Skip to content

G
gitlab-ce
Commit e9d10ce7 authored by Mayra Cabrera's avatar Mayra Cabrera
Browse files
Options

Merge branch 'rz_fix_api_statistics_permission' into 'master' 

Correct the permission according to docs

See merge request gitlab-org/gitlab!28657
parents 3db5b4f9 76c51f56
Hide whitespace changes
Inline Side-by-side
Showing with 25 additions and 21 deletions
app/policies/project_policy.rb
View file @ e9d10ce7
......@@ -316,6 +316,7 @@ class ProjectPolicy < BasePolicy
enable :update_deployment
enable :create_release
enable :update_release
enable :daily_statistics
enable :create_metrics_dashboard_annotation
enable :delete_metrics_dashboard_annotation
enable :update_metrics_dashboard_annotation
......@@ -358,7 +359,6 @@ class ProjectPolicy < BasePolicy
enable :create_environment_terminal
enable :destroy_release
enable :destroy_artifacts
enable :daily_statistics
enable :admin_operations
enable :read_deploy_token
enable :create_deploy_token
......
changelogs/unreleased/rz_fix_api_statistics_permission.yml 0 → 100644
View file @ e9d10ce7
---
title: Correct the permission according to docs
merge_request: 28657
author:
type: fixed
doc/user/permissions.md
View file @ e9d10ce7
......@@ -83,7 +83,7 @@ The following table depicts the various user permission levels in a project.
| See a container registry | | ✓ | ✓ | ✓ | ✓ |
| See environments | | ✓ | ✓ | ✓ | ✓ |
| See a list of merge requests | | ✓ | ✓ | ✓ | ✓ |
| View project statistics | | | ✓ | ✓ | ✓ |
| View project statistics | | | ✓ | ✓ | ✓ |
| View Error Tracking list | | ✓ | ✓ | ✓ | ✓ |
| Create new merge request | | ✓ | ✓ | ✓ | ✓ |
| View metrics dashboard annotations | | ✓ | ✓ | ✓ | ✓ |
......
spec/policies/project_policy_spec.rb
View file @ e9d10ce7
......@@ -42,7 +42,7 @@ describe ProjectPolicy do
admin_tag admin_milestone admin_merge_request update_merge_request create_commit_status
update_commit_status create_build update_build create_pipeline
update_pipeline create_merge_request_from create_wiki push_code
resolve_note create_container_image update_container_image destroy_container_image
resolve_note create_container_image update_container_image destroy_container_image daily_statistics
create_environment update_environment create_deployment update_deployment create_release update_release
create_metrics_dashboard_annotation delete_metrics_dashboard_annotation update_metrics_dashboard_annotation
]
......@@ -54,7 +54,7 @@ describe ProjectPolicy do
admin_snippet admin_project_member admin_note admin_wiki admin_project
admin_commit_status admin_build admin_container_image
admin_pipeline admin_environment admin_deployment destroy_release add_cluster
daily_statistics read_deploy_token create_deploy_token destroy_deploy_token
read_deploy_token create_deploy_token destroy_deploy_token
admin_terraform_state
]
end
......
spec/requests/api/project_statistics_spec.rb
View file @ e9d10ce7
......@@ -3,23 +3,23 @@
require 'spec_helper'
describe API::ProjectStatistics do
let(:maintainer) { create(:user) }
let(:public_project) { create(:project, :public) }
let_it_be(:developer) { create(:user) }
let_it_be(:public_project) { create(:project, :public) }
before do
public_project.add_maintainer(maintainer)
public_project.add_developer(developer)
end
describe 'GET /projects/:id/statistics' do
let!(:fetch_statistics1) { create(:project_daily_statistic, project: public_project, fetch_count: 30, date: 29.days.ago) }
let!(:fetch_statistics2) { create(:project_daily_statistic, project: public_project, fetch_count: 4, date: 3.days.ago) }
let!(:fetch_statistics3) { create(:project_daily_statistic, project: public_project, fetch_count: 3, date: 2.days.ago) }
let!(:fetch_statistics4) { create(:project_daily_statistic, project: public_project, fetch_count: 2, date: 1.day.ago) }
let!(:fetch_statistics5) { create(:project_daily_statistic, project: public_project, fetch_count: 1, date: Date.today) }
let!(:fetch_statistics_other_project) { create(:project_daily_statistic, project: create(:project), fetch_count: 29, date: 29.days.ago) }
let_it_be(:fetch_statistics1) { create(:project_daily_statistic, project: public_project, fetch_count: 30, date: 29.days.ago) }
let_it_be(:fetch_statistics2) { create(:project_daily_statistic, project: public_project, fetch_count: 4, date: 3.days.ago) }
let_it_be(:fetch_statistics3) { create(:project_daily_statistic, project: public_project, fetch_count: 3, date: 2.days.ago) }
let_it_be(:fetch_statistics4) { create(:project_daily_statistic, project: public_project, fetch_count: 2, date: 1.day.ago) }
let_it_be(:fetch_statistics5) { create(:project_daily_statistic, project: public_project, fetch_count: 1, date: Date.today) }
let_it_be(:fetch_statistics_other_project) { create(:project_daily_statistic, project: create(:project), fetch_count: 29, date: 29.days.ago) }
it 'returns the fetch statistics of the last 30 days' do
get api("/projects/#{public_project.id}/statistics", maintainer)
get api("/projects/#{public_project.id}/statistics", developer)
expect(response).to have_gitlab_http_status(:ok)
fetches = json_response['fetches']
......@@ -32,7 +32,7 @@ describe API::ProjectStatistics do
it 'excludes the fetch statistics older than 30 days' do
create(:project_daily_statistic, fetch_count: 31, project: public_project, date: 30.days.ago)
get api("/projects/#{public_project.id}/statistics", maintainer)
get api("/projects/#{public_project.id}/statistics", developer)
expect(response).to have_gitlab_http_status(:ok)
fetches = json_response['fetches']
......@@ -41,11 +41,11 @@ describe API::ProjectStatistics do
expect(fetches['days'].last).to eq({ 'count' => fetch_statistics1.fetch_count, 'date' => fetch_statistics1.date.to_s })
end
it 'responds with 403 when the user is not a maintainer of the repository' do
developer = create(:user)
public_project.add_developer(developer)
it 'responds with 403 when the user is not a developer of the repository' do
guest = create(:user)
public_project.add_guest(guest)
get api("/projects/#{public_project.id}/statistics", developer)
get api("/projects/#{public_project.id}/statistics", guest)
expect(response).to have_gitlab_http_status(:forbidden)
expect(json_response['message']).to eq('403 Forbidden')
......
spec/support/shared_contexts/policies/project_policy_shared_context.rb
View file @ e9d10ce7
......@@ -39,7 +39,7 @@ RSpec.shared_context 'ProjectPolicy context' do
update_pipeline create_merge_request_from create_wiki push_code
resolve_note create_container_image update_container_image
create_environment create_deployment update_deployment create_release update_release
update_environment
update_environment daily_statistics
]
end
......@@ -49,7 +49,6 @@ RSpec.shared_context 'ProjectPolicy context' do
admin_snippet admin_project_member admin_note admin_wiki admin_project
admin_commit_status admin_build admin_container_image
admin_pipeline admin_environment admin_deployment destroy_release add_cluster
daily_statistics
]
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7