Commit 9c990ec5 authored by Bob Van Landuyt's avatar Bob Van Landuyt

Merge branch '2256-check-crm-ff-in-policy' into 'master'

Rename crm related policies and consider feature flag status

See merge request gitlab-org/gitlab!73209
parents 9213197a 9b46e466
...@@ -42,13 +42,11 @@ module Mutations ...@@ -42,13 +42,11 @@ module Mutations
required: false, required: false,
description: 'Description of or notes for the contact.' description: 'Description of or notes for the contact.'
authorize :admin_contact authorize :admin_crm_contact
def resolve(args) def resolve(args)
group = authorized_find!(id: args[:group_id]) group = authorized_find!(id: args[:group_id])
raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
set_organization!(args) set_organization!(args)
result = ::CustomerRelations::Contacts::CreateService.new(group: group, current_user: current_user, params: args).execute result = ::CustomerRelations::Contacts::CreateService.new(group: group, current_user: current_user, params: args).execute
{ contact: result.payload, errors: result.errors } { contact: result.payload, errors: result.errors }
......
...@@ -8,7 +8,7 @@ module Mutations ...@@ -8,7 +8,7 @@ module Mutations
graphql_name 'CustomerRelationsContactUpdate' graphql_name 'CustomerRelationsContactUpdate'
authorize :admin_contact authorize :admin_crm_contact
field :contact, field :contact,
Types::CustomerRelations::ContactType, Types::CustomerRelations::ContactType,
...@@ -48,8 +48,6 @@ module Mutations ...@@ -48,8 +48,6 @@ module Mutations
raise_resource_not_available_error! unless contact raise_resource_not_available_error! unless contact
group = contact.group group = contact.group
raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
authorize!(group) authorize!(group)
result = ::CustomerRelations::Contacts::UpdateService.new(group: group, current_user: current_user, params: args).execute(contact) result = ::CustomerRelations::Contacts::UpdateService.new(group: group, current_user: current_user, params: args).execute(contact)
......
...@@ -33,13 +33,11 @@ module Mutations ...@@ -33,13 +33,11 @@ module Mutations
required: false, required: false,
description: 'Description of or notes for the organization.' description: 'Description of or notes for the organization.'
authorize :admin_organization authorize :admin_crm_organization
def resolve(args) def resolve(args)
group = authorized_find!(id: args[:group_id]) group = authorized_find!(id: args[:group_id])
raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
result = ::CustomerRelations::Organizations::CreateService.new(group: group, current_user: current_user, params: args).execute result = ::CustomerRelations::Organizations::CreateService.new(group: group, current_user: current_user, params: args).execute
{ organization: result.payload, errors: result.errors } { organization: result.payload, errors: result.errors }
end end
......
...@@ -8,7 +8,7 @@ module Mutations ...@@ -8,7 +8,7 @@ module Mutations
graphql_name 'CustomerRelationsOrganizationUpdate' graphql_name 'CustomerRelationsOrganizationUpdate'
authorize :admin_organization authorize :admin_crm_organization
field :organization, field :organization,
Types::CustomerRelations::OrganizationType, Types::CustomerRelations::OrganizationType,
...@@ -39,8 +39,6 @@ module Mutations ...@@ -39,8 +39,6 @@ module Mutations
raise_resource_not_available_error! unless organization raise_resource_not_available_error! unless organization
group = organization.group group = organization.group
raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:customer_relations, group, default_enabled: :yaml)
authorize!(group) authorize!(group)
result = ::CustomerRelations::Organizations::UpdateService.new(group: group, current_user: current_user, params: args).execute(organization) result = ::CustomerRelations::Organizations::UpdateService.new(group: group, current_user: current_user, params: args).execute(organization)
......
...@@ -5,7 +5,7 @@ module Types ...@@ -5,7 +5,7 @@ module Types
class ContactType < BaseObject class ContactType < BaseObject
graphql_name 'CustomerRelationsContact' graphql_name 'CustomerRelationsContact'
authorize :read_contact authorize :read_crm_contact
field :id, field :id,
GraphQL::Types::ID, GraphQL::Types::ID,
......
...@@ -5,7 +5,7 @@ module Types ...@@ -5,7 +5,7 @@ module Types
class OrganizationType < BaseObject class OrganizationType < BaseObject
graphql_name 'CustomerRelationsOrganization' graphql_name 'CustomerRelationsOrganization'
authorize :read_organization authorize :read_crm_organization
field :id, field :id,
GraphQL::Types::ID, GraphQL::Types::ID,
......
...@@ -75,6 +75,8 @@ class GroupPolicy < BasePolicy ...@@ -75,6 +75,8 @@ class GroupPolicy < BasePolicy
with_scope :subject with_scope :subject
condition(:has_project_with_service_desk_enabled) { @subject.has_project_with_service_desk_enabled? } condition(:has_project_with_service_desk_enabled) { @subject.has_project_with_service_desk_enabled? }
condition(:crm_enabled, score: 0, scope: :subject) { Feature.enabled?(:customer_relations, @subject) }
rule { can?(:read_group) & design_management_enabled }.policy do rule { can?(:read_group) & design_management_enabled }.policy do
enable :read_design_activity enable :read_design_activity
end end
...@@ -113,8 +115,8 @@ class GroupPolicy < BasePolicy ...@@ -113,8 +115,8 @@ class GroupPolicy < BasePolicy
enable :read_group_member enable :read_group_member
enable :read_custom_emoji enable :read_custom_emoji
enable :read_counts enable :read_counts
enable :read_organization enable :read_crm_organization
enable :read_contact enable :read_crm_contact
end end
rule { ~public_group & ~has_access }.prevent :read_counts rule { ~public_group & ~has_access }.prevent :read_counts
...@@ -134,8 +136,8 @@ class GroupPolicy < BasePolicy ...@@ -134,8 +136,8 @@ class GroupPolicy < BasePolicy
enable :create_package enable :create_package
enable :create_package_settings enable :create_package_settings
enable :developer_access enable :developer_access
enable :admin_organization enable :admin_crm_organization
enable :admin_contact enable :admin_crm_contact
end end
rule { reporter }.policy do rule { reporter }.policy do
...@@ -252,6 +254,13 @@ class GroupPolicy < BasePolicy ...@@ -252,6 +254,13 @@ class GroupPolicy < BasePolicy
enable :read_label enable :read_label
end end
rule { ~crm_enabled }.policy do
prevent :read_crm_contact
prevent :read_crm_organization
prevent :admin_crm_contact
prevent :admin_crm_organization
end
def access_level(for_any_session: false) def access_level(for_any_session: false)
return GroupMember::NO_ACCESS if @user.nil? return GroupMember::NO_ACCESS if @user.nil?
return GroupMember::NO_ACCESS unless user_is_user? return GroupMember::NO_ACCESS unless user_is_user?
......
...@@ -6,7 +6,7 @@ module CustomerRelations ...@@ -6,7 +6,7 @@ module CustomerRelations
private private
def allowed? def allowed?
current_user&.can?(:admin_contact, group) current_user&.can?(:admin_crm_contact, group)
end end
def error(message) def error(message)
......
...@@ -6,7 +6,7 @@ module CustomerRelations ...@@ -6,7 +6,7 @@ module CustomerRelations
private private
def allowed? def allowed?
current_user&.can?(:admin_organization, group) current_user&.can?(:admin_crm_organization, group)
end end
def error(message) def error(message)
......
...@@ -45,7 +45,7 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do ...@@ -45,7 +45,7 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do
it 'raises an error' do it 'raises an error' do
expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
.with_message('Feature disabled') .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
end end
end end
...@@ -97,5 +97,5 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do ...@@ -97,5 +97,5 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do
end end
end end
specify { expect(described_class).to require_graphql_authorizations(:admin_contact) } specify { expect(described_class).to require_graphql_authorizations(:admin_crm_contact) }
end end
...@@ -65,11 +65,11 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Update do ...@@ -65,11 +65,11 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Update do
it 'raises an error' do it 'raises an error' do
expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
.with_message('Feature disabled') .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
end end
end end
end end
end end
specify { expect(described_class).to require_graphql_authorizations(:admin_contact) } specify { expect(described_class).to require_graphql_authorizations(:admin_crm_contact) }
end end
...@@ -46,7 +46,7 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do ...@@ -46,7 +46,7 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do
it 'raises an error' do it 'raises an error' do
expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
.with_message('Feature disabled') .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
end end
end end
...@@ -69,5 +69,5 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do ...@@ -69,5 +69,5 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do
end end
end end
specify { expect(described_class).to require_graphql_authorizations(:admin_organization) } specify { expect(described_class).to require_graphql_authorizations(:admin_crm_organization) }
end end
...@@ -63,11 +63,11 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Update do ...@@ -63,11 +63,11 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Update do
it 'raises an error' do it 'raises an error' do
expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
.with_message('Feature disabled') .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
end end
end end
end end
end end
specify { expect(described_class).to require_graphql_authorizations(:admin_organization) } specify { expect(described_class).to require_graphql_authorizations(:admin_crm_organization) }
end end
...@@ -7,5 +7,5 @@ RSpec.describe GitlabSchema.types['CustomerRelationsContact'] do ...@@ -7,5 +7,5 @@ RSpec.describe GitlabSchema.types['CustomerRelationsContact'] do
it { expect(described_class.graphql_name).to eq('CustomerRelationsContact') } it { expect(described_class.graphql_name).to eq('CustomerRelationsContact') }
it { expect(described_class).to have_graphql_fields(fields) } it { expect(described_class).to have_graphql_fields(fields) }
it { expect(described_class).to require_graphql_authorizations(:read_contact) } it { expect(described_class).to require_graphql_authorizations(:read_crm_contact) }
end end
...@@ -7,5 +7,5 @@ RSpec.describe GitlabSchema.types['CustomerRelationsOrganization'] do ...@@ -7,5 +7,5 @@ RSpec.describe GitlabSchema.types['CustomerRelationsOrganization'] do
it { expect(described_class.graphql_name).to eq('CustomerRelationsOrganization') } it { expect(described_class.graphql_name).to eq('CustomerRelationsOrganization') }
it { expect(described_class).to have_graphql_fields(fields) } it { expect(described_class).to have_graphql_fields(fields) }
it { expect(described_class).to require_graphql_authorizations(:read_organization) } it { expect(described_class).to require_graphql_authorizations(:read_crm_organization) }
end end
...@@ -11,8 +11,8 @@ RSpec.describe GroupPolicy do ...@@ -11,8 +11,8 @@ RSpec.describe GroupPolicy do
it do it do
expect_allowed(:read_group) expect_allowed(:read_group)
expect_allowed(:read_organization) expect_allowed(:read_crm_organization)
expect_allowed(:read_contact) expect_allowed(:read_crm_contact)
expect_allowed(:read_counts) expect_allowed(:read_counts)
expect_allowed(*read_group_permissions) expect_allowed(*read_group_permissions)
expect_disallowed(:upload_file) expect_disallowed(:upload_file)
...@@ -33,8 +33,8 @@ RSpec.describe GroupPolicy do ...@@ -33,8 +33,8 @@ RSpec.describe GroupPolicy do
end end
it { expect_disallowed(:read_group) } it { expect_disallowed(:read_group) }
it { expect_disallowed(:read_organization) } it { expect_disallowed(:read_crm_organization) }
it { expect_disallowed(:read_contact) } it { expect_disallowed(:read_crm_contact) }
it { expect_disallowed(:read_counts) } it { expect_disallowed(:read_counts) }
it { expect_disallowed(*read_group_permissions) } it { expect_disallowed(*read_group_permissions) }
end end
...@@ -48,8 +48,8 @@ RSpec.describe GroupPolicy do ...@@ -48,8 +48,8 @@ RSpec.describe GroupPolicy do
end end
it { expect_disallowed(:read_group) } it { expect_disallowed(:read_group) }
it { expect_disallowed(:read_organization) } it { expect_disallowed(:read_crm_organization) }
it { expect_disallowed(:read_contact) } it { expect_disallowed(:read_crm_contact) }
it { expect_disallowed(:read_counts) } it { expect_disallowed(:read_counts) }
it { expect_disallowed(*read_group_permissions) } it { expect_disallowed(*read_group_permissions) }
end end
...@@ -933,8 +933,8 @@ RSpec.describe GroupPolicy do ...@@ -933,8 +933,8 @@ RSpec.describe GroupPolicy do
it { is_expected.to be_allowed(:read_package) } it { is_expected.to be_allowed(:read_package) }
it { is_expected.to be_allowed(:read_group) } it { is_expected.to be_allowed(:read_group) }
it { is_expected.to be_allowed(:read_organization) } it { is_expected.to be_allowed(:read_crm_organization) }
it { is_expected.to be_allowed(:read_contact) } it { is_expected.to be_allowed(:read_crm_contact) }
it { is_expected.to be_disallowed(:create_package) } it { is_expected.to be_disallowed(:create_package) }
end end
...@@ -944,8 +944,8 @@ RSpec.describe GroupPolicy do ...@@ -944,8 +944,8 @@ RSpec.describe GroupPolicy do
it { is_expected.to be_allowed(:create_package) } it { is_expected.to be_allowed(:create_package) }
it { is_expected.to be_allowed(:read_package) } it { is_expected.to be_allowed(:read_package) }
it { is_expected.to be_allowed(:read_group) } it { is_expected.to be_allowed(:read_group) }
it { is_expected.to be_allowed(:read_organization) } it { is_expected.to be_allowed(:read_crm_organization) }
it { is_expected.to be_allowed(:read_contact) } it { is_expected.to be_allowed(:read_crm_contact) }
it { is_expected.to be_disallowed(:destroy_package) } it { is_expected.to be_disallowed(:destroy_package) }
end end
...@@ -1032,4 +1032,17 @@ RSpec.describe GroupPolicy do ...@@ -1032,4 +1032,17 @@ RSpec.describe GroupPolicy do
it { is_expected.to be_disallowed(:update_runners_registration_token) } it { is_expected.to be_disallowed(:update_runners_registration_token) }
end end
end end
context 'with customer_relations feature flag disabled' do
let(:current_user) { owner }
before do
stub_feature_flags(customer_relations: false)
end
it { is_expected.to be_disallowed(:read_crm_contact) }
it { is_expected.to be_disallowed(:read_crm_organization) }
it { is_expected.to be_disallowed(:admin_crm_contact) }
it { is_expected.to be_disallowed(:admin_crm_organization) }
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment