Commit 8b528426 authored by Felipe Artur's avatar Felipe Artur

Downgrade support bot code to core

One of the tasks to downgrade service desk feature to core
parent 2304a32e
......@@ -2410,6 +2410,11 @@ class Project < ApplicationRecord
super || build_metrics_setting
end
def service_desk_enabled
false
end
alias_method :service_desk_enabled?, :service_desk_enabled
private
def find_service(services, name)
......
......@@ -655,6 +655,15 @@ class User < ApplicationRecord
end
end
def support_bot
email_pattern = "support%s@#{Settings.gitlab.host}"
unique_internal(where(user_type: :support_bot), 'support-bot', email_pattern) do |u|
u.bio = 'The GitLab support bot used for Service Desk'
u.name = 'GitLab Support Bot'
end
end
# Return true if there is only single non-internal user in the deployment,
# ghost user is ignored.
def single_user?
......
......@@ -21,6 +21,10 @@ class BasePolicy < DeclarativePolicy::Base
with_options scope: :user, score: 0
condition(:deactivated) { @user&.deactivated? }
desc "User is support bot"
with_options scope: :user, score: 0
condition(:support_bot) { @user&.support_bot? }
desc "User email is unconfirmed or user account is locked"
with_options scope: :user, score: 0
condition(:inactive) do
......
......@@ -45,6 +45,10 @@ module PolicyActor
false
end
def support_bot?
false
end
def deactivated?
false
end
......
......@@ -123,6 +123,9 @@ class ProjectPolicy < BasePolicy
!@subject.design_management_enabled?
end
with_scope :subject
condition(:service_desk_enabled) { @subject.service_desk_enabled? }
# We aren't checking `:read_issue` or `:read_merge_request` in this case
# because it could be possible for a user to see an issuable-iid
# (`:read_issue_iid` or `:read_merge_request_iid`) but then wouldn't be
......@@ -576,6 +579,12 @@ class ProjectPolicy < BasePolicy
enable :read_build_report_results
end
rule { support_bot }.enable :guest_access
rule { support_bot & ~service_desk_enabled }.policy do
prevent :create_note
prevent :read_project
end
private
def team_member?
......@@ -624,6 +633,7 @@ class ProjectPolicy < BasePolicy
def lookup_access_level!
return ::Gitlab::Access::REPORTER if alert_bot?
return ::Gitlab::Access::REPORTER if support_bot? && service_desk_enabled?
# NOTE: max_member_access has its own cache
project.team.max_member_access(@user.id)
......
......@@ -325,8 +325,9 @@ module EE
feature_available?(:github_project_service_integration)
end
override :service_desk_enabled
def service_desk_enabled
::EE::Gitlab::ServiceDesk.enabled?(project: self) && super
::EE::Gitlab::ServiceDesk.enabled?(project: self) && self[:service_desk_enabled]
end
alias_method :service_desk_enabled?, :service_desk_enabled
......
......@@ -95,15 +95,6 @@ module EE
class_methods do
extend ::Gitlab::Utils::Override
def support_bot
email_pattern = "support%s@#{Settings.gitlab.host}"
unique_internal(where(user_type: :support_bot), 'support-bot', email_pattern) do |u|
u.bio = 'The GitLab support bot used for Service Desk'
u.name = 'GitLab Support Bot'
end
end
def visual_review_bot
email_pattern = "visual_review%s@#{Settings.gitlab.host}"
......
......@@ -8,9 +8,6 @@ module EE
with_scope :user
condition(:auditor, score: 0) { @user&.auditor? }
with_scope :user
condition(:support_bot, score: 0) { @user&.support_bot? }
with_scope :user
condition(:visual_review_bot, score: 0) { @user&.visual_review_bot? }
......
......@@ -6,10 +6,6 @@ module EE
false
end
def support_bot?
false
end
def visual_review_bot?
false
end
......
......@@ -18,9 +18,6 @@ module EE
].freeze
prepended do
with_scope :subject
condition(:service_desk_enabled) { @subject.service_desk_enabled? }
with_scope :subject
condition(:related_issues_disabled) { !@subject.feature_available?(:related_issues) }
......@@ -175,12 +172,6 @@ module EE
@subject.feature_available?(:group_timelogs)
end
rule { support_bot }.enable :guest_access
rule { support_bot & ~service_desk_enabled }.policy do
prevent :create_note
prevent :read_project
end
rule { visual_review_bot }.policy do
prevent :read_note
enable :create_note
......@@ -412,7 +403,6 @@ module EE
override :lookup_access_level!
def lookup_access_level!
return ::Gitlab::Access::NO_ACCESS if needs_new_sso_session?
return ::Gitlab::Access::REPORTER if support_bot? && service_desk_enabled?
return ::Gitlab::Access::NO_ACCESS if visual_review_bot?
super
......
......@@ -1060,7 +1060,6 @@ RSpec.describe User do
where(:user_type, :expected_result) do
'service_user' | true
'support_bot' | false
'visual_review_bot' | false
end
......
......@@ -1001,34 +1001,6 @@ RSpec.describe ProjectPolicy do
end
end
context 'support bot' do
let(:current_user) { User.support_bot }
context 'with service desk disabled' do
it { expect_allowed(:guest_access) }
it { expect_disallowed(:create_note, :read_project) }
end
context 'with service desk enabled' do
let(:project) { create(:project, :public, service_desk_enabled: true) }
before do
allow(::EE::Gitlab::ServiceDesk).to receive(:enabled?).and_return(true)
allow(::EE::Gitlab::ServiceDesk).to receive(:enabled?).with(project: project).and_return(true)
end
it { expect_allowed(:reporter_access, :create_note, :read_issue) }
context 'when issues are protected members only' do
before do
project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
end
it { expect_allowed(:reporter_access, :create_note, :read_issue) }
end
end
end
context 'visual review bot' do
let(:current_user) { User.visual_review_bot }
......
......@@ -4634,7 +4634,8 @@ describe User do
[
{ state: 'blocked' },
{ user_type: :ghost },
{ user_type: :alert_bot }
{ user_type: :alert_bot },
{ user_type: :support_bot }
]
end
......@@ -4688,6 +4689,7 @@ describe User do
where(:user_type, :expected_result) do
'human' | true
'alert_bot' | false
'support_bot' | false
end
with_them do
......@@ -4756,19 +4758,26 @@ describe User do
end
end
describe '#migration_bot' do
it 'creates the user if it does not exist' do
expect do
described_class.migration_bot
end.to change { User.where(user_type: :migration_bot).count }.by(1)
end
context 'bot users' do
shared_examples 'bot users' do |bot_type|
it 'creates the user if it does not exist' do
expect do
described_class.public_send(bot_type)
end.to change { User.where(user_type: bot_type).count }.by(1)
end
it 'does not create a new user if it already exists' do
described_class.migration_bot
it 'does not create a new user if it already exists' do
described_class.public_send(bot_type)
expect do
described_class.migration_bot
end.not_to change { User.count }
expect do
described_class.public_send(bot_type)
end.not_to change { User.count }
end
end
it_behaves_like 'bot users', :alert_bot
it_behaves_like 'bot users', :support_bot
it_behaves_like 'bot users', :migration_bot
it_behaves_like 'bot users', :ghost
end
end
......@@ -496,6 +496,33 @@ describe ProjectPolicy do
end
end
context 'support bot' do
let(:current_user) { User.support_bot }
subject { described_class.new(current_user, project) }
context 'with service desk disabled' do
it { expect_allowed(:guest_access) }
it { expect_disallowed(:create_note, :read_project) }
end
context 'with service desk enabled' do
before do
allow(project).to receive(:service_desk_enabled?).and_return(true)
end
it { expect_allowed(:reporter_access, :create_note, :read_issue) }
context 'when issues are protected members only' do
before do
project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
end
it { expect_allowed(:reporter_access, :create_note, :read_issue) }
end
end
end
describe 'read_prometheus_alerts' do
subject { described_class.new(current_user, project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment