Merge branch 'fix-minutes-notification-when-unauthenticated' into 'master'

Fix minutes notification when unauthenticated See merge request gitlab-org/gitlab!31724

Merge branch 'fix-minutes-notification-when-unauthenticated' into 'master'
Fix minutes notification when unauthenticated See merge request gitlab-org/gitlab!31724
a083a452 · Kamil Trzciński · c305f5a4 · 19d5c15b · a083a452 · a083a452
Commit a083a452 authored May 12, 2020 by Kamil Trzciński
9 changed files
--- a/ee/app/models/ci/minutes/context.rb
+++ b/ee/app/models/ci/minutes/context.rb
@@ -18,11 +18,9 @@ module Ci
      end

      def can_see_status?
-        if project
-          user.can?(:create_pipeline, project)
-        else
-          namespace.all_pipelines.for_user(user).any?
-        end
+        return false unless level
+
+        Ability.allowed?(user, :read_ci_minutes_quota, level)
      end

      private

--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -91,6 +91,7 @@ module EE
        enable :create_jira_connect_subscription
        enable :maintainer_access
        enable :admin_wiki
+        enable :read_ci_minutes_quota
      end

      rule { owner }.policy do

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -181,6 +181,7 @@ module EE
        enable :destroy_feature_flag
        enable :admin_feature_flag
        enable :admin_feature_flags_user_lists
+        enable :read_ci_minutes_quota
      end

      rule { can?(:developer_access) & iterations_available }.policy do

--- a/ee/changelogs/unreleased/fix-minutes-notification-when-unauthenticated.yml
+++ b/ee/changelogs/unreleased/fix-minutes-notification-when-unauthenticated.yml
+---
+title: Fix CI minutes notification when unauthenticated
+merge_request: 31724
+author:
+type: fixed
--- a/ee/spec/features/ci_shared_runner_warnings_spec.rb
+++ b/ee/spec/features/ci_shared_runner_warnings_spec.rb
@@ -87,7 +87,9 @@ describe 'CI shared runner limits' do
  end

  context 'when on a group related page' do
-    let!(:user_pipeline) { create(:ci_pipeline, user: user, project: project) }
+    before do
+      group.add_owner(user)
+    end

    where(:case_name, :percent, :remaining_minutes) do
      'warning level' | 30 | 4

--- a/ee/spec/models/ci/minutes/context_spec.rb
+++ b/ee/spec/models/ci/minutes/context_spec.rb
@@ -36,6 +36,14 @@ describe Ci::Minutes::Context do
          expect(subject.can_see_status?).to be_falsey
        end
      end
+
+      context 'when user is not authenticated' do
+        let(:user) { nil }
+
+        it 'cannot see status' do
+          expect(subject.can_see_status?).to be_falsey
+        end
+      end
    end
  end

@@ -45,7 +53,7 @@ describe Ci::Minutes::Context do
    describe '#can_see_status' do
      context 'when eligible to see status' do
        before do
-          create(:ci_pipeline, user: user, project: project)
+          group.add_owner(user)
        end

        it 'can see status' do
@@ -58,6 +66,14 @@ describe Ci::Minutes::Context do
          expect(subject.can_see_status?).to be_falsey
        end
      end
+
+      context 'when user is not authenticated' do
+        let(:user) { nil }
+
+        it 'cannot see status' do
+          expect(subject.can_see_status?).to be_falsey
+        end
+      end
    end
  end
 end
--- a/ee/spec/models/ci/minutes/notification_spec.rb
+++ b/ee/spec/models/ci/minutes/notification_spec.rb
@@ -127,7 +127,9 @@ describe Ci::Minutes::Notification do
  context 'when at namespace level' do
    describe '#show?' do
      context 'when eligible to see notifications' do
-        let!(:user_pipeline) { create(:ci_pipeline, user: user, project: project) }
+        before do
+          group.add_owner(user)
+        end

        context 'with a project that has runners enabled inside namespace' do
          it_behaves_like 'queries for notifications' do

--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -880,6 +880,27 @@ describe GroupPolicy do
    end
  end

+  describe ':read_ci_minutes_quota' do
+    using RSpec::Parameterized::TableSyntax
+
+    let(:policy) { :read_ci_minutes_quota }
+
+    where(:role, :allowed) do
+      :guest      | false
+      :reporter   | false
+      :developer  | false
+      :maintainer | true
+      :owner      | true
+      :admin      | true
+    end
+
+    with_them do
+      let(:current_user) { public_send(role) }
+
+      it { is_expected.to(allowed ? be_allowed(policy) : be_disallowed(policy)) }
+    end
+  end
+
  it_behaves_like 'model with wiki policies' do
    let_it_be(:container) { create(:group) }
    let_it_be(:user) { owner }

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -1376,4 +1376,25 @@ describe ProjectPolicy do
      it { is_expected.to(allowed ? be_allowed(policy) : be_disallowed(policy)) }
    end
  end
+
+  describe ':read_ci_minutes_quota' do
+    using RSpec::Parameterized::TableSyntax
+
+    let(:policy) { :read_ci_minutes_quota }
+
+    where(:role, :allowed) do
+      :guest      | false
+      :reporter   | false
+      :developer  | true
+      :maintainer | true
+      :owner      | true
+      :admin      | true
+    end
+
+    with_them do
+      let(:current_user) { public_send(role) }
+
+      it { is_expected.to(allowed ? be_allowed(policy) : be_disallowed(policy)) }
+    end
+  end
 end