Merge branch '351602-auditor-group-level-events' into 'master'

Ensures audit events are visible to auditor at Group level

See merge request gitlab-org/gitlab!81267

ee/app/controllers/groups/audit_events_controller.rb

@@ -44,6 +44,8 @@ class Groups::AuditEventsController < Groups::ApplicationController
   end
 
   def filter_by_author(params)
-    can?(current_user, :admin_group, group) ? params : params.merge(author_id: current_user.id)
+    return params if can?(current_user, :admin_group, group) || current_user.auditor?
+
+    params.merge(author_id: current_user.id)
   end
 end

ee/app/policies/ee/group_policy.rb

@@ -270,6 +270,7 @@ module EE
       rule { auditor }.policy do
         enable :read_group
         enable :read_group_security_dashboard
+        enable :read_group_audit_events
       end
 
       rule { group_saml_config_enabled & group_saml_available & (admin | owner) }.enable :admin_group_saml

ee/spec/policies/group_policy_spec.rb

@@ -610,6 +610,7 @@ RSpec.describe GroupPolicy do
 
           it { is_expected.to be_allowed(:read_group) }
           it { is_expected.to be_allowed(:read_milestone) }
+          it { is_expected.to be_allowed(:read_group_audit_events) }
         end
       end
     end