Disallow updating designs if issue locked or moved

https://gitlab.com/gitlab-org/gitlab/issues/13426#note_210926182

Disallow updating designs if issue locked or moved
https://gitlab.com/gitlab-org/gitlab/issues/13426#note_210926182
e33c3154 · Luke Duncalfe · ce942cd9 · e33c3154 · e33c3154 · e33c3154
Commit e33c3154 authored Oct 15, 2019 by Luke Duncalfe
4 changed files
--- a/changelogs/unreleased/13426-disable-design-mutation-abilities-when-issue-moved-or-locked.yml
+++ b/changelogs/unreleased/13426-disable-design-mutation-abilities-when-issue-moved-or-locked.yml
+---
+title: Make designs read-only if the issue has been moved, or if its discussion has been locked
+merge_request: 18551
+author:
+type: changed
--- a/doc/user/project/issues/design_management.md
+++ b/doc/user/project/issues/design_management.md
@@ -63,6 +63,9 @@ To upload design images, click the **Upload Designs** button and select images t
 Designs with the same filename as an existing uploaded design will create a new version
 of the design, and will replace the previous version.

+Designs cannot be added if the issue has been moved, or its
+[discussion is locked](../../discussions/#lock-discussions).
+
 ## Viewing designs

 Images on the Design Management page can be enlarged by clicking on them.

--- a/ee/app/policies/ee/issue_policy.rb
+++ b/ee/app/policies/ee/issue_policy.rb
@@ -4,11 +4,18 @@ module EE
  module IssuePolicy
    extend ActiveSupport::Concern
    prepended do
+      condition(:moved) { @subject.moved? }
+
      rule { ~can?(:read_issue) }.policy do
        prevent :read_design
        prevent :create_design
        prevent :destroy_design
      end
+
+      rule { locked | moved }.policy do
+        prevent :create_design
+        prevent :destroy_design
+      end
    end
  end
 end
--- a/ee/spec/policies/design_management/design_policy_spec.rb
+++ b/ee/spec/policies/design_management/design_policy_spec.rb
@@ -94,6 +94,11 @@ describe DesignManagement::DesignPolicy do
    end
  end

+  shared_examples_for "read-only design abilities" do
+    it { is_expected.to be_allowed(:read_design) }
+    it { is_expected.to be_disallowed(:create_design, :destroy_design) }
+  end
+
  context "when the feature flag is off" do
    before do
      stub_licensed_features(design_management: true)
@@ -164,6 +169,20 @@ describe DesignManagement::DesignPolicy do
      end
    end

+    context "when the issue is locked" do
+      let(:current_user) { owner }
+      let(:issue) { create(:issue, :locked, project: project) }
+
+      it_behaves_like "read-only design abilities"
+    end
+
+    context "when the issue has moved" do
+      let(:current_user) { owner }
+      let(:issue) { create(:issue, project: project, moved_to: create(:issue)) }
+
+      it_behaves_like "read-only design abilities"
+    end
+
    context "when the project is archived" do
      let(:current_user) { owner }

@@ -171,10 +190,7 @@ describe DesignManagement::DesignPolicy do
        project.update!(archived: true)
      end

-      it "only allows reading designs" do
-        expect(design_policy).to be_allowed(:read_design)
-        expect(design_policy).to be_disallowed(:create_design, :destroy_design)
-      end
+      it_behaves_like "read-only design abilities"
    end
  end
 end