                   unauthorized_user)
+
+        expect(response).to have_http_status(403)
+      end
+    end
   end
 end