Add authentication to Code Review analytics

Code Review is available for Starter+ license

Add authentication to Code Review analytics
Code Review is available for Starter+ license
daeb5e92 · Pavel Shutsin · aba37022 · daeb5e92 · daeb5e92 · daeb5e92
Commit daeb5e92 authored Jan 08, 2020 by Pavel Shutsin
5 changed files
--- a/ee/app/controllers/projects/analytics/code_reviews_controller.rb
+++ b/ee/app/controllers/projects/analytics/code_reviews_controller.rb
@@ -3,7 +3,7 @@
 module Projects
  module Analytics
    class CodeReviewsController < Projects::ApplicationController
-      before_action :check_code_review_analytics_available!
+      before_action :authorize_read_code_review_analytics!

      def index
      end

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -95,6 +95,11 @@ module EE
        !@subject.design_management_enabled?
      end

+      with_scope :subject
+      condition(:code_review_analytics_enabled) do
+        @subject.feature_available?(:code_review_analytics, @user)
+      end
+
      condition(:group_timelogs_available) do
        @subject.feature_available?(:group_timelogs)
      end
@@ -304,6 +309,8 @@ module EE
      end

      rule { build_service_proxy_enabled }.enable :build_service_proxy_enabled
+
+      rule { can?(:read_merge_request) & code_review_analytics_enabled }.enable :read_code_review_analytics
    end

    override :lookup_access_level!

--- a/ee/app/views/layouts/nav/sidebar/_project_analytics_link.html.haml
+++ b/ee/app/views/layouts/nav/sidebar/_project_analytics_link.html.haml
- if Feature.enabled?(:code_review_analytics) && @project.feature_available?(:code_review_analytics, current_user)
+- if Feature.enabled?(:code_review_analytics) && can?(current_user, :read_code_review_analytics, @project)
  - project_analytics_link = namespace_project_analytics_code_reviews_path(@project.namespace, @project)

  = nav_link controller: :code_review do

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -1188,4 +1188,41 @@ describe ProjectPolicy do

    it { is_expected.to be_disallowed(:read_group_timelogs) }
  end
+
+  describe ':read_code_review_analytics' do
+    let(:project) { create(:project, namespace: owner.namespace) }
+
+    using RSpec::Parameterized::TableSyntax
+
+    where(:role, :allowed) do
+      :guest | false
+      :reporter | true
+      :developer | true
+      :maintainer | true
+      :owner | true
+      :admin | true
+    end
+
+    with_them do
+      let(:current_user) { public_send(role) }
+
+      before do
+        stub_licensed_features(code_review_analytics: true)
+      end
+
+      it do
+        is_expected.to(allowed ? be_allowed(:read_code_review_analytics) : be_disallowed(:read_code_review_analytics))
+      end
+    end
+
+    context 'with code review analytics is not available in license' do
+      let(:current_user) { owner }
+
+      before do
+        stub_licensed_features(code_review_analytics: false)
+      end
+
+      it { is_expected.to be_disallowed(:read_code_review_analytics) }
+    end
+  end
 end
--- a/ee/spec/requests/projects/analytics/code_reviews_controller_spec.rb
+++ b/ee/spec/requests/projects/analytics/code_reviews_controller_spec.rb
@@ -7,23 +7,40 @@ describe Projects::Analytics::CodeReviewsController, type: :request do
  let(:project) { create(:project) }

  before do
-    project.add_guest(user)
    login_as user
    stub_feature_flags(code_review_analytics: true)
  end

  describe 'GET /*namespace_id/:project_id/analytics/code_reviews' do
-    context 'with code_review_analytics included in plan' do
-      it 'is success' do
-        get project_analytics_code_reviews_path(project)
+    context 'for reporter+' do
+      before do
+        project.add_reporter(user)
+      end
+
+      context 'with code_review_analytics included in plan' do
+        it 'is success' do
+          get project_analytics_code_reviews_path(project)
+
+          expect(response).to have_gitlab_http_status(200)
+        end
+      end
+
+      context 'without code_review_analytics in plan' do
+        before do
+          stub_licensed_features(code_review_analytics: false)
+        end
+
+        it 'is not found' do
+          get project_analytics_code_reviews_path(project)

-        expect(response).to have_gitlab_http_status(200)
+          expect(response).to have_gitlab_http_status(404)
+        end
      end
    end

-    context 'without code_review_analytics in plan' do
+    context 'for guests' do
      before do
-        stub_licensed_features(code_review_analytics: false)
+        project.add_guest(user)
      end

      it 'is not found' do