Merge branch '355533-fix-auditor-permissions-for-repository-analytics' into 'master'

Allow auditor to view repository analytics See merge request gitlab-org/gitlab!84047

Merge branch '355533-fix-auditor-permissions-for-repository-analytics' into 'master'
Allow auditor to view repository analytics See merge request gitlab-org/gitlab!84047
4d8fc8eb · Aleksei Lipniagov · 2020023d · 7de245e4 · 4d8fc8eb · 4d8fc8eb
Commit 4d8fc8eb authored Mar 31, 2022 by Aleksei Lipniagov
3 changed files
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -174,6 +174,7 @@ module EE
      rule { auditor }.policy do
        enable :view_productivity_analytics
        enable :view_group_devops_adoption
+        enable :read_group_repository_analytics
      end

      rule { owner | admin }.policy do

--- a/ee/spec/controllers/groups/analytics/repository_analytics_controller_spec.rb
+++ b/ee/spec/controllers/groups/analytics/repository_analytics_controller_spec.rb
@@ -65,6 +65,12 @@ RSpec.describe Groups::Analytics::RepositoryAnalyticsController do
      end

      it { is_expected.to have_gitlab_http_status(:forbidden) }
+
+      context 'when the user is an auditor' do
+        let(:current_user) { create(:user, :auditor) }
+
+        it { is_expected.to have_gitlab_http_status(:success) }
+      end
    end
  end
 end
--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -309,6 +309,12 @@ RSpec.describe GroupPolicy do

      it { is_expected.to be_allowed(:read_group_repository_analytics) }
    end
+
+    context 'for auditor' do
+      let(:current_user) { auditor }
+
+      it { is_expected.to be_allowed(:read_group_repository_analytics) }
+    end
  end

  context 'when group repository analytics is not available' do