Merge branch '202521-refactor-instance-policy' into 'master'

Refactor instance security dashboard permissions See merge request gitlab-org/gitlab!25565

Merge branch '202521-refactor-instance-policy' into 'master'
Refactor instance security dashboard permissions See merge request gitlab-org/gitlab!25565
d2dc72bd · Mayra Cabrera · d3042ab9 · 4b2d3afd · d2dc72bd · d2dc72bd
Commit d2dc72bd authored Feb 20, 2020 by Mayra Cabrera
5 changed files
--- a/ee/app/controllers/concerns/security_dashboards_permissions.rb
+++ b/ee/app/controllers/concerns/security_dashboards_permissions.rb
@@ -3,6 +3,12 @@
 module SecurityDashboardsPermissions
  extend ActiveSupport::Concern

+  VULNERABLE_POLICIES = {
+    group: :read_group_security_dashboard,
+    instance_security_dashboard: :read_instance_security_dashboard,
+    project: :read_project_security_dashboard
+  }.freeze
+
  included do
    before_action :ensure_security_dashboard_feature_enabled!
    before_action :authorize_read_security_dashboard!
@@ -19,6 +25,6 @@ module SecurityDashboardsPermissions
  end

  def read_security_dashboard
-    "read_#{vulnerable.class.name.underscore}_security_dashboard".to_sym
+    VULNERABLE_POLICIES[vulnerable.class.name.underscore.to_sym]
  end
 end
--- a/ee/app/models/instance_security_dashboard.rb
+++ b/ee/app/models/instance_security_dashboard.rb
@@ -3,10 +3,6 @@
 class InstanceSecurityDashboard
  extend ActiveModel::Naming

-  def self.name
-    'Instance'
-  end
-
  def initialize(user, project_ids: [])
    @project_ids = project_ids
    @user = user

--- a/ee/app/policies/instance_policy.rb
+++ b/ee/app/policies/instance_policy.rb
 # frozen_string_literal: true

-class InstancePolicy < BasePolicy
+class InstanceSecurityDashboardPolicy < BasePolicy
  rule { ~anonymous }.enable :read_instance_security_dashboard
 end
--- a/ee/spec/models/instance_security_dashboard_spec.rb
+++ b/ee/spec/models/instance_security_dashboard_spec.rb
@@ -17,12 +17,6 @@ describe InstanceSecurityDashboard do

  subject { described_class.new(user, project_ids: project_ids) }

-  describe '.name' do
-    it 'is programmatically named Instance' do
-      expect(described_class.name).to eq('Instance')
-    end
-  end
-
  describe '#all_pipelines' do
    it 'returns pipelines for the projects with security reports' do
      expect(subject.all_pipelines).to contain_exactly(pipeline1)

--- a/ee/spec/policies/instance_policy_spec.rb
+++ b/ee/spec/policies/instance_policy_spec.rb
@@ -2,7 +2,7 @@

 require 'spec_helper'

-describe InstancePolicy do
+describe InstanceSecurityDashboardPolicy do
  let(:current_user) { create(:user) }
  let(:user) { create(:user) }