Skip to content

G
gitlab-ce
Commit 5f3e7c13 authored by Sean Arnold's avatar Sean Arnold
Browse files
Options

Add update_issuable_metric_image ability 

Use this for metric image update
parent 916cd6bd
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 10 deletions
ee/app/policies/ee/issuable_policy.rb
View file @ 5f3e7c13
...@@ -31,11 +31,13 @@ module EE ...@@ -31,11 +31,13 @@ module EE
end end
rule { is_author | can?(:create_issue) & can?(:update_issue) }.policy do rule { is_author | can?(:create_issue) & can?(:update_issue) }.policy do
enable :update_issuable_metric_image
enable :destroy_issuable_metric_image enable :destroy_issuable_metric_image
end end
rule { ~is_project_member }.policy do rule { ~is_project_member }.policy do
prevent :upload_issuable_metric_image prevent :upload_issuable_metric_image
prevent :update_issuable_metric_image
prevent :destroy_issuable_metric_image prevent :destroy_issuable_metric_image
end end
end end
......
ee/lib/ee/api/issues.rb
View file @ 5f3e7c13
...@@ -83,7 +83,7 @@ module EE ...@@ -83,7 +83,7 @@ module EE
put ':metric_image_id' do put ':metric_image_id' do
issue = find_project_issue(params[:issue_iid]) issue = find_project_issue(params[:issue_iid])
authorize!(:destroy_issuable_metric_image, issue) authorize!(:update_issuable_metric_image, issue)
metric_image = issue.metric_images.find_by_id(params[:metric_image_id]) metric_image = issue.metric_images.find_by_id(params[:metric_image_id])
......
ee/spec/policies/issuable_policy_spec.rb
View file @ 5f3e7c13
...@@ -30,19 +30,19 @@ RSpec.describe IssuablePolicy, models: true do ...@@ -30,19 +30,19 @@ RSpec.describe IssuablePolicy, models: true do
it 'disallows non-members from creating and deleting metric images' do it 'disallows non-members from creating and deleting metric images' do
expect(permissions(non_member, issue)).to be_allowed(:read_issuable_metric_image) expect(permissions(non_member, issue)).to be_allowed(:read_issuable_metric_image)
expect(permissions(non_member, issue)).to be_disallowed(:upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(non_member, issue)).to be_disallowed(:upload_issuable_metric_image, :update_issuable_metric_image, :destroy_issuable_metric_image)
end end
it 'allows guests to read, create metric images, and delete them in their own issues' do it 'allows guests to read, create metric images, and delete them in their own issues' do
expect(permissions(guest, issue)).to be_allowed(:read_issuable_metric_image) expect(permissions(guest, issue)).to be_allowed(:read_issuable_metric_image)
expect(permissions(guest, issue)).to be_disallowed(:upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(guest, issue)).to be_disallowed(:upload_issuable_metric_image, :destroy_issuable_metric_image)
expect(permissions(guest, guest_issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(guest, guest_issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :update_issuable_metric_image, :destroy_issuable_metric_image)
end end
it 'allows reporters to create and delete metric images' do it 'allows reporters to create and delete metric images' do
expect(permissions(reporter, issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(reporter, issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :update_issuable_metric_image, :destroy_issuable_metric_image)
expect(permissions(reporter, reporter_issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(reporter, reporter_issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :update_issuable_metric_image, :destroy_issuable_metric_image)
end end
context 'Timeline events' do context 'Timeline events' do
...@@ -79,19 +79,19 @@ RSpec.describe IssuablePolicy, models: true do ...@@ -79,19 +79,19 @@ RSpec.describe IssuablePolicy, models: true do
let_it_be(:issue) { create(:issue, project: project) } let_it_be(:issue) { create(:issue, project: project) }
it 'disallows non-members from creating and deleting metric images' do it 'disallows non-members from creating and deleting metric images' do
expect(permissions(non_member, issue)).to be_disallowed(:read_issuable_metric_image, :upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(non_member, issue)).to be_disallowed(:read_issuable_metric_image, :upload_issuable_metric_image, :update_issuable_metric_image, :destroy_issuable_metric_image)
end end
it 'allows guests to read metric images, and create + delete in their own issues' do it 'allows guests to read metric images, and create + delete in their own issues' do
expect(permissions(guest, issue)).to be_allowed(:read_issuable_metric_image) expect(permissions(guest, issue)).to be_allowed(:read_issuable_metric_image)
expect(permissions(guest, issue)).to be_disallowed(:upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(guest, issue)).to be_disallowed(:upload_issuable_metric_image, :update_issuable_metric_image, :destroy_issuable_metric_image)
expect(permissions(guest, guest_issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(guest, guest_issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :update_issuable_metric_image, :destroy_issuable_metric_image)
end end
it 'allows reporters to create and delete metric images' do it 'allows reporters to create and delete metric images' do
expect(permissions(reporter, issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(reporter, issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :update_issuable_metric_image, :destroy_issuable_metric_image)
expect(permissions(reporter, reporter_issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :destroy_issuable_metric_image) expect(permissions(reporter, reporter_issue)).to be_allowed(:read_issuable_metric_image, :upload_issuable_metric_image, :update_issuable_metric_image, :destroy_issuable_metric_image)
end end
context 'Timeline events' do context 'Timeline events' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7