Merge branch 'sk/356366-rename-policy' into 'master'

Rename read policy for security orchestration policies See merge request gitlab-org/gitlab!83649

Merge branch 'sk/356366-rename-policy' into 'master'
Rename read policy for security orchestration policies See merge request gitlab-org/gitlab!83649
2fc4e258 · Mark Chao · 81ed078a · 1149c944 · 2fc4e258 · 2fc4e258
Commit 2fc4e258 authored Mar 28, 2022 by Mark Chao
9 changed files
--- a/ee/app/controllers/projects/security/policies_controller.rb
+++ b/ee/app/controllers/projects/security/policies_controller.rb
@@ -5,7 +5,7 @@ module Projects
    class PoliciesController < Projects::ApplicationController
      include SecurityAndCompliancePermissions

-      before_action :authorize_security_orchestration_policies!
+      before_action :authorize_read_security_orchestration_policies!
      before_action :validate_policy_configuration, only: :edit

      before_action do

--- a/ee/app/graphql/mutations/security_policy/commit_scan_execution_policy.rb
+++ b/ee/app/graphql/mutations/security_policy/commit_scan_execution_policy.rb
@@ -8,7 +8,7 @@ module Mutations

      include FindsProjectOrGroupForSecurityPolicies

-      authorize :security_orchestration_policies
+      authorize :read_security_orchestration_policies

      argument :full_path, GraphQL::Types::String,
               required: false,

--- a/ee/app/graphql/resolvers/concerns/resolves_orchestration_policy.rb
+++ b/ee/app/graphql/resolvers/concerns/resolves_orchestration_policy.rb
@@ -14,7 +14,7 @@ module ResolvesOrchestrationPolicy

    def authorize!
      Ability.allowed?(
-        context[:current_user], :security_orchestration_policies, policy_configuration.security_policy_management_project
+        context[:current_user], :read_security_orchestration_policies, policy_configuration.security_policy_management_project
      ) || raise_resource_not_available_error!
    end


--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -311,7 +311,7 @@ module EE
      end

      rule { security_orchestration_policies_enabled & can?(:developer_access) }.policy do
-        enable :security_orchestration_policies
+        enable :read_security_orchestration_policies
      end

      rule { security_dashboard_enabled & developer }.policy do

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -199,7 +199,7 @@ module EE
      rule { can?(:read_project) & iterations_available }.enable :read_iteration

      rule { security_orchestration_policies_enabled & can?(:developer_access) }.policy do
-        enable :security_orchestration_policies
+        enable :read_security_orchestration_policies
      end

      rule { security_orchestration_policies_enabled & can?(:owner_access) }.policy do

--- a/ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb
+++ b/ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb
@@ -145,7 +145,7 @@ module EE
          end

          def scan_policies_menu_item
-            unless can?(context.current_user, :security_orchestration_policies, context.project)
+            unless can?(context.current_user, :read_security_orchestration_policies, context.project)
              return ::Sidebars::NilMenuItem.new(item_id: :scan_policies)
            end


--- a/ee/lib/sidebars/groups/menus/security_compliance_menu.rb
+++ b/ee/lib/sidebars/groups/menus/security_compliance_menu.rb
@@ -125,7 +125,7 @@ module Sidebars

        def group_level_security_policies_available?
          Feature.enabled?(:group_level_security_policies, context.group, default_enabled: :yaml) &&
-                    can?(context.current_user, :security_orchestration_policies, context.group)
+                    can?(context.current_user, :read_security_orchestration_policies, context.group)
        end

        def audit_events_menu_item

--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -922,7 +922,7 @@ RSpec.describe GroupPolicy do
      with_them do
        let(:current_user) { public_send(role) }

-        it { is_expected.to be_allowed(:security_orchestration_policies) }
+        it { is_expected.to be_allowed(:read_security_orchestration_policies) }
      end
    end

@@ -932,7 +932,7 @@ RSpec.describe GroupPolicy do
      with_them do
        let(:current_user) { public_send(role) }

-        it { is_expected.to be_allowed(:security_orchestration_policies) }
+        it { is_expected.to be_allowed(:read_security_orchestration_policies) }
      end
    end
  end
@@ -1947,7 +1947,7 @@ RSpec.describe GroupPolicy do
        with_them do
          let(:current_user) { public_send(role) }

-          it { is_expected.to be_disallowed(:security_orchestration_policies) }
+          it { is_expected.to be_disallowed(:read_security_orchestration_policies) }
          it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
        end
      end
@@ -1958,7 +1958,7 @@ RSpec.describe GroupPolicy do
        with_them do
          let(:current_user) { public_send(role) }

-          it { is_expected.to be_disallowed(:security_orchestration_policies) }
+          it { is_expected.to be_disallowed(:read_security_orchestration_policies) }
          it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
        end
      end
@@ -1975,7 +1975,7 @@ RSpec.describe GroupPolicy do
        with_them do
          let(:current_user) { public_send(role) }

-          it { is_expected.to be_allowed(:security_orchestration_policies) }
+          it { is_expected.to be_allowed(:read_security_orchestration_policies) }
          it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
        end
      end
@@ -1986,7 +1986,7 @@ RSpec.describe GroupPolicy do
        with_them do
          let(:current_user) { public_send(role) }

-          it { is_expected.to be_allowed(:security_orchestration_policies) }
+          it { is_expected.to be_allowed(:read_security_orchestration_policies) }
          it { is_expected.to be_allowed(:update_security_orchestration_policy_project) }
        end
      end

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -779,7 +779,7 @@ RSpec.describe ProjectPolicy do
      with_them do
        let(:current_user) { public_send(role) }

-        it { is_expected.to be_allowed(:security_orchestration_policies) }
+        it { is_expected.to be_allowed(:read_security_orchestration_policies) }
        it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
      end
    end
@@ -790,7 +790,7 @@ RSpec.describe ProjectPolicy do
      with_them do
        let(:current_user) { public_send(role) }

-        it { is_expected.to be_allowed(:security_orchestration_policies) }
+        it { is_expected.to be_allowed(:read_security_orchestration_policies) }
        it { is_expected.to be_allowed(:update_security_orchestration_policy_project) }
      end
    end