Commit 42277bc5 authored by Robert Speicher's avatar Robert Speicher

Merge branch 'proposal-update-feedback-policy' into 'master'

Update ability to create MR from feedback

See merge request gitlab-org/gitlab!48388
parents 46ed494d 7415e2cc
...@@ -11,8 +11,7 @@ module Vulnerabilities ...@@ -11,8 +11,7 @@ module Vulnerabilities
rule { issue & ~can?(:create_issue) }.prevent :create_vulnerability_feedback rule { issue & ~can?(:create_issue) }.prevent :create_vulnerability_feedback
rule do rule do
merge_request & merge_request & ~can?(:create_merge_request_in)
(~can?(:create_merge_request_in) | ~can?(:create_merge_request_from))
end.prevent :create_vulnerability_feedback end.prevent :create_vulnerability_feedback
rule { ~dismissal }.prevent :destroy_vulnerability_feedback, :update_vulnerability_feedback rule { ~dismissal }.prevent :destroy_vulnerability_feedback, :update_vulnerability_feedback
......
...@@ -56,8 +56,8 @@ RSpec.describe Vulnerabilities::FeedbackPolicy do ...@@ -56,8 +56,8 @@ RSpec.describe Vulnerabilities::FeedbackPolicy do
end end
end end
context 'when user does not have permission to create merge_request from project' do context 'when user does not have developer permission' do
# guest can create merge request IN but not FROM # guest can create merge request IN
let(:guest) { create(:user) } let(:guest) { create(:user) }
subject { described_class.new(guest, vulnerability_feedback) } subject { described_class.new(guest, vulnerability_feedback) }
...@@ -68,7 +68,6 @@ RSpec.describe Vulnerabilities::FeedbackPolicy do ...@@ -68,7 +68,6 @@ RSpec.describe Vulnerabilities::FeedbackPolicy do
it 'does not allow to create merge request feedback' do it 'does not allow to create merge request feedback' do
is_expected.to be_allowed(:create_merge_request_in) is_expected.to be_allowed(:create_merge_request_in)
is_expected.to be_disallowed(:create_merge_request_from)
is_expected.to be_disallowed(:create_vulnerability_feedback) is_expected.to be_disallowed(:create_vulnerability_feedback)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment