Merge branch 'tweak-group-policy' into 'master'

Convert group wikis into a licensed feature See merge request gitlab-org/gitlab!42219

Merge branch 'tweak-group-policy' into 'master'
Convert group wikis into a licensed feature See merge request gitlab-org/gitlab!42219
c6da83ef · Robert Speicher · f0985664 · 2c501b7f · c6da83ef · c6da83ef
Commit c6da83ef authored Sep 17, 2020 by Robert Speicher
4 changed files
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -10,19 +10,19 @@ module EE

      with_scope :subject
      condition(:ldap_synced) { @subject.ldap_synced? }
-      condition(:epics_available) { feature_available?(:epics) }
-      condition(:iterations_available) { feature_available?(:iterations) }
-      condition(:subepics_available) { feature_available?(:subepics) }
+      condition(:epics_available) { @subject.feature_available?(:epics) }
+      condition(:iterations_available) { @subject.feature_available?(:iterations) }
+      condition(:subepics_available) { @subject.feature_available?(:subepics) }
      condition(:contribution_analytics_available) do
-        feature_available?(:contribution_analytics)
+        @subject.feature_available?(:contribution_analytics)
      end

      condition(:cycle_analytics_available) do
-        feature_available?(:cycle_analytics_for_groups)
+        @subject.feature_available?(:cycle_analytics_for_groups)
      end

      condition(:group_merge_request_analytics_available) do
-        feature_available?(:group_merge_request_analytics)
+        @subject.feature_available?(:group_merge_request_analytics)
      end

      condition(:group_repository_analytics_available) do
@@ -30,7 +30,7 @@ module EE
      end

      condition(:group_activity_analytics_available) do
-        feature_available?(:group_activity_analytics) && ::Feature.enabled?(:group_activity_analytics, @subject, default_enabled: true)
+        @subject.feature_available?(:group_activity_analytics) && ::Feature.enabled?(:group_activity_analytics, @subject, type: :licensed, default_enabled: true)
      end

      condition(:can_owners_manage_ldap, scope: :global) do
@@ -46,11 +46,11 @@ module EE
      end

      condition(:security_dashboard_enabled) do
-        feature_available?(:security_dashboard)
+        @subject.feature_available?(:security_dashboard)
      end

      condition(:prevent_group_forking_available) do
-        feature_available?(:group_forking_protection)
+        @subject.feature_available?(:group_forking_protection)
      end

      condition(:needs_new_sso_session) do
@@ -62,11 +62,11 @@ module EE
      end

      condition(:dependency_proxy_available) do
-        feature_available?(:dependency_proxy)
+        @subject.feature_available?(:dependency_proxy)
      end

      condition(:cluster_deployments_available) do
-        feature_available?(:cluster_deployments)
+        @subject.feature_available?(:cluster_deployments)
      end

      condition(:group_saml_enabled) do
@@ -74,7 +74,7 @@ module EE
      end

      condition(:group_timelogs_available) do
-        feature_available?(:group_timelogs)
+        @subject.feature_available?(:group_timelogs)
      end

      with_scope :global
@@ -88,15 +88,15 @@ module EE
      end

      condition(:commit_committer_check_available) do
-        feature_available?(:commit_committer_check)
+        @subject.feature_available?(:commit_committer_check)
      end

      condition(:reject_unsigned_commits_available) do
-        feature_available?(:reject_unsigned_commits)
+        @subject.feature_available?(:reject_unsigned_commits)
      end

      condition(:push_rules_available) do
-        feature_available?(:push_rules)
+        @subject.feature_available?(:push_rules)
      end

      condition(:over_storage_limit, scope: :subject) { @subject.over_storage_limit? }
@@ -245,8 +245,10 @@ module EE
        prevent :update_default_branch_protection
      end

+      # TODO: Switch to `feature_enabled?` when we enable the feature flag by default
+      # https://gitlab.com/gitlab-org/gitlab/-/issues/207888
      desc "Group has wiki disabled"
-      condition(:wiki_disabled, score: 32) { !feature_available?(:group_wikis) }
+      condition(:wiki_disabled, score: 32) { !@subject.beta_feature_available?(:group_wikis) }

      rule { wiki_disabled }.policy do
        prevent(*create_read_update_admin_destroy(:wiki))
@@ -304,19 +306,6 @@ module EE
      super
    end

-    # TODO: Once we implement group-level feature toggles, see if we can refactor
-    # the shared logic in ProjectPolicy and GroupPolicy.
-    # https://gitlab.com/gitlab-org/gitlab/-/issues/208412
-    def feature_available?(feature)
-      if feature == :group_wikis
-        # TODO: Remove this special case when we remove the feature flag
-        # https://gitlab.com/gitlab-org/gitlab/-/issues/207888
-        ::Feature.enabled?(:group_wikis_feature_flag, subject) && subject.feature_available?(feature)
-      else
-        subject.feature_available?(feature)
-      end
-    end
-
    def ldap_lock_bypassable?
      return false unless ::Feature.enabled?(:ldap_settings_unlock_groups_by_owners)
      return false unless ::Gitlab::CurrentSettings.allow_group_owners_to_manage_ldap?

--- a/ee/config/feature_flags/development/group_wikis_feature_flag.yml
+++ b/ee/config/feature_flags/development/group_wikis_feature_flag.yml
 ---
-name: group_wikis_feature_flag
+name: group_wikis
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29176
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/207888
 group: group::knowledge
-type: development
-default_enabled: false
+type: licensed
+default_enabled: [false, true]
--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -1075,9 +1075,9 @@ RSpec.describe GroupPolicy do
    def set_access_level(access_level)
      case access_level
      when ProjectFeature::ENABLED
-        stub_feature_flags(group_wikis_feature_flag: true)
+        stub_feature_flags(group_wikis: true)
      when ProjectFeature::DISABLED
-        stub_feature_flags(group_wikis_feature_flag: false)
+        stub_feature_flags(group_wikis: false)
      when ProjectFeature::PRIVATE
        skip('Access level private is not supported yet for group wikis, see https://gitlab.com/gitlab-org/gitlab/-/issues/208412')
      end
@@ -1085,7 +1085,7 @@ RSpec.describe GroupPolicy do

    context 'when the feature flag is disabled on this group' do
      before do
-        stub_feature_flags(group_wikis_feature_flag: create(:group))
+        stub_feature_flags(group_wikis: create(:group))
      end

      it 'does not include the wiki permissions' do

--- a/spec/support/helpers/wiki_helpers.rb
+++ b/spec/support/helpers/wiki_helpers.rb
@@ -4,7 +4,7 @@ module WikiHelpers
  extend self

  def stub_group_wikis(enabled)
-    stub_feature_flags(group_wikis_feature_flag: enabled)
+    stub_feature_flags(group_wikis: enabled)
    stub_licensed_features(group_wikis: enabled)
  end