Change group policy for Group Activity Analytics

Only allow users who have access to the group, to be able to access the analytics

Change group policy for Group Activity Analytics
Only allow users who have access to the group, to be able to access the analytics
7f7f9c58 · Aakriti Gupta · Dmytro Zaporozhets · 999ba82d · 7f7f9c58 · 7f7f9c58
Commit 7f7f9c58 authored Apr 03, 2020 by Aakriti Gupta Committed by Dmytro Zaporozhets Apr 03, 2020
3 changed files
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -87,7 +87,7 @@ module EE
      rule { has_access & contribution_analytics_available }
        .enable :read_group_contribution_analytics

-      rule { can?(:read_group) & group_activity_analytics_available }
+      rule { has_access & group_activity_analytics_available }
        .enable :read_group_activity_analytics

      rule { reporter & cycle_analytics_available }.policy do

--- a/ee/spec/features/analytics/group_analytics_spec.rb
+++ b/ee/spec/features/analytics/group_analytics_spec.rb
@@ -10,6 +10,7 @@ describe 'GroupAnalytics' do
  before do
    stub_licensed_features(group_activity_analytics: true)

+    group.add_developer(user)
    sign_in(user)
  end


--- a/ee/spec/requests/api/analytics/group_activity_analytics_spec.rb
+++ b/ee/spec/requests/api/analytics/group_activity_analytics_spec.rb
@@ -48,7 +48,7 @@ describe API::Analytics::GroupActivityAnalytics do
      end
    end

-    context 'when user has no authorization to view a private group' do
+    context 'when user does not have access to a group' do
      let(:current_user) { anonymous_user }

      it 'is returns `not_found`' do