Merge branch '355529-fix-auditor-permissions-for-devops-adoption-analytics' into 'master'

Allow auditor to view Devops adoption analytics See merge request gitlab-org/gitlab!83731

Merge branch '355529-fix-auditor-permissions-for-devops-adoption-analytics' into 'master'
Allow auditor to view Devops adoption analytics See merge request gitlab-org/gitlab!83731
a65e9062 · Vasilii Iakliushin · 56c060a8 · 3aa656ad · a65e9062 · a65e9062
Commit a65e9062 authored Mar 30, 2022 by Vasilii Iakliushin
3 changed files
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -173,6 +173,7 @@ module EE

      rule { auditor }.policy do
        enable :view_productivity_analytics
+        enable :view_group_devops_adoption
      end

      rule { owner | admin }.policy do

--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -1731,6 +1731,7 @@ RSpec.describe GroupPolicy do
        :reporter         | true
        :guest            | false
        :non_group_member | false
+        :auditor          | true
      end

      before do

--- a/ee/spec/requests/groups/analytics/devops_adoption_controller_spec.rb
+++ b/ee/spec/requests/groups/analytics/devops_adoption_controller_spec.rb
@@ -17,33 +17,59 @@ RSpec.describe Groups::Analytics::DevopsAdoptionController do
      get group_analytics_devops_adoption_path(group)
    end

-    before do
-      group.add_maintainer(current_user)
+    context 'when user is not authorized to view devops adoption analytics' do
+      before do
+        allow(Ability).to receive(:allowed?).and_call_original
+        expect(Ability).to receive(:allowed?).with(current_user, :read_group, group).and_return(true)
+        expect(Ability).to receive(:allowed?).with(current_user, :view_group_devops_adoption, group).and_return(false)
+      end
+
+      it 'renders 403, forbidden error' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:forbidden)
+      end
    end

-    it 'renders the devops adoption page' do
-      subject
+    context 'when user is an auditor' do
+      let(:current_user) { create(:user, :auditor) }
+
+      it 'allows access' do
+        subject

-      expect(response).to render_template :show
+        expect(response).to have_gitlab_http_status(:success)
+      end
    end

-    context 'when the feature is not available' do
+    context 'when the user is a group maintainer' do
      before do
-        stub_licensed_features(group_level_devops_adoption: false)
+        group.add_maintainer(current_user)
      end

-      it 'renders forbidden' do
+      it 'renders the devops adoption page' do
        subject

-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to render_template :show
      end
-    end

-    it 'tracks devops_adoption usage event' do
-      expect(Gitlab::UsageDataCounters::HLLRedisCounter)
-        .to receive(:track_event).with('users_viewing_analytics_group_devops_adoption', values: kind_of(String))
+      context 'when the feature is not available' do
+        before do
+          stub_licensed_features(group_level_devops_adoption: false)
+        end

-      subject
+        it 'renders forbidden' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end
+      end
+
+      it 'tracks devops_adoption usage event' do
+        expect(Gitlab::UsageDataCounters::HLLRedisCounter)
+          .to receive(:track_event).with('users_viewing_analytics_group_devops_adoption', values: kind_of(String))
+
+        subject
+      end
    end
  end
 end