Onboarding project welcome viewing to be based on policy

12c1bd34 · Alper Akgun · Mayra Cabrera · aff5ebaf · 12c1bd34 · 12c1bd34
Commit 12c1bd34 authored Apr 29, 2021 by Alper Akgun Committed by Mayra Cabrera Apr 29, 2021
2 changed files
--- a/ee/app/controllers/ee/registrations/welcome_controller.rb
+++ b/ee/app/controllers/ee/registrations/welcome_controller.rb
@@ -3,33 +3,37 @@
 module EE
  module Registrations
    module WelcomeController
+      extend ActiveSupport::Concern
      extend ::Gitlab::Utils::Override
+      include ::Gitlab::Utils::StrongMemoize

      TRIAL_ONBOARDING_BOARD_NAME = 'GitLab onboarding'

-      def trial_getting_started
-        project = learn_gitlab_project
-        return access_denied! unless current_user.id == project.creator_id
+      prepended do
+        before_action :authorized_for_trial_onboarding!,
+                      only: [
+                        :trial_getting_started,
+                        :trial_onboarding_board
+                      ]
+      end

+      def trial_getting_started
        render locals: { learn_gitlab_project: learn_gitlab_project }
      end

+      def trial_onboarding_board
+        board = learn_gitlab_project.boards.find_by_name(TRIAL_ONBOARDING_BOARD_NAME)
+        path = board ? project_board_path(learn_gitlab_project, board) : project_boards_path(learn_gitlab_project)
+        redirect_to path
+      end
+
      def continuous_onboarding_getting_started
        project = ::Project.find(params[:project_id])
-        return access_denied! unless current_user.id == project.creator_id
+        return access_denied! unless can?(current_user, :owner_access, project)

        render locals: { project: project }
      end

-      def trial_onboarding_board
-        project = learn_gitlab_project
-        return access_denied! unless current_user.id == project.creator_id
-
-        board = project.boards.find_by_name(TRIAL_ONBOARDING_BOARD_NAME)
-        path = board ? project_board_path(project, board) : project_boards_path(project)
-        redirect_to path
-      end
-
      private

      override :update_params
@@ -58,8 +62,14 @@ module EE
          helpers.signup_onboarding_enabled?
      end

+      def authorized_for_trial_onboarding!
+        access_denied! unless can?(current_user, :owner_access, learn_gitlab_project)
+      end
+
      def learn_gitlab_project
-        ::Project.find(params[:learn_gitlab_project_id])
+        strong_memoize(:learn_gitlab_project) do
+          ::Project.find(params[:learn_gitlab_project_id])
+        end
      end
    end
  end

--- a/ee/spec/controllers/registrations/welcome_controller_spec.rb
+++ b/ee/spec/controllers/registrations/welcome_controller_spec.rb
@@ -4,10 +4,12 @@ require 'spec_helper'

 RSpec.describe Registrations::WelcomeController do
  let_it_be(:user) { create(:user) }
-  let_it_be(:another_user) { create(:user) }
-  let_it_be(:project) { create(:project, creator: user) }
+  let_it_be(:group) { create(:group) }
+  let_it_be(:project) { create(:project) }

  describe '#continuous_onboarding_getting_started' do
+    let_it_be(:project) { create(:project, group: group) }
+
    subject(:continuous_onboarding_getting_started) do
      get :continuous_onboarding_getting_started, params: { project_id: project.id }
    end
@@ -16,17 +18,19 @@ RSpec.describe Registrations::WelcomeController do
      it { is_expected.to redirect_to new_user_session_path }
    end

-    context 'with the creator user signed in' do
+    context 'with an owner user signed in' do
      before do
        sign_in(user)
+        project.group.add_owner(user)
      end

      it { is_expected.to render_template(:continuous_onboarding_getting_started) }
    end

-    context 'with any other user signed in except the creator' do
+    context 'with a non-owner user signed in' do
      before do
-        sign_in(another_user)
+        sign_in(user)
+        project.group.add_maintainer(user)
      end

      it { is_expected.to have_gitlab_http_status(:not_found) }
@@ -34,6 +38,8 @@ RSpec.describe Registrations::WelcomeController do
  end

  describe '#trial_getting_started' do
+    let_it_be(:project) { create(:project, group: group) }
+
    subject(:trial_getting_started) do
      get :trial_getting_started, params: { learn_gitlab_project_id: project.id }
    end
@@ -42,17 +48,19 @@ RSpec.describe Registrations::WelcomeController do
      it { is_expected.to redirect_to new_user_session_path }
    end

-    context 'with the creator user signed in' do
+    context 'with an owner user signed in' do
      before do
        sign_in(user)
+        project.group.add_owner(user)
      end

      it { is_expected.to render_template(:trial_getting_started) }
    end

-    context 'with any other user signed in except the creator' do
+    context 'with a non-owner user signed' do
      before do
-        sign_in(another_user)
+        sign_in(user)
+        project.group.add_maintainer(user)
      end

      it { is_expected.to have_gitlab_http_status(:not_found) }
@@ -60,6 +68,8 @@ RSpec.describe Registrations::WelcomeController do
  end

  describe '#trial_onboarding_board' do
+    let_it_be(:project) { create(:project, group: group) }
+
    subject(:trial_onboarding_board) do
      get :trial_onboarding_board, params: { learn_gitlab_project_id: project.id }
    end
@@ -68,17 +78,19 @@ RSpec.describe Registrations::WelcomeController do
      it { is_expected.to redirect_to new_user_session_path }
    end

-    context 'with any other user signed in except the creator' do
+    context 'with a non-owner user signin' do
      before do
-        sign_in(another_user)
+        sign_in(user)
+        project.group.add_maintainer(user)
      end

      it { is_expected.to have_gitlab_http_status(:not_found) }
    end

-    context 'with the creator user signed in' do
+    context 'with an owner user signs in' do
      before do
        sign_in(user)
+        project.group.add_owner(user)
      end

      context 'gitlab onboarding project is not imported yet' do