Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
7ee66c95
Commit
7ee66c95
authored
Mar 10, 2020
by
Nick Thomas
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'requirements-perms' into 'master'
Add Requirement policy See merge request gitlab-org/gitlab!26618
parents
5ec89907
4fa45342
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
140 additions
and
0 deletions
+140
-0
ee/app/models/license.rb
ee/app/models/license.rb
+1
-0
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+13
-0
ee/app/policies/requirement_policy.rb
ee/app/policies/requirement_policy.rb
+5
-0
ee/spec/policies/project_policy_spec.rb
ee/spec/policies/project_policy_spec.rb
+4
-0
ee/spec/policies/requirement_policy_spec.rb
ee/spec/policies/requirement_policy_spec.rb
+23
-0
ee/spec/support/shared_examples/policies/requirement_policy_shared_examples.rb
...d_examples/policies/requirement_policy_shared_examples.rb
+94
-0
No files found.
ee/app/models/license.rb
View file @
7ee66c95
...
@@ -125,6 +125,7 @@ class License < ApplicationRecord
...
@@ -125,6 +125,7 @@ class License < ApplicationRecord
prometheus_alerts
prometheus_alerts
pseudonymizer
pseudonymizer
report_approver_rules
report_approver_rules
requirements
sast
sast
security_dashboard
security_dashboard
status_page
status_page
...
...
ee/app/policies/ee/project_policy.rb
View file @
7ee66c95
...
@@ -33,6 +33,9 @@ module EE
...
@@ -33,6 +33,9 @@ module EE
with_scope
:subject
with_scope
:subject
condition
(
:packages_disabled
)
{
!
@subject
.
packages_enabled
}
condition
(
:packages_disabled
)
{
!
@subject
.
packages_enabled
}
with_scope
:subject
condition
(
:requirements_available
)
{
@subject
.
feature_available?
(
:requirements
)
}
with_scope
:global
with_scope
:global
condition
(
:is_development
)
{
Rails
.
env
.
development?
}
condition
(
:is_development
)
{
Rails
.
env
.
development?
}
...
@@ -359,6 +362,16 @@ module EE
...
@@ -359,6 +362,16 @@ module EE
rule
{
build_service_proxy_enabled
}.
enable
:build_service_proxy_enabled
rule
{
build_service_proxy_enabled
}.
enable
:build_service_proxy_enabled
rule
{
can?
(
:read_merge_request
)
&
code_review_analytics_enabled
}.
enable
:read_code_review_analytics
rule
{
can?
(
:read_merge_request
)
&
code_review_analytics_enabled
}.
enable
:read_code_review_analytics
rule
{
can?
(
:read_project
)
&
requirements_available
}.
enable
:read_requirement
rule
{
requirements_available
&
reporter
}.
policy
do
enable
:create_requirement
enable
:admin_requirement
enable
:update_requirement
end
rule
{
requirements_available
&
owner
}.
enable
:destroy_requirement
end
end
override
:lookup_access_level!
override
:lookup_access_level!
...
...
ee/app/policies/requirement_policy.rb
0 → 100644
View file @
7ee66c95
# frozen_string_literal: true
class
RequirementPolicy
<
BasePolicy
delegate
{
@subject
.
resource_parent
}
end
ee/spec/policies/project_policy_spec.rb
View file @
7ee66c95
...
@@ -1397,4 +1397,8 @@ describe ProjectPolicy do
...
@@ -1397,4 +1397,8 @@ describe ProjectPolicy do
end
end
end
end
end
end
it_behaves_like
'resource with requirement permissions'
do
let
(
:resource
)
{
project
}
end
end
end
ee/spec/policies/requirement_policy_spec.rb
0 → 100644
View file @
7ee66c95
# frozen_string_literal: true
require
'spec_helper'
describe
RequirementPolicy
do
let_it_be
(
:owner
)
{
create
(
:user
)
}
let_it_be
(
:admin
)
{
create
(
:admin
)
}
let_it_be
(
:reporter
)
{
create
(
:user
)
}
let_it_be
(
:developer
)
{
create
(
:user
)
}
let_it_be
(
:maintainer
)
{
create
(
:user
)
}
let_it_be
(
:guest
)
{
create
(
:user
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:public
,
namespace:
owner
.
namespace
)
}
let_it_be
(
:resource
,
reload:
true
)
{
create
(
:requirement
,
project:
project
)
}
before
do
project
.
add_reporter
(
reporter
)
project
.
add_developer
(
developer
)
project
.
add_maintainer
(
maintainer
)
project
.
add_guest
(
guest
)
end
it_behaves_like
'resource with requirement permissions'
end
ee/spec/support/shared_examples/policies/requirement_policy_shared_examples.rb
0 → 100644
View file @
7ee66c95
# frozen_string_literal: true
RSpec
.
shared_examples
'resource with requirement permissions'
do
let
(
:all_permissions
)
{
[
:read_requirement
,
:create_requirement
,
:admin_requirement
,
:update_requirement
,
:destroy_requirement
]
}
let
(
:manage_permissions
)
{
all_permissions
-
[
:destroy_requirement
]
}
let
(
:non_read_permissions
)
{
all_permissions
-
[
:read_requirement
]
}
subject
{
described_class
.
new
(
current_user
,
resource
)
}
shared_examples
'user with manage permissions'
do
it
{
is_expected
.
to
be_allowed
(
*
manage_permissions
)
}
it
{
is_expected
.
to
be_disallowed
(
:destroy_requirement
)
}
end
shared_examples
'user with read only permissions'
do
it
{
is_expected
.
to
be_allowed
(
:read_requirement
)
}
it
{
is_expected
.
to
be_disallowed
(
*
non_read_permissions
)
}
end
context
'when requirements feature is enabled'
do
before
do
stub_licensed_features
(
requirements:
true
)
end
context
'with admin'
do
let
(
:current_user
)
{
admin
}
it_behaves_like
'user with read only permissions'
end
context
'with owner'
do
let
(
:current_user
)
{
owner
}
it
{
is_expected
.
to
be_allowed
(
*
all_permissions
)
}
end
context
'with maintainer'
do
let
(
:current_user
)
{
maintainer
}
it_behaves_like
'user with manage permissions'
end
context
'with developer'
do
let
(
:current_user
)
{
developer
}
it_behaves_like
'user with manage permissions'
end
context
'with reporter'
do
let
(
:current_user
)
{
reporter
}
it_behaves_like
'user with manage permissions'
end
context
'with guest'
do
let
(
:current_user
)
{
guest
}
it_behaves_like
'user with read only permissions'
end
context
'with non member'
do
let
(
:current_user
)
{
create
(
:user
)
}
it_behaves_like
'user with read only permissions'
context
'with private resource parent'
do
before
do
parent
=
resource
.
is_a?
(
Project
)
?
resource
:
resource
.
resource_parent
parent
.
update!
(
visibility_level:
Gitlab
::
VisibilityLevel
::
PRIVATE
)
end
it
{
is_expected
.
to
be_disallowed
(
*
all_permissions
)
}
end
end
end
context
'when requirements feature is disabled'
do
before
do
stub_licensed_features
(
requirements:
false
)
end
context
'with owner'
do
let
(
:current_user
)
{
owner
}
it
{
is_expected
.
to
be_disallowed
(
*
all_permissions
)
}
end
context
'with admin'
do
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_disallowed
(
*
all_permissions
)
}
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment