Reject anonymous users for read_operations_dashboard

Adjust global policy

Reject anonymous users for read_operations_dashboard
Adjust global policy
d9059c48 · Jason Goodman · Mayra Cabrera · d1472cf0 · d9059c48 · d9059c48
Commit d9059c48 authored Oct 21, 2019 by Jason Goodman Committed by Mayra Cabrera Oct 21, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 5 deletions

ee/app/policies/ee/global_policy.rb ee/app/policies/ee/global_policy.rb +1 -1

ee/spec/policies/global_policy_spec.rb ee/spec/policies/global_policy_spec.rb +12 -4

No files found.
--- a/ee/app/policies/ee/global_policy.rb
+++ b/ee/app/policies/ee/global_policy.rb
@@ -13,7 +13,7 @@ module EE
        License.feature_available?(:security_dashboard)
      end

-      rule { operations_dashboard_available }.enable :read_operations_dashboard
+      rule { ~anonymous & operations_dashboard_available }.enable :read_operations_dashboard
      rule { ~anonymous & security_dashboard_available }.enable :read_security_dashboard

      rule { admin }.policy do

--- a/ee/spec/policies/global_policy_spec.rb
+++ b/ee/spec/policies/global_policy_spec.rb
@@ -11,11 +11,19 @@ describe GlobalPolicy do
  subject { described_class.new(current_user, [user]) }

  describe 'reading operations dashboard' do
-    before do
-      stub_licensed_features(operations_dashboard: true)
-    end
+    context 'when licensed' do
+      before do
+        stub_licensed_features(operations_dashboard: true)
+      end

-    it { is_expected.to be_allowed(:read_operations_dashboard) }
+      it { is_expected.to be_allowed(:read_operations_dashboard) }
+
+      context 'and the user is not logged in' do
+        let(:current_user) { nil }
+
+        it { is_expected.not_to be_allowed(:read_operations_dashboard) }
+      end
+    end

    context 'when unlicensed' do
      before do