Commit 4b2d3afd authored by Avielle Wolfe's avatar Avielle Wolfe

Refactor instance security dashboard permissions

* Refactor metaprogramming in SecurityDashboardPermissions to avoid
    needing to overwrite InstanceSecurityDashboard.name
* Rename InstancePolicy to InstanceSecurityDashboardPolicy

https://gitlab.com/gitlab-org/gitlab/issues/202521
parent f1dd8af7
...@@ -3,6 +3,12 @@ ...@@ -3,6 +3,12 @@
module SecurityDashboardsPermissions module SecurityDashboardsPermissions
extend ActiveSupport::Concern extend ActiveSupport::Concern
VULNERABLE_POLICIES = {
group: :read_group_security_dashboard,
instance_security_dashboard: :read_instance_security_dashboard,
project: :read_project_security_dashboard
}.freeze
included do included do
before_action :ensure_security_dashboard_feature_enabled! before_action :ensure_security_dashboard_feature_enabled!
before_action :authorize_read_security_dashboard! before_action :authorize_read_security_dashboard!
...@@ -19,6 +25,6 @@ module SecurityDashboardsPermissions ...@@ -19,6 +25,6 @@ module SecurityDashboardsPermissions
end end
def read_security_dashboard def read_security_dashboard
"read_#{vulnerable.class.name.underscore}_security_dashboard".to_sym VULNERABLE_POLICIES[vulnerable.class.name.underscore.to_sym]
end end
end end
...@@ -3,10 +3,6 @@ ...@@ -3,10 +3,6 @@
class InstanceSecurityDashboard class InstanceSecurityDashboard
extend ActiveModel::Naming extend ActiveModel::Naming
def self.name
'Instance'
end
def initialize(user, project_ids: []) def initialize(user, project_ids: [])
@project_ids = project_ids @project_ids = project_ids
@user = user @user = user
......
# frozen_string_literal: true # frozen_string_literal: true
class InstancePolicy < BasePolicy class InstanceSecurityDashboardPolicy < BasePolicy
rule { ~anonymous }.enable :read_instance_security_dashboard rule { ~anonymous }.enable :read_instance_security_dashboard
end end
...@@ -17,12 +17,6 @@ describe InstanceSecurityDashboard do ...@@ -17,12 +17,6 @@ describe InstanceSecurityDashboard do
subject { described_class.new(user, project_ids: project_ids) } subject { described_class.new(user, project_ids: project_ids) }
describe '.name' do
it 'is programmatically named Instance' do
expect(described_class.name).to eq('Instance')
end
end
describe '#all_pipelines' do describe '#all_pipelines' do
it 'returns pipelines for the projects with security reports' do it 'returns pipelines for the projects with security reports' do
expect(subject.all_pipelines).to contain_exactly(pipeline1) expect(subject.all_pipelines).to contain_exactly(pipeline1)
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
require 'spec_helper' require 'spec_helper'
describe InstancePolicy do describe InstanceSecurityDashboardPolicy do
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
let(:user) { create(:user) } let(:user) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment