Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
c47cc5c2
Commit
c47cc5c2
authored
Nov 17, 2020
by
Max Woolf
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add destroyservice to compliance frameworks
Adds a new service to handle destruction of compliance frameworks
parent
0a0d89ac
Changes
9
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
168 additions
and
2 deletions
+168
-2
app/policies/group_policy.rb
app/policies/group_policy.rb
+4
-1
app/policies/namespace_policy.rb
app/policies/namespace_policy.rb
+1
-0
ee/app/policies/compliance_management/framework_policy.rb
ee/app/policies/compliance_management/framework_policy.rb
+15
-0
ee/app/services/compliance_management/frameworks/destroy_service.rb
...vices/compliance_management/frameworks/destroy_service.rb
+34
-0
ee/spec/policies/compliance_management/framework_policy_spec.rb
...c/policies/compliance_management/framework_policy_spec.rb
+52
-0
ee/spec/services/compliance_management/frameworks/destroy_service_spec.rb
.../compliance_management/frameworks/destroy_service_spec.rb
+54
-0
locale/gitlab.pot
locale/gitlab.pot
+6
-0
spec/policies/namespace_policy_spec.rb
spec/policies/namespace_policy_spec.rb
+1
-1
spec/support/shared_contexts/policies/group_policy_shared_context.rb
...t/shared_contexts/policies/group_policy_shared_context.rb
+1
-0
No files found.
app/policies/group_policy.rb
View file @
c47cc5c2
...
...
@@ -185,7 +185,10 @@ class GroupPolicy < BasePolicy
rule
{
developer
&
developer_maintainer_access
}.
enable
:create_projects
rule
{
create_projects_disabled
}.
prevent
:create_projects
rule
{
owner
|
admin
}.
enable
:read_statistics
rule
{
owner
|
admin
}.
policy
do
enable
:owner_access
enable
:read_statistics
end
rule
{
maintainer
&
can?
(
:create_projects
)
}.
enable
:transfer_projects
...
...
app/policies/namespace_policy.rb
View file @
c47cc5c2
...
...
@@ -8,6 +8,7 @@ class NamespacePolicy < BasePolicy
condition
(
:owner
)
{
@subject
.
owner
==
@user
}
rule
{
owner
|
admin
}.
policy
do
enable
:owner_access
enable
:create_projects
enable
:admin_namespace
enable
:read_namespace
...
...
ee/app/policies/compliance_management/framework_policy.rb
0 → 100644
View file @
c47cc5c2
# frozen_string_literal: true
module
ComplianceManagement
class
FrameworkPolicy
<
BasePolicy
delegate
{
@subject
.
namespace
}
condition
(
:custom_compliance_frameworks_enabled
)
do
License
.
feature_available?
(
:custom_compliance_frameworks
)
end
rule
{
can?
(
:owner_access
)
&
custom_compliance_frameworks_enabled
}.
policy
do
enable
:manage_compliance_framework
end
end
end
ee/app/services/compliance_management/frameworks/destroy_service.rb
0 → 100644
View file @
c47cc5c2
# frozen_string_literal: true
module
ComplianceManagement
module
Frameworks
class
DestroyService
<
BaseService
attr_reader
:framework
,
:current_user
def
initialize
(
framework
:,
current_user
:)
@framework
=
framework
@current_user
=
current_user
end
def
execute
return
ServiceResponse
.
error
(
message:
_
(
'Not permitted to destroy framework'
))
unless
permitted?
framework
.
destroy
?
success
:
error
end
private
def
permitted?
can?
current_user
,
:manage_compliance_framework
,
framework
end
def
success
ServiceResponse
.
success
(
message:
_
(
'Framework successfully deleted'
))
end
def
error
ServiceResponse
.
error
(
message:
_
(
'Failed to create framework'
),
payload:
framework
.
errors
)
end
end
end
end
ee/spec/policies/compliance_management/framework_policy_spec.rb
0 → 100644
View file @
c47cc5c2
# frozen_string_literal: true
require
'spec_helper'
RSpec
.
describe
ComplianceManagement
::
FrameworkPolicy
do
let_it_be
(
:framework
)
{
create
(
:compliance_framework
)
}
let
(
:user
)
{
framework
.
namespace
.
owner
}
subject
{
described_class
.
new
(
user
,
framework
)
}
context
'feature is licensed'
do
before
do
stub_licensed_features
(
custom_compliance_frameworks:
true
)
end
context
'user is namespace owner'
do
it
{
is_expected
.
to
be_allowed
(
:manage_compliance_framework
)
}
end
context
'user is group owner'
do
let_it_be
(
:group
)
{
create
(
:group
)
}
let_it_be
(
:framework
)
{
create
(
:compliance_framework
,
namespace:
group
)
}
let_it_be
(
:user
)
{
create
(
:user
)
}
before
do
group
.
add_owner
(
user
)
end
it
{
is_expected
.
to
be_allowed
(
:manage_compliance_framework
)
}
end
context
'user is not namespace owner'
do
let
(
:user
)
{
build
(
:user
)
}
it
{
is_expected
.
to
be_disallowed
(
:manage_compliance_framework
)
}
end
context
'user is an admin'
,
:enable_admin_mode
do
let
(
:user
)
{
build
(
:admin
)
}
it
{
is_expected
.
to
be_allowed
(
:manage_compliance_framework
)
}
end
end
context
'feature is unlicensed'
do
before
do
stub_licensed_features
(
custom_compliance_frameworks:
false
)
end
it
{
is_expected
.
to
be_disallowed
(
:manage_compliance_framework
)
}
end
end
ee/spec/services/compliance_management/frameworks/destroy_service_spec.rb
0 → 100644
View file @
c47cc5c2
# frozen_string_literal: true
require
'spec_helper'
RSpec
.
describe
ComplianceManagement
::
Frameworks
::
DestroyService
do
let_it_be
(
:namespace
)
{
create
(
:namespace
)
}
let_it_be
(
:framework
)
{
create
(
:compliance_framework
,
namespace:
namespace
)
}
context
'when feature is disabled'
do
before
do
stub_licensed_features
(
custom_compliance_frameworks:
false
)
end
subject
{
described_class
.
new
(
framework:
framework
,
current_user:
namespace
.
owner
)
}
it
'does not destroy the compliance framework'
do
expect
{
subject
.
execute
}.
not_to
change
{
ComplianceManagement
::
Framework
.
count
}
end
it
'is unsuccessful'
do
expect
(
subject
.
execute
.
success?
).
to
be
false
end
end
context
'when feature is enabled'
do
before
do
stub_licensed_features
(
custom_compliance_frameworks:
true
)
end
context
'when current user is namespace owner'
do
subject
{
described_class
.
new
(
framework:
framework
,
current_user:
namespace
.
owner
)
}
it
'destroys the compliance framework'
do
expect
{
subject
.
execute
}.
to
change
{
ComplianceManagement
::
Framework
.
count
}.
by
(
-
1
)
end
it
'is successful'
do
expect
(
subject
.
execute
.
success?
).
to
be
true
end
end
context
'when current user is not the namespace owner'
do
subject
{
described_class
.
new
(
framework:
framework
,
current_user:
create
(
:user
))
}
it
'does not destroy the compliance framework'
do
expect
{
subject
.
execute
}.
not_to
change
{
ComplianceManagement
::
Framework
.
count
}
end
it
'is unsuccessful'
do
expect
(
subject
.
execute
.
success?
).
to
be
false
end
end
end
end
locale/gitlab.pot
View file @
c47cc5c2
...
...
@@ -12235,6 +12235,9 @@ msgstr ""
msgid "Found errors in your .gitlab-ci.yml:"
msgstr ""
msgid "Framework successfully deleted"
msgstr ""
msgid "Free Trial"
msgstr ""
...
...
@@ -18796,6 +18799,9 @@ msgstr ""
msgid "Not found."
msgstr ""
msgid "Not permitted to destroy framework"
msgstr ""
msgid "Not ready yet. Try again later."
msgstr ""
...
...
spec/policies/namespace_policy_spec.rb
View file @
c47cc5c2
...
...
@@ -8,7 +8,7 @@ RSpec.describe NamespacePolicy do
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:namespace
)
{
create
(
:namespace
,
owner:
owner
)
}
let
(
:owner_permissions
)
{
[
:create_projects
,
:admin_namespace
,
:read_namespace
,
:read_statistics
,
:transfer_projects
]
}
let
(
:owner_permissions
)
{
[
:
owner_access
,
:
create_projects
,
:admin_namespace
,
:read_namespace
,
:read_statistics
,
:transfer_projects
]
}
subject
{
described_class
.
new
(
current_user
,
namespace
)
}
...
...
spec/support/shared_contexts/policies/group_policy_shared_context.rb
View file @
c47cc5c2
...
...
@@ -30,6 +30,7 @@ RSpec.shared_context 'GroupPolicy context' do
let
(
:owner_permissions
)
do
[
:owner_access
,
:admin_group
,
:admin_namespace
,
:admin_group_member
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment