Merge branch 'ag-fix-permissions-bug' into 'master'

Change group policy for Group Activity Analytics See merge request gitlab-org/gitlab!28646

Merge branch 'ag-fix-permissions-bug' into 'master'
Change group policy for Group Activity Analytics See merge request gitlab-org/gitlab!28646
7207dcb1 · Dmytro Zaporozhets · f55a2356 · 7f7f9c58 · 7207dcb1 · 7207dcb1
Commit 7207dcb1 authored Apr 03, 2020 by Dmytro Zaporozhets
3 changed files
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -91,7 +91,7 @@ module EE
      rule { has_access & contribution_analytics_available }
        .enable :read_group_contribution_analytics

-      rule { can?(:read_group) & group_activity_analytics_available }
+      rule { has_access & group_activity_analytics_available }
        .enable :read_group_activity_analytics

      rule { reporter & cycle_analytics_available }.policy do

--- a/ee/spec/features/analytics/group_analytics_spec.rb
+++ b/ee/spec/features/analytics/group_analytics_spec.rb
@@ -10,6 +10,7 @@ describe 'GroupAnalytics' do
  before do
    stub_licensed_features(group_activity_analytics: true)

+    group.add_developer(user)
    sign_in(user)
  end


--- a/ee/spec/requests/api/analytics/group_activity_analytics_spec.rb
+++ b/ee/spec/requests/api/analytics/group_activity_analytics_spec.rb
@@ -48,7 +48,7 @@ describe API::Analytics::GroupActivityAnalytics do
      end
    end

-    context 'when user has no authorization to view a private group' do
+    context 'when user does not have access to a group' do
      let(:current_user) { anonymous_user }

      it 'is returns `not_found`' do