Rename crm related policies and consider feature flag status

As part of the ongoing effort to introduce the customer relations feature, we have come across a few challenges with the length of the name. So we are starting to adopt the crm acronym. This MR updates all of the policies to ensure the module is references. In addition, we avoid the need to check the feature flag for every crm interaction by including it in all of the policies. Changelog: changed

Rename crm related policies and consider feature flag status
As part of the ongoing effort to introduce the customer relations feature, we have come across a few challenges with the length of the name. So we are starting to adopt the crm acronym. This MR updates all of the policies to ensure the module is references. In addition, we avoid the need to check the feature flag for every crm interaction by including it in all of the policies. Changelog: changed
9b46e466 · Lee Tickett · 28e18a4c · 9b46e466 · 9b46e466 · 9b46e466
Commit 9b46e466 authored Oct 27, 2021 by Lee Tickett
16 changed files
--- a/app/graphql/mutations/customer_relations/contacts/create.rb
+++ b/app/graphql/mutations/customer_relations/contacts/create.rb
@@ -42,13 +42,11 @@ module Mutations
                 required: false,
                 description: 'Description of or notes for the contact.'
-        authorize :admin_contact
+        authorize :admin_crm_contact
        def resolve(args)
          group = authorized_find!(id: args[:group_id])
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
          set_organization!(args)
          result = ::CustomerRelations::Contacts::CreateService.new(group: group, current_user: current_user, params: args).execute
          { contact: result.payload, errors: result.errors }

--- a/app/graphql/mutations/customer_relations/contacts/update.rb
+++ b/app/graphql/mutations/customer_relations/contacts/update.rb
@@ -8,7 +8,7 @@ module Mutations
        graphql_name 'CustomerRelationsContactUpdate'
-        authorize :admin_contact
+        authorize :admin_crm_contact
        field :contact,
              Types::CustomerRelations::ContactType,
@@ -48,8 +48,6 @@ module Mutations
          raise_resource_not_available_error! unless contact
          group = contact.group
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
          authorize!(group)
          result = ::CustomerRelations::Contacts::UpdateService.new(group: group, current_user: current_user, params: args).execute(contact)

--- a/app/graphql/mutations/customer_relations/organizations/create.rb
+++ b/app/graphql/mutations/customer_relations/organizations/create.rb
@@ -33,13 +33,11 @@ module Mutations
                 required: false,
                 description: 'Description of or notes for the organization.'
-        authorize :admin_organization
+        authorize :admin_crm_organization
        def resolve(args)
          group = authorized_find!(id: args[:group_id])
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
          result = ::CustomerRelations::Organizations::CreateService.new(group: group, current_user: current_user, params: args).execute
          { organization: result.payload, errors: result.errors }
        end

--- a/app/graphql/mutations/customer_relations/organizations/update.rb
+++ b/app/graphql/mutations/customer_relations/organizations/update.rb
@@ -8,7 +8,7 @@ module Mutations
        graphql_name 'CustomerRelationsOrganizationUpdate'
-        authorize :admin_organization
+        authorize :admin_crm_organization
        field :organization,
              Types::CustomerRelations::OrganizationType,
@@ -39,8 +39,6 @@ module Mutations
          raise_resource_not_available_error! unless organization
          group = organization.group
-          raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
          authorize!(group)
          result = ::CustomerRelations::Organizations::UpdateService.new(group: group, current_user: current_user, params: args).execute(organization)

--- a/app/graphql/types/customer_relations/contact_type.rb
+++ b/app/graphql/types/customer_relations/contact_type.rb
@@ -5,7 +5,7 @@ module Types
    class ContactType < BaseObject
      graphql_name 'CustomerRelationsContact'
-      authorize :read_contact
+      authorize :read_crm_contact
      field :id,
            GraphQL::Types::ID,

--- a/app/graphql/types/customer_relations/organization_type.rb
+++ b/app/graphql/types/customer_relations/organization_type.rb
@@ -5,7 +5,7 @@ module Types
    class OrganizationType < BaseObject
      graphql_name 'CustomerRelationsOrganization'
-      authorize :read_organization
+      authorize :read_crm_organization
      field :id,
            GraphQL::Types::ID,

--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -75,6 +75,8 @@ class GroupPolicy < BasePolicy
  with_scope :subject
  condition(:has_project_with_service_desk_enabled) { @subject.has_project_with_service_desk_enabled? }
+  condition(:crm_enabled, score: 0, scope: :subject) { Feature.enabled?(:customer_relations, @subject) }
  rule { can?(:read_group) & design_management_enabled }.policy do
    enable :read_design_activity
  end
@@ -113,8 +115,8 @@ class GroupPolicy < BasePolicy
    enable :read_group_member
    enable :read_custom_emoji
    enable :read_counts
-    enable :read_organization
+    enable :read_crm_organization
-    enable :read_contact
+    enable :read_crm_contact
  end
  rule { ~public_group & ~has_access }.prevent :read_counts
@@ -134,8 +136,8 @@ class GroupPolicy < BasePolicy
    enable :create_package
    enable :create_package_settings
    enable :developer_access
-    enable :admin_organization
+    enable :admin_crm_organization
-    enable :admin_contact
+    enable :admin_crm_contact
  end
  rule { reporter }.policy do
@@ -252,6 +254,13 @@ class GroupPolicy < BasePolicy
    enable :read_label
  end
+  rule { ~crm_enabled }.policy do
+    prevent :read_crm_contact
+    prevent :read_crm_organization
+    prevent :admin_crm_contact
+    prevent :admin_crm_organization
+  end
  def access_level(for_any_session: false)
    return GroupMember::NO_ACCESS if @user.nil?
    return GroupMember::NO_ACCESS unless user_is_user?

--- a/app/services/customer_relations/contacts/base_service.rb
+++ b/app/services/customer_relations/contacts/base_service.rb
@@ -6,7 +6,7 @@ module CustomerRelations
      private
      def allowed?
-        current_user&.can?(:admin_contact, group)
+        current_user&.can?(:admin_crm_contact, group)
      end
      def error(message)

--- a/app/services/customer_relations/organizations/base_service.rb
+++ b/app/services/customer_relations/organizations/base_service.rb
@@ -6,7 +6,7 @@ module CustomerRelations
      private
      def allowed?
-        current_user&.can?(:admin_organization, group)
+        current_user&.can?(:admin_crm_organization, group)
      end
      def error(message)

--- a/spec/graphql/mutations/customer_relations/contacts/create_spec.rb
+++ b/spec/graphql/mutations/customer_relations/contacts/create_spec.rb
@@ -45,7 +45,7 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do
        it 'raises an error' do
          expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-            .with_message('Feature disabled')
+            .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
        end
      end
@@ -97,5 +97,5 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do
    end
  end
-  specify { expect(described_class).to require_graphql_authorizations(:admin_contact) }
+  specify { expect(described_class).to require_graphql_authorizations(:admin_crm_contact) }
 end
--- a/spec/graphql/mutations/customer_relations/contacts/update_spec.rb
+++ b/spec/graphql/mutations/customer_relations/contacts/update_spec.rb
@@ -65,11 +65,11 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Update do
        it 'raises an error' do
          expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-            .with_message('Feature disabled')
+            .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
        end
      end
    end
  end
-  specify { expect(described_class).to require_graphql_authorizations(:admin_contact) }
+  specify { expect(described_class).to require_graphql_authorizations(:admin_crm_contact) }
 end
--- a/spec/graphql/mutations/customer_relations/organizations/create_spec.rb
+++ b/spec/graphql/mutations/customer_relations/organizations/create_spec.rb
@@ -46,7 +46,7 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do
          it 'raises an error' do
            expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-              .with_message('Feature disabled')
+              .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
          end
        end
@@ -69,5 +69,5 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do
    end
  end
-  specify { expect(described_class).to require_graphql_authorizations(:admin_organization) }
+  specify { expect(described_class).to require_graphql_authorizations(:admin_crm_organization) }
 end
--- a/spec/graphql/mutations/customer_relations/organizations/update_spec.rb
+++ b/spec/graphql/mutations/customer_relations/organizations/update_spec.rb
@@ -63,11 +63,11 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Update do
        it 'raises an error' do
          expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-            .with_message('Feature disabled')
+            .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
        end
      end
    end
  end
-  specify { expect(described_class).to require_graphql_authorizations(:admin_organization) }
+  specify { expect(described_class).to require_graphql_authorizations(:admin_crm_organization) }
 end
--- a/spec/graphql/types/customer_relations/contact_type_spec.rb
+++ b/spec/graphql/types/customer_relations/contact_type_spec.rb
@@ -7,5 +7,5 @@ RSpec.describe GitlabSchema.types['CustomerRelationsContact'] do
  it { expect(described_class.graphql_name).to eq('CustomerRelationsContact') }
  it { expect(described_class).to have_graphql_fields(fields) }
-  it { expect(described_class).to require_graphql_authorizations(:read_contact) }
+  it { expect(described_class).to require_graphql_authorizations(:read_crm_contact) }
 end
--- a/spec/graphql/types/customer_relations/organization_type_spec.rb
+++ b/spec/graphql/types/customer_relations/organization_type_spec.rb
@@ -7,5 +7,5 @@ RSpec.describe GitlabSchema.types['CustomerRelationsOrganization'] do
  it { expect(described_class.graphql_name).to eq('CustomerRelationsOrganization') }
  it { expect(described_class).to have_graphql_fields(fields) }
-  it { expect(described_class).to require_graphql_authorizations(:read_organization) }
+  it { expect(described_class).to require_graphql_authorizations(:read_crm_organization) }
 end
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -11,8 +11,8 @@ RSpec.describe GroupPolicy do
    it do
      expect_allowed(:read_group)
-      expect_allowed(:read_organization)
+      expect_allowed(:read_crm_organization)
-      expect_allowed(:read_contact)
+      expect_allowed(:read_crm_contact)
      expect_allowed(:read_counts)
      expect_allowed(*read_group_permissions)
      expect_disallowed(:upload_file)
@@ -33,8 +33,8 @@ RSpec.describe GroupPolicy do
    end
    it { expect_disallowed(:read_group) }
-    it { expect_disallowed(:read_organization) }
+    it { expect_disallowed(:read_crm_organization) }
-    it { expect_disallowed(:read_contact) }
+    it { expect_disallowed(:read_crm_contact) }
    it { expect_disallowed(:read_counts) }
    it { expect_disallowed(*read_group_permissions) }
  end
@@ -48,8 +48,8 @@ RSpec.describe GroupPolicy do
    end
    it { expect_disallowed(:read_group) }
-    it { expect_disallowed(:read_organization) }
+    it { expect_disallowed(:read_crm_organization) }
-    it { expect_disallowed(:read_contact) }
+    it { expect_disallowed(:read_crm_contact) }
    it { expect_disallowed(:read_counts) }
    it { expect_disallowed(*read_group_permissions) }
  end
@@ -933,8 +933,8 @@ RSpec.describe GroupPolicy do
      it { is_expected.to be_allowed(:read_package) }
      it { is_expected.to be_allowed(:read_group) }
-      it { is_expected.to be_allowed(:read_organization) }
+      it { is_expected.to be_allowed(:read_crm_organization) }
-      it { is_expected.to be_allowed(:read_contact) }
+      it { is_expected.to be_allowed(:read_crm_contact) }
      it { is_expected.to be_disallowed(:create_package) }
    end
@@ -944,8 +944,8 @@ RSpec.describe GroupPolicy do
      it { is_expected.to be_allowed(:create_package) }
      it { is_expected.to be_allowed(:read_package) }
      it { is_expected.to be_allowed(:read_group) }
-      it { is_expected.to be_allowed(:read_organization) }
+      it { is_expected.to be_allowed(:read_crm_organization) }
-      it { is_expected.to be_allowed(:read_contact) }
+      it { is_expected.to be_allowed(:read_crm_contact) }
      it { is_expected.to be_disallowed(:destroy_package) }
    end
@@ -1032,4 +1032,17 @@ RSpec.describe GroupPolicy do
      it { is_expected.to be_disallowed(:update_runners_registration_token) }
    end
  end
+  context 'with customer_relations feature flag disabled' do
+    let(:current_user) { owner }
+    before do
+      stub_feature_flags(customer_relations: false)
+    end
+    it { is_expected.to be_disallowed(:read_crm_contact) }
+    it { is_expected.to be_disallowed(:read_crm_organization) }
+    it { is_expected.to be_disallowed(:admin_crm_contact) }
+    it { is_expected.to be_disallowed(:admin_crm_organization) }
+  end
 end