Commit 1e09a677 authored by Tetiana Chupryna's avatar Tetiana Chupryna Committed by Igor Drozdov

Add policy for auto_fix

Only Maintainer can modify it.
Expose it with Configuration json
parent 81d437ab
...@@ -12,7 +12,13 @@ module Projects ...@@ -12,7 +12,13 @@ module Projects
end end
def show def show
@configuration = ConfigurationPresenter.new(project) @configuration = ConfigurationPresenter.new(project, auto_fix_permission: auto_fix_permission)
end
private
def auto_fix_permission
can?(current_user, :modify_auto_fix_setting, project)
end end
end end
end end
......
...@@ -279,6 +279,7 @@ module EE ...@@ -279,6 +279,7 @@ module EE
enable :admin_feature_flags_client enable :admin_feature_flags_client
enable :modify_approvers_rules enable :modify_approvers_rules
enable :modify_approvers_list enable :modify_approvers_list
enable :modify_auto_fix_setting
enable :modify_merge_request_author_setting enable :modify_merge_request_author_setting
enable :modify_merge_request_committer_setting enable :modify_merge_request_committer_setting
end end
...@@ -331,6 +332,8 @@ module EE ...@@ -331,6 +332,8 @@ module EE
rule { ~admin & owner & owner_cannot_destroy_project }.prevent :remove_project rule { ~admin & owner & owner_cannot_destroy_project }.prevent :remove_project
rule { archived }.policy do rule { archived }.policy do
prevent :modify_auto_fix_setting
READONLY_FEATURES_WHEN_ARCHIVED.each do |feature| READONLY_FEATURES_WHEN_ARCHIVED.each do |feature|
prevent(*::ProjectPolicy.create_update_admin_destroy(feature)) prevent(*::ProjectPolicy.create_update_admin_destroy(feature))
end end
......
...@@ -52,7 +52,7 @@ module Projects ...@@ -52,7 +52,7 @@ module Projects
dependency_scanning: true, dependency_scanning: true,
container_scanning: true container_scanning: true
}.to_json, }.to_json,
can_toggle_auto_fix_settings: true, # To be replaced with the real value in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32783 can_toggle_auto_fix_settings: auto_fix_permission,
auto_fix_user_path: '/' # TODO: real link will be updated with https://gitlab.com/gitlab-org/gitlab/-/issues/215669 auto_fix_user_path: '/' # TODO: real link will be updated with https://gitlab.com/gitlab-org/gitlab/-/issues/215669
} }
end end
......
---
title: Add policy for auto_fix
merge_request: 32783
author:
type: added
...@@ -41,7 +41,9 @@ describe ProjectPolicy do ...@@ -41,7 +41,9 @@ describe ProjectPolicy do
admin_vulnerability_issue_link read_merge_train admin_vulnerability_issue_link read_merge_train
] ]
end end
let(:additional_maintainer_permissions) { %i[push_code_to_protected_branches admin_feature_flags_client] } let(:additional_maintainer_permissions) do
%i[push_code_to_protected_branches admin_feature_flags_client modify_auto_fix_setting]
end
let(:auditor_permissions) do let(:auditor_permissions) do
%i[ %i[
download_code download_wiki_code read_project read_board read_list download_code download_wiki_code read_project read_board read_list
......
...@@ -14,7 +14,7 @@ describe Projects::Security::ConfigurationPresenter do ...@@ -14,7 +14,7 @@ describe Projects::Security::ConfigurationPresenter do
end end
describe '#to_h' do describe '#to_h' do
subject { described_class.new(project).to_h } subject { described_class.new(project, auto_fix_permission: true).to_h }
it 'includes links to auto devops and secure product docs' do it 'includes links to auto devops and secure product docs' do
expect(subject[:auto_devops_help_page_path]).to eq(help_page_path('topics/autodevops/index')) expect(subject[:auto_devops_help_page_path]).to eq(help_page_path('topics/autodevops/index'))
...@@ -36,6 +36,10 @@ describe Projects::Security::ConfigurationPresenter do ...@@ -36,6 +36,10 @@ describe Projects::Security::ConfigurationPresenter do
expect(subject[:auto_devops_enabled]).to be_truthy expect(subject[:auto_devops_enabled]).to be_truthy
end end
it 'reports auto_fix permissions' do
expect(subject[:can_toggle_auto_fix_settings]).to be_truthy
end
it 'reports that all security jobs are configured' do it 'reports that all security jobs are configured' do
expect(Gitlab::Json.parse(subject[:features])).to contain_exactly( expect(Gitlab::Json.parse(subject[:features])).to contain_exactly(
security_scan(:dast, configured: true), security_scan(:dast, configured: true),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment