Merge branch '210540-move-read_prometheus_alerts-policy-to-ce' into 'master'

Move read_prometheus_alerts policy to CE Closes #210540 See merge request gitlab-org/gitlab!27884

Merge branch '210540-move-read_prometheus_alerts-policy-to-ce' into 'master'
Move read_prometheus_alerts policy to CE Closes #210540 See merge request gitlab-org/gitlab!27884
684e434b · Heinrich Lee Yu · 92fc5dfe · 6b2e3070 · 684e434b · 684e434b
Commit 684e434b authored Mar 25, 2020 by Heinrich Lee Yu
7 changed files
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -316,6 +316,7 @@ class ProjectPolicy < BasePolicy
    enable :create_deploy_token
    enable :read_pod_logs
    enable :destroy_deploy_token
+    enable :read_prometheus_alerts
  end
  rule { (mirror_available & can?(:admin_project)) | admin }.enable :admin_remote_mirror

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -90,10 +90,6 @@ module EE
        @subject.feature_available?(:security_dashboard)
      end
-      condition(:prometheus_alerts_enabled) do
-        @subject.feature_available?(:prometheus_alerts, @user)
-      end
      with_scope :subject
      condition(:license_scanning_enabled) do
        @subject.feature_available?(:license_scanning) || @subject.feature_available?(:license_management)
@@ -239,8 +235,6 @@ module EE
      rule { license_scanning_enabled & can?(:maintainer_access) }.enable :admin_software_license_policy
-      rule { prometheus_alerts_enabled & can?(:maintainer_access) }.enable :read_prometheus_alerts
      rule { auditor }.policy do
        enable :public_user_access
        prevent :request_access

--- a/ee/spec/controllers/projects/prometheus/alerts_controller_spec.rb
+++ b/ee/spec/controllers/projects/prometheus/alerts_controller_spec.rb
@@ -26,18 +26,6 @@ describe Projects::Prometheus::AlertsController do
    end
  end
-  shared_examples 'unlicensed' do
-    before do
-      stub_licensed_features(prometheus_alerts: false)
-    end
-    it 'returns not_found' do
-      make_request
-      expect(response).to have_gitlab_http_status(:not_found)
-    end
-  end
  shared_examples 'project non-specific environment' do |status|
    let(:other) { create(:environment) }
@@ -118,7 +106,6 @@ describe Projects::Prometheus::AlertsController do
    end
    it_behaves_like 'unprivileged'
-    it_behaves_like 'unlicensed'
    it_behaves_like 'project non-specific environment', :ok
  end
@@ -166,7 +153,6 @@ describe Projects::Prometheus::AlertsController do
      end
      it_behaves_like 'unprivileged'
-      it_behaves_like 'unlicensed'
      it_behaves_like 'project non-specific environment', :not_found
      it_behaves_like 'project non-specific metric', :not_found
    end
@@ -269,7 +255,6 @@ describe Projects::Prometheus::AlertsController do
    end
    it_behaves_like 'unprivileged'
-    it_behaves_like 'unlicensed'
    it_behaves_like 'project non-specific environment', :no_content
  end
@@ -318,7 +303,6 @@ describe Projects::Prometheus::AlertsController do
    end
    it_behaves_like 'unprivileged'
-    it_behaves_like 'unlicensed'
    it_behaves_like 'project non-specific environment', :not_found
    it_behaves_like 'project non-specific metric', :not_found
  end
@@ -350,7 +334,6 @@ describe Projects::Prometheus::AlertsController do
    end
    it_behaves_like 'unprivileged'
-    it_behaves_like 'unlicensed'
    it_behaves_like 'project non-specific environment', :not_found
    it_behaves_like 'project non-specific metric', :not_found
  end

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -963,66 +963,6 @@ describe ProjectPolicy do
    end
  end
-  describe 'read_prometheus_alerts' do
-    context 'with prometheus_alerts available' do
-      before do
-        stub_licensed_features(prometheus_alerts: true)
-      end
-      context 'with admin' do
-        let(:current_user) { admin }
-        it { is_expected.to be_allowed(:read_prometheus_alerts) }
-      end
-      context 'with owner' do
-        let(:current_user) { owner }
-        it { is_expected.to be_allowed(:read_prometheus_alerts) }
-      end
-      context 'with maintainer' do
-        let(:current_user) { maintainer }
-        it { is_expected.to be_allowed(:read_prometheus_alerts) }
-      end
-      context 'with developer' do
-        let(:current_user) { developer }
-        it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-      end
-      context 'with reporter' do
-        let(:current_user) { reporter }
-        it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-      end
-      context 'with guest' do
-        let(:current_user) { guest }
-        it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-      end
-      context 'with anonymous' do
-        let(:current_user) { nil }
-        it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-      end
-    end
-    context 'without prometheus_alerts available' do
-      before do
-        stub_licensed_features(prometheus_alerts: false)
-      end
-      let(:current_user) { admin }
-      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-    end
-  end
  describe 'publish_status_page' do
    let(:anonymous) { nil }
    let(:feature) { :status_page }

--- a/ee/spec/services/metrics/dashboard/gitlab_alert_embed_service_spec.rb
+++ b/ee/spec/services/metrics/dashboard/gitlab_alert_embed_service_spec.rb
@@ -68,13 +68,7 @@ describe Metrics::Dashboard::GitlabAlertEmbedService do
    let(:service_call) { described_class.new(*service_params).get_dashboard }
-    it_behaves_like 'misconfigured dashboard service response', :unauthorized
    context 'when alerting is available' do
-      before do
-        stub_licensed_features(prometheus_alerts: true)
-      end
      it_behaves_like 'valid embedded dashboard service response'
      it_behaves_like 'raises error for users with insufficient permissions'

--- a/ee/spec/services/projects/operations/update_service_spec.rb
+++ b/ee/spec/services/projects/operations/update_service_spec.rb
@@ -163,14 +163,6 @@ describe Projects::Operations::UpdateService do
          context 'without an existing setting' do
            it_behaves_like 'setting creation'
-            context 'without license' do
-              before do
-                stub_licensed_features(prometheus_alerts: false)
-              end
-              it_behaves_like 'no operation'
-            end
            context 'with insufficient permissions' do
              before do
                project.add_reporter(user)

--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -573,4 +573,50 @@ describe ProjectPolicy do
      it { is_expected.to be_allowed(:admin_issue) }
    end
  end
+  describe 'read_prometheus_alerts' do
+    subject { described_class.new(current_user, project) }
+    context 'with admin' do
+      let(:current_user) { admin }
+      it { is_expected.to be_allowed(:read_prometheus_alerts) }
+    end
+    context 'with owner' do
+      let(:current_user) { owner }
+      it { is_expected.to be_allowed(:read_prometheus_alerts) }
+    end
+    context 'with maintainer' do
+      let(:current_user) { maintainer }
+      it { is_expected.to be_allowed(:read_prometheus_alerts) }
+    end
+    context 'with developer' do
+      let(:current_user) { developer }
+      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
+    end
+    context 'with reporter' do
+      let(:current_user) { reporter }
+      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
+    end
+    context 'with guest' do
+      let(:current_user) { guest }
+      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
+    end
+    context 'with anonymous' do
+      let(:current_user) { nil }
+      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
+    end
+  end
 end