Commit d1c2f290 authored by Aishwarya Subramanian's avatar Aishwarya Subramanian

Added group policy for compliance frameworks

Updated FF checks at namespace level
parent daf53c85
......@@ -4,7 +4,7 @@ module ComplianceManagement
module ComplianceFramework
module GroupSettingsHelper
def show_compliance_frameworks?
License.feature_available?(:custom_compliance_frameworks) && Feature.enabled?(:ff_custom_compliance_frameworks)
current_user.can?(:admin_compliance_framework, @group)
end
def compliance_frameworks_list_data
......
......@@ -119,6 +119,11 @@ module EE
condition(:eligible_for_trial, scope: :subject) { @subject.eligible_for_trial? }
condition(:compliance_framework_available) do
@subject.feature_available?(:custom_compliance_frameworks) &&
::Feature.enabled?(:ff_custom_compliance_frameworks, @subject)
end
rule { public_group | logged_in_viewable }.policy do
enable :read_wiki
enable :download_wiki_code
......@@ -335,6 +340,8 @@ module EE
prevent :create_deploy_token
prevent :create_subgroup
end
rule { can?(:owner_access) & compliance_framework_available }.enable :admin_compliance_framework
end
override :lookup_access_level!
......
......@@ -81,7 +81,7 @@ module EE
framework_identifier = settings.delete(:framework)
if framework_identifier.blank?
settings.merge!(_destroy: true)
elsif ::Feature.enabled?(:ff_custom_compliance_frameworks)
elsif ::Feature.enabled?(:ff_custom_compliance_frameworks, project.namespace)
settings[:compliance_management_framework] = project.namespace.root_ancestor.compliance_management_frameworks.find(framework_identifier)
else
settings[:compliance_management_framework] = ComplianceManagement::Framework.find_or_create_legacy_default_framework(project, framework_identifier)
......
- user_has_edit_permissions = current_user.can?(:admin_compliance_framework, @project)
.row
.form-group.col-md-9.gl-mb-6
- if Feature.enabled?(:ff_custom_compliance_frameworks)
- if Feature.enabled?(:ff_custom_compliance_frameworks, @project.namespace)
- frameworks = @project.namespace.root_ancestor.compliance_management_frameworks
- if user_has_edit_permissions
= f.fields_for :compliance_framework_setting, ComplianceManagement::ComplianceFramework::ProjectSettings.new do |cf|
......
......@@ -3,19 +3,21 @@
require 'spec_helper'
RSpec.describe ComplianceManagement::ComplianceFramework::GroupSettingsHelper do
let_it_be(:group) { build(:group) }
let_it_be_with_refind(:group) { create(:group) }
let_it_be(:current_user) { build(:admin) }
before do
assign(:group, group)
allow(helper).to receive(:current_user) { current_user }
end
describe '#show_compliance_frameworks?' do
using RSpec::Parameterized::TableSyntax
where(:feature_flag_enabled, :license_feature_enabled, :result) do
true | true | true
false | true | false
true | false | false
true | true | true
false | true | false
true | false | false
false | false | false
end
......
......@@ -1427,5 +1427,34 @@ RSpec.describe GroupPolicy do
it { is_expected.to(allowed ? be_allowed(policy) : be_disallowed(policy)) }
end
end
describe ':admin_compliance_framework' do
using RSpec::Parameterized::TableSyntax
let(:policy) { :admin_compliance_framework }
where(:role, :licensed, :feature_flag, :allowed) do
:owner | true | true | true
:owner | true | false | false
:owner | false | true | false
:owner | false | false | false
:admin | true | true | true
:maintainer | true | true | false
:developer | true | true | false
:reporter | true | true | false
:guest | true | true | false
end
with_them do
let(:current_user) { public_send(role) }
before do
stub_licensed_features(custom_compliance_frameworks: licensed)
stub_feature_flags(ff_custom_compliance_frameworks: feature_flag)
end
it { is_expected.to(allowed ? be_allowed(policy) : be_disallowed(policy)) }
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment