Merge branch '14732-licenses-view-permissions' into 'master'

Add permission for License compliance view See merge request gitlab-org/gitlab!17481

Merge branch '14732-licenses-view-permissions' into 'master'
Add permission for License compliance view See merge request gitlab-org/gitlab!17481
c4a19ed7 · James Lopez · 5731c5b2 · aa6837cf · c4a19ed7 · c4a19ed7
Commit c4a19ed7 authored Sep 24, 2019 by James Lopez
3 changed files
--- a/ee/app/models/license.rb
+++ b/ee/app/models/license.rb
@@ -105,6 +105,7 @@ class License < ApplicationRecord
    group_ip_restriction
    incident_management
    insights
+    licenses_list
    license_management
    pod_logs
    prometheus_alerts

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -79,6 +79,11 @@ module EE
        @subject.feature_available?(:dependency_list)
      end

+      with_scope :subject
+      condition(:licenses_list_enabled) do
+        @subject.feature_available?(:licenses_list)
+      end
+
      with_scope :subject
      condition(:feature_flags_disabled) do
        !@subject.feature_available?(:feature_flags)
@@ -153,6 +158,8 @@ module EE

      rule { dependency_list_enabled & can?(:download_code) }.enable :read_dependencies

+      rule { licenses_list_enabled & can?(:read_software_license_policy) }.enable :read_licenses_list
+
      rule { repository_mirrors_enabled & ((mirror_available & can?(:admin_project)) | admin) }.enable :admin_mirror

      rule { deploy_board_disabled & ~is_development }.prevent :read_deploy_board

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -730,6 +730,64 @@ describe ProjectPolicy do
    end
  end

+  describe 'read_licenses_list' do
+    context 'when licenses list feature available' do
+      context 'when license management feature available' do
+        before do
+          stub_licensed_features(licenses_list: true, license_management: true)
+        end
+
+        context 'with public project' do
+          let(:current_user) { create(:user) }
+
+          context 'with public access to repository' do
+            it { is_expected.to be_allowed(:read_licenses_list) }
+          end
+        end
+
+        context 'with private project' do
+          let(:project) { create(:project, :private, namespace: owner.namespace) }
+
+          where(role: %w[admin owner maintainer developer reporter guest])
+
+          with_them do
+            let(:current_user) { public_send(role) }
+
+            it { is_expected.to be_allowed(:read_licenses_list) }
+          end
+
+          context 'with not member' do
+            let(:current_user) { create(:user) }
+
+            it { is_expected.to be_disallowed(:read_licenses_list) }
+          end
+
+          context 'with anonymous' do
+            let(:current_user) { nil }
+
+            it { is_expected.to be_disallowed(:read_licenses_list) }
+          end
+        end
+      end
+
+      context 'when license management feature in not available' do
+        let(:current_user) { admin }
+
+        before do
+          stub_licensed_features(licenses_list: true)
+        end
+
+        it { is_expected.to be_disallowed(:read_licenses_list) }
+      end
+    end
+
+    context 'when licenses list feature not available' do
+      let(:current_user) { admin }
+
+      it { is_expected.to be_disallowed(:read_licenses_list) }
+    end
+  end
+
  describe 'create_web_ide_terminal' do
    before do
      stub_licensed_features(web_ide_terminal: true)