Hide dependency proxy UI if feature is disabled

Hide group -> dependency proxy page if feature is disabled globally
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

ee/app/controllers/concerns/dependency_proxy_access.rb

+# frozen_string_literal: true
+
+module DependencyProxyAccess
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :verify_dependency_proxy_enabled!
+    before_action :authorize_read_dependency_proxy!
+  end
+
+  private
+
+  def verify_dependency_proxy_enabled!
+    render_404 unless Gitlab.config.dependency_proxy.enabled &&
+        group.feature_available?(:dependency_proxy)
+  end
+
+  def authorize_read_dependency_proxy!
+    access_denied! unless can?(current_user, :read_dependency_proxy, group)
+  end
+end

ee/app/controllers/groups/dependency_proxies_controller.rb

@@ -2,6 +2,8 @@
 
 module Groups
   class DependencyProxiesController < Groups::ApplicationController
+    include DependencyProxyAccess
+
     before_action :authorize_admin_group!, only: :update
     before_action :dependency_proxy
 

ee/app/controllers/groups/dependency_proxy_for_containers_controller.rb

 # frozen_string_literal: true
 
 class Groups::DependencyProxyForContainersController < Groups::ApplicationController
+  include DependencyProxyAccess
   include SendFileUpload
 
-  before_action :ensure_feature_enabled!
   before_action :ensure_token_granted!
+  before_action :ensure_feature_enabled!
 
   attr_reader :token
 
@@ -40,9 +41,7 @@ class Groups::DependencyProxyForContainersController < Groups::ApplicationContro
   end
 
   def ensure_feature_enabled!
-    render_404 unless Gitlab.config.dependency_proxy.enabled &&
-        group.feature_available?(:dependency_proxy) &&
-        group.dependency_proxy_setting&.enabled
+    render_404 unless group.dependency_proxy_setting&.enabled
   end
 
   def ensure_token_granted!

ee/app/policies/ee/group_policy.rb

@@ -26,6 +26,10 @@ module EE
         sso_enforcement_prevents_access?
       end
 
+      condition(:dependency_proxy_available) do
+        @subject.feature_available?(:dependency_proxy)
+      end
+
       rule { reporter }.policy do
         enable :admin_list
         enable :admin_board
@@ -38,6 +42,9 @@ module EE
       rule { can?(:read_group) & contribution_analytics_available }
         .enable :read_group_contribution_analytics
 
+      rule { can?(:read_group) & dependency_proxy_available }
+        .enable :read_dependency_proxy
+
       rule { can?(:read_group) & epics_available }.enable :read_epic
 
       rule { reporter & epics_available }.policy do

ee/app/views/groups/sidebar/_dependency_proxy.html.haml

-- if @group.feature_available?(:dependency_proxy)
+- if Gitlab.config.dependency_proxy.enabled && @group.feature_available?(:dependency_proxy)
   = nav_link(controller: 'groups/dependency_proxies') do
     = link_to group_dependency_proxy_path(@group), title: _('Dependency Proxy') do
       %span= _('Dependency Proxy')

ee/spec/controllers/groups/dependency_proxies_controller_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Groups::DependencyProxiesController do
+  let(:group) { create(:group) }
+  let(:user)  { create(:user) }
+
+  before do
+    group.add_owner(user)
+    sign_in(user)
+  end
+
+  describe 'GET #show' do
+    context 'feature enabled' do
+      before do
+        enable_dependency_proxy
+      end
+
+      it 'returns 200 and renders the view' do
+        get :show, params: { group_id: group.to_param }
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(response).to render_template('groups/dependency_proxies/show')
+      end
+    end
+
+    it 'returns 404 when feature is disabled' do
+      get :show, params: { group_id: group.to_param }
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+  end
+
+  describe 'PUT #update' do
+    context 'feature enabled' do
+      before do
+        enable_dependency_proxy
+      end
+
+      it 'redirects back to show page' do
+        put :update, params: update_params
+
+        expect(response).to have_gitlab_http_status(302)
+      end
+    end
+
+    it 'returns 404 when feature is disabled' do
+      put :update, params: update_params
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    def update_params
+      {
+        group_id: group.to_param,
+        dependency_proxy_group_setting: { enabled: true }
+      }
+    end
+  end
+
+  def enable_dependency_proxy
+    allow(Gitlab.config.dependency_proxy)
+      .to receive(:enabled).and_return(true)
+
+    stub_licensed_features(dependency_proxy: true)
+  end
+end

ee/spec/features/groups/dependency_proxy_spec.rb

@@ -11,6 +11,9 @@ describe 'Group Dependency Proxy' do
   before do
     group.add_owner(owner)
     group.add_developer(developer)
+
+    enable_feature
+    stub_licensed_features(dependency_proxy: true)
   end
 
   describe 'feature settings', :js do
@@ -74,5 +77,33 @@ describe 'Group Dependency Proxy' do
         end
       end
     end
+
+    context 'when feature is not available because of license', js: false do
+      it 'renders 404 page' do
+        stub_licensed_features(dependency_proxy: false)
+
+        visit path
+
+        expect(page).to have_gitlab_http_status(404)
+      end
+    end
+
+    context 'when feature is disabled globally', js: false do
+      it 'renders 404 page' do
+        disable_feature
+
+        visit path
+
+        expect(page).to have_gitlab_http_status(404)
+      end
+    end
+  end
+
+  def enable_feature
+    allow(Gitlab.config.dependency_proxy).to receive(:enabled).and_return(true)
+  end
+
+  def disable_feature
+    allow(Gitlab.config.dependency_proxy).to receive(:enabled).and_return(false)
   end
 end