Rename crm related policies and consider feature flag status

As part of the ongoing effort to introduce the customer relations
feature, we have come across a few challenges with the length of
the name. So we are starting to adopt the crm acronym. This MR
updates all of the policies to ensure the module is references.

In addition, we avoid the need to check the feature flag for
every crm interaction by including it in all of the policies.

Changelog: changed

app/graphql/mutations/customer_relations/contacts/create.rb

@@ -42,13 +42,11 @@ module Mutations
                  required: false,
                  description: 'Description of or notes for the contact.'
 
-        authorize :admin_contact
+        authorize :admin_crm_contact
 
         def resolve(args)
           group = authorized_find!(id: args[:group_id])
 
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
-
           set_organization!(args)
           result = ::CustomerRelations::Contacts::CreateService.new(group: group, current_user: current_user, params: args).execute
           { contact: result.payload, errors: result.errors }

app/graphql/mutations/customer_relations/contacts/update.rb

@@ -8,7 +8,7 @@ module Mutations
 
         graphql_name 'CustomerRelationsContactUpdate'
 
-        authorize :admin_contact
+        authorize :admin_crm_contact
 
         field :contact,
               Types::CustomerRelations::ContactType,
@@ -48,8 +48,6 @@ module Mutations
           raise_resource_not_available_error! unless contact
 
           group = contact.group
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
-
           authorize!(group)
 
           result = ::CustomerRelations::Contacts::UpdateService.new(group: group, current_user: current_user, params: args).execute(contact)

app/graphql/mutations/customer_relations/organizations/create.rb

@@ -33,13 +33,11 @@ module Mutations
                  required: false,
                  description: 'Description of or notes for the organization.'
 
-        authorize :admin_organization
+        authorize :admin_crm_organization
 
         def resolve(args)
           group = authorized_find!(id: args[:group_id])
 
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
-
           result = ::CustomerRelations::Organizations::CreateService.new(group: group, current_user: current_user, params: args).execute
           { organization: result.payload, errors: result.errors }
         end

app/graphql/mutations/customer_relations/organizations/update.rb

@@ -8,7 +8,7 @@ module Mutations
 
         graphql_name 'CustomerRelationsOrganizationUpdate'
 
-        authorize :admin_organization
+        authorize :admin_crm_organization
 
         field :organization,
               Types::CustomerRelations::OrganizationType,
@@ -39,8 +39,6 @@ module Mutations
           raise_resource_not_available_error! unless organization
 
           group = organization.group
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
-
           authorize!(group)
 
           result = ::CustomerRelations::Organizations::UpdateService.new(group: group, current_user: current_user, params: args).execute(organization)

app/graphql/types/customer_relations/contact_type.rb

@@ -5,7 +5,7 @@ module Types
     class ContactType < BaseObject
       graphql_name 'CustomerRelationsContact'
 
-      authorize :read_contact
+      authorize :read_crm_contact
 
       field :id,
             GraphQL::Types::ID,

app/graphql/types/customer_relations/organization_type.rb

@@ -5,7 +5,7 @@ module Types
     class OrganizationType < BaseObject
       graphql_name 'CustomerRelationsOrganization'
 
-      authorize :read_organization
+      authorize :read_crm_organization
 
       field :id,
             GraphQL::Types::ID,

app/policies/group_policy.rb

@@ -75,6 +75,8 @@ class GroupPolicy < BasePolicy
   with_scope :subject
   condition(:has_project_with_service_desk_enabled) { @subject.has_project_with_service_desk_enabled? }
 
+  condition(:crm_enabled, score: 0, scope: :subject) { Feature.enabled?(:customer_relations, @subject) }
+
   rule { can?(:read_group) & design_management_enabled }.policy do
     enable :read_design_activity
   end
@@ -113,8 +115,8 @@ class GroupPolicy < BasePolicy
     enable :read_group_member
     enable :read_custom_emoji
     enable :read_counts
-    enable :read_organization
-    enable :read_contact
+    enable :read_crm_organization
+    enable :read_crm_contact
   end
 
   rule { ~public_group & ~has_access }.prevent :read_counts
@@ -134,8 +136,8 @@ class GroupPolicy < BasePolicy
     enable :create_package
     enable :create_package_settings
     enable :developer_access
-    enable :admin_organization
-    enable :admin_contact
+    enable :admin_crm_organization
+    enable :admin_crm_contact
   end
 
   rule { reporter }.policy do
@@ -252,6 +254,13 @@ class GroupPolicy < BasePolicy
     enable :read_label
   end
 
+  rule { ~crm_enabled }.policy do
+    prevent :read_crm_contact
+    prevent :read_crm_organization
+    prevent :admin_crm_contact
+    prevent :admin_crm_organization
+  end
+
   def access_level(for_any_session: false)
     return GroupMember::NO_ACCESS if @user.nil?
     return GroupMember::NO_ACCESS unless user_is_user?

app/services/customer_relations/contacts/base_service.rb

@@ -6,7 +6,7 @@ module CustomerRelations
       private
 
       def allowed?
-        current_user&.can?(:admin_contact, group)
+        current_user&.can?(:admin_crm_contact, group)
       end
 
       def error(message)

app/services/customer_relations/organizations/base_service.rb

@@ -6,7 +6,7 @@ module CustomerRelations
       private
 
       def allowed?
-        current_user&.can?(:admin_organization, group)
+        current_user&.can?(:admin_crm_organization, group)
       end
 
       def error(message)

spec/graphql/mutations/customer_relations/contacts/create_spec.rb

@@ -45,7 +45,7 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do
 
         it 'raises an error' do
           expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-            .with_message('Feature disabled')
+            .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
         end
       end
 
@@ -97,5 +97,5 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do
     end
   end
 
-  specify { expect(described_class).to require_graphql_authorizations(:admin_contact) }
+  specify { expect(described_class).to require_graphql_authorizations(:admin_crm_contact) }
 end

spec/graphql/mutations/customer_relations/contacts/update_spec.rb

@@ -65,11 +65,11 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Update do
 
         it 'raises an error' do
           expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-            .with_message('Feature disabled')
+            .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
         end
       end
     end
   end
 
-  specify { expect(described_class).to require_graphql_authorizations(:admin_contact) }
+  specify { expect(described_class).to require_graphql_authorizations(:admin_crm_contact) }
 end

spec/graphql/mutations/customer_relations/organizations/create_spec.rb

@@ -46,7 +46,7 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do
 
           it 'raises an error' do
             expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-              .with_message('Feature disabled')
+              .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
           end
         end
 
@@ -69,5 +69,5 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do
     end
   end
 
-  specify { expect(described_class).to require_graphql_authorizations(:admin_organization) }
+  specify { expect(described_class).to require_graphql_authorizations(:admin_crm_organization) }
 end

spec/graphql/mutations/customer_relations/organizations/update_spec.rb

@@ -63,11 +63,11 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Update do
 
         it 'raises an error' do
           expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-            .with_message('Feature disabled')
+            .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
         end
       end
     end
   end
 
-  specify { expect(described_class).to require_graphql_authorizations(:admin_organization) }
+  specify { expect(described_class).to require_graphql_authorizations(:admin_crm_organization) }
 end

spec/graphql/types/customer_relations/contact_type_spec.rb

@@ -7,5 +7,5 @@ RSpec.describe GitlabSchema.types['CustomerRelationsContact'] do
 
   it { expect(described_class.graphql_name).to eq('CustomerRelationsContact') }
   it { expect(described_class).to have_graphql_fields(fields) }
-  it { expect(described_class).to require_graphql_authorizations(:read_contact) }
+  it { expect(described_class).to require_graphql_authorizations(:read_crm_contact) }
 end

spec/graphql/types/customer_relations/organization_type_spec.rb

@@ -7,5 +7,5 @@ RSpec.describe GitlabSchema.types['CustomerRelationsOrganization'] do
 
   it { expect(described_class.graphql_name).to eq('CustomerRelationsOrganization') }
   it { expect(described_class).to have_graphql_fields(fields) }
-  it { expect(described_class).to require_graphql_authorizations(:read_organization) }
+  it { expect(described_class).to require_graphql_authorizations(:read_crm_organization) }
 end

spec/policies/group_policy_spec.rb

@@ -11,8 +11,8 @@ RSpec.describe GroupPolicy do
 
     it do
       expect_allowed(:read_group)
-      expect_allowed(:read_organization)
-      expect_allowed(:read_contact)
+      expect_allowed(:read_crm_organization)
+      expect_allowed(:read_crm_contact)
       expect_allowed(:read_counts)
       expect_allowed(*read_group_permissions)
       expect_disallowed(:upload_file)
@@ -33,8 +33,8 @@ RSpec.describe GroupPolicy do
     end
 
     it { expect_disallowed(:read_group) }
-    it { expect_disallowed(:read_organization) }
-    it { expect_disallowed(:read_contact) }
+    it { expect_disallowed(:read_crm_organization) }
+    it { expect_disallowed(:read_crm_contact) }
     it { expect_disallowed(:read_counts) }
     it { expect_disallowed(*read_group_permissions) }
   end
@@ -48,8 +48,8 @@ RSpec.describe GroupPolicy do
     end
 
     it { expect_disallowed(:read_group) }
-    it { expect_disallowed(:read_organization) }
-    it { expect_disallowed(:read_contact) }
+    it { expect_disallowed(:read_crm_organization) }
+    it { expect_disallowed(:read_crm_contact) }
     it { expect_disallowed(:read_counts) }
     it { expect_disallowed(*read_group_permissions) }
   end
@@ -933,8 +933,8 @@ RSpec.describe GroupPolicy do
 
       it { is_expected.to be_allowed(:read_package) }
       it { is_expected.to be_allowed(:read_group) }
-      it { is_expected.to be_allowed(:read_organization) }
-      it { is_expected.to be_allowed(:read_contact) }
+      it { is_expected.to be_allowed(:read_crm_organization) }
+      it { is_expected.to be_allowed(:read_crm_contact) }
       it { is_expected.to be_disallowed(:create_package) }
     end
 
@@ -944,8 +944,8 @@ RSpec.describe GroupPolicy do
       it { is_expected.to be_allowed(:create_package) }
       it { is_expected.to be_allowed(:read_package) }
       it { is_expected.to be_allowed(:read_group) }
-      it { is_expected.to be_allowed(:read_organization) }
-      it { is_expected.to be_allowed(:read_contact) }
+      it { is_expected.to be_allowed(:read_crm_organization) }
+      it { is_expected.to be_allowed(:read_crm_contact) }
       it { is_expected.to be_disallowed(:destroy_package) }
     end
 
@@ -1032,4 +1032,17 @@ RSpec.describe GroupPolicy do
       it { is_expected.to be_disallowed(:update_runners_registration_token) }
     end
   end
+
+  context 'with customer_relations feature flag disabled' do
+    let(:current_user) { owner }
+
+    before do
+      stub_feature_flags(customer_relations: false)
+    end
+
+    it { is_expected.to be_disallowed(:read_crm_contact) }
+    it { is_expected.to be_disallowed(:read_crm_organization) }
+    it { is_expected.to be_disallowed(:admin_crm_contact) }
+    it { is_expected.to be_disallowed(:admin_crm_organization) }
+  end
 end