Allow reporters to read project statistics

- Change policies
- Update specs
- Update docs

Changelog: changed

app/policies/project_policy.rb

@@ -238,6 +238,7 @@ class ProjectPolicy < BasePolicy
     enable :admin_issue_board
     enable :download_code
     enable :read_statistics
+    enable :daily_statistics
     enable :download_wiki_code
     enable :create_snippet
     enable :update_issue
@@ -347,7 +348,6 @@ class ProjectPolicy < BasePolicy
     enable :update_deployment
     enable :create_release
     enable :update_release
-    enable :daily_statistics
     enable :create_metrics_dashboard_annotation
     enable :delete_metrics_dashboard_annotation
     enable :update_metrics_dashboard_annotation

doc/user/permissions.md

@@ -103,6 +103,7 @@ The following table lists project permissions available for each role:
 | Move [test case](../ci/test_cases/index.md)       |         | ✓          | ✓           | ✓        | ✓      |
 | Reopen [test case](../ci/test_cases/index.md)     |         | ✓          | ✓           | ✓        | ✓      |
 | Pull [packages](packages/index.md)                |         | ✓          | ✓           | ✓        | ✓      |
+| View project statistics                           |         | ✓          | ✓           | ✓        | ✓      |
 | Publish [packages](packages/index.md)             |         |            | ✓           | ✓        | ✓      |
 | Create/edit/delete a Cleanup policy               |         |            | ✓           | ✓        | ✓      |
 | Upload [Design Management](project/issues/design_management.md) files |  |  | ✓        | ✓        | ✓      |
@@ -119,7 +120,6 @@ The following table lists project permissions available for each role:
 | Lock merge request threads                        |         |            | ✓           | ✓        | ✓      |
 | Approve merge requests (*9*)                      |         |            | ✓           | ✓        | ✓      |
 | Manage/Accept merge requests                      |         |            | ✓           | ✓        | ✓      |
-| View project statistics                           |         |            | ✓           | ✓        | ✓      |
 | Create new environments                           |         |            | ✓           | ✓        | ✓      |
 | Stop environments                                 |         |            | ✓           | ✓        | ✓      |
 | Enable Review Apps                                |         |            | ✓           | ✓        | ✓      |

spec/requests/api/graphql/project_query_spec.rb

@@ -119,6 +119,29 @@ RSpec.describe 'getting project information' do
     end
   end
 
+  context 'when the user has reporter access to the project' do
+    let(:statistics_query) do
+      <<~GRAPHQL
+        {
+          project(fullPath: "#{project.full_path}") {
+            statistics { wikiSize }
+          }
+        }
+      GRAPHQL
+    end
+
+    before do
+      project.add_reporter(current_user)
+      create(:project_statistics, project: project, wiki_size: 100)
+    end
+
+    it 'allows fetching project statistics' do
+      post_graphql(statistics_query, current_user: current_user)
+
+      expect(graphql_data.dig('project', 'statistics')).to include('wikiSize' => 100.0)
+    end
+  end
+
   context 'when the user does not have access to the project' do
     it 'returns an empty field' do
       post_graphql(query, current_user: current_user)

spec/requests/api/project_statistics_spec.rb

@@ -3,11 +3,11 @@
 require 'spec_helper'
 
 RSpec.describe API::ProjectStatistics do
-  let_it_be(:developer) { create(:user) }
+  let_it_be(:reporter) { create(:user) }
   let_it_be(:public_project) { create(:project, :public) }
 
   before do
-    public_project.add_developer(developer)
+    public_project.add_reporter(reporter)
   end
 
   describe 'GET /projects/:id/statistics' do
@@ -19,7 +19,7 @@ RSpec.describe API::ProjectStatistics do
     let_it_be(:fetch_statistics_other_project) { create(:project_daily_statistic, project: create(:project), fetch_count: 29, date: 29.days.ago) }
 
     it 'returns the fetch statistics of the last 30 days' do
-      get api("/projects/#{public_project.id}/statistics", developer)
+      get api("/projects/#{public_project.id}/statistics", reporter)
 
       expect(response).to have_gitlab_http_status(:ok)
       fetches = json_response['fetches']
@@ -32,7 +32,7 @@ RSpec.describe API::ProjectStatistics do
     it 'excludes the fetch statistics older than 30 days' do
       create(:project_daily_statistic, fetch_count: 31, project: public_project, date: 30.days.ago)
 
-      get api("/projects/#{public_project.id}/statistics", developer)
+      get api("/projects/#{public_project.id}/statistics", reporter)
 
       expect(response).to have_gitlab_http_status(:ok)
       fetches = json_response['fetches']
@@ -41,7 +41,7 @@ RSpec.describe API::ProjectStatistics do
       expect(fetches['days'].last).to eq({ 'count' => fetch_statistics1.fetch_count, 'date' => fetch_statistics1.date.to_s })
     end
 
-    it 'responds with 403 when the user is not a developer of the repository' do
+    it 'responds with 403 when the user is not a reporter of the repository' do
       guest = create(:user)
       public_project.add_guest(guest)
 

spec/support/shared_contexts/policies/project_policy_shared_context.rb

@@ -26,7 +26,7 @@ RSpec.shared_context 'ProjectPolicy context' do
   let(:base_reporter_permissions) do
     %i[
       admin_issue admin_issue_link admin_label admin_issue_board_list create_snippet
-      download_code download_wiki_code fork_project metrics_dashboard
+      daily_statistics download_code download_wiki_code fork_project metrics_dashboard
       read_build read_commit_status read_confidential_issues
       read_container_image read_deployment read_environment read_merge_request
       read_metrics_dashboard_annotation read_pipeline read_prometheus
@@ -44,7 +44,7 @@ RSpec.shared_context 'ProjectPolicy context' do
       create_commit_status create_container_image create_deployment
       create_environment create_merge_request_from
       create_metrics_dashboard_annotation create_pipeline create_release
-      create_wiki daily_statistics delete_metrics_dashboard_annotation
+      create_wiki delete_metrics_dashboard_annotation
       destroy_container_image push_code read_pod_logs read_terraform_state
       resolve_note update_build update_commit_status update_container_image
       update_deployment update_environment update_merge_request