Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4fa45342
Commit
4fa45342
authored
Mar 10, 2020
by
Jan Provaznik
Committed by
Nick Thomas
Mar 10, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add Requirement policy
A basic policy for working with Requirement resource
parent
57490a31
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
140 additions
and
0 deletions
+140
-0
ee/app/models/license.rb
ee/app/models/license.rb
+1
-0
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+13
-0
ee/app/policies/requirement_policy.rb
ee/app/policies/requirement_policy.rb
+5
-0
ee/spec/policies/project_policy_spec.rb
ee/spec/policies/project_policy_spec.rb
+4
-0
ee/spec/policies/requirement_policy_spec.rb
ee/spec/policies/requirement_policy_spec.rb
+23
-0
ee/spec/support/shared_examples/policies/requirement_policy_shared_examples.rb
...d_examples/policies/requirement_policy_shared_examples.rb
+94
-0
No files found.
ee/app/models/license.rb
View file @
4fa45342
...
@@ -125,6 +125,7 @@ class License < ApplicationRecord
...
@@ -125,6 +125,7 @@ class License < ApplicationRecord
prometheus_alerts
prometheus_alerts
pseudonymizer
pseudonymizer
report_approver_rules
report_approver_rules
requirements
sast
sast
security_dashboard
security_dashboard
status_page
status_page
...
...
ee/app/policies/ee/project_policy.rb
View file @
4fa45342
...
@@ -33,6 +33,9 @@ module EE
...
@@ -33,6 +33,9 @@ module EE
with_scope
:subject
with_scope
:subject
condition
(
:packages_disabled
)
{
!
@subject
.
packages_enabled
}
condition
(
:packages_disabled
)
{
!
@subject
.
packages_enabled
}
with_scope
:subject
condition
(
:requirements_available
)
{
@subject
.
feature_available?
(
:requirements
)
}
with_scope
:global
with_scope
:global
condition
(
:is_development
)
{
Rails
.
env
.
development?
}
condition
(
:is_development
)
{
Rails
.
env
.
development?
}
...
@@ -359,6 +362,16 @@ module EE
...
@@ -359,6 +362,16 @@ module EE
rule
{
build_service_proxy_enabled
}.
enable
:build_service_proxy_enabled
rule
{
build_service_proxy_enabled
}.
enable
:build_service_proxy_enabled
rule
{
can?
(
:read_merge_request
)
&
code_review_analytics_enabled
}.
enable
:read_code_review_analytics
rule
{
can?
(
:read_merge_request
)
&
code_review_analytics_enabled
}.
enable
:read_code_review_analytics
rule
{
can?
(
:read_project
)
&
requirements_available
}.
enable
:read_requirement
rule
{
requirements_available
&
reporter
}.
policy
do
enable
:create_requirement
enable
:admin_requirement
enable
:update_requirement
end
rule
{
requirements_available
&
owner
}.
enable
:destroy_requirement
end
end
override
:lookup_access_level!
override
:lookup_access_level!
...
...
ee/app/policies/requirement_policy.rb
0 → 100644
View file @
4fa45342
# frozen_string_literal: true
class
RequirementPolicy
<
BasePolicy
delegate
{
@subject
.
resource_parent
}
end
ee/spec/policies/project_policy_spec.rb
View file @
4fa45342
...
@@ -1397,4 +1397,8 @@ describe ProjectPolicy do
...
@@ -1397,4 +1397,8 @@ describe ProjectPolicy do
end
end
end
end
end
end
it_behaves_like
'resource with requirement permissions'
do
let
(
:resource
)
{
project
}
end
end
end
ee/spec/policies/requirement_policy_spec.rb
0 → 100644
View file @
4fa45342
# frozen_string_literal: true
require
'spec_helper'
describe
RequirementPolicy
do
let_it_be
(
:owner
)
{
create
(
:user
)
}
let_it_be
(
:admin
)
{
create
(
:admin
)
}
let_it_be
(
:reporter
)
{
create
(
:user
)
}
let_it_be
(
:developer
)
{
create
(
:user
)
}
let_it_be
(
:maintainer
)
{
create
(
:user
)
}
let_it_be
(
:guest
)
{
create
(
:user
)
}
let_it_be
(
:project
)
{
create
(
:project
,
:public
,
namespace:
owner
.
namespace
)
}
let_it_be
(
:resource
,
reload:
true
)
{
create
(
:requirement
,
project:
project
)
}
before
do
project
.
add_reporter
(
reporter
)
project
.
add_developer
(
developer
)
project
.
add_maintainer
(
maintainer
)
project
.
add_guest
(
guest
)
end
it_behaves_like
'resource with requirement permissions'
end
ee/spec/support/shared_examples/policies/requirement_policy_shared_examples.rb
0 → 100644
View file @
4fa45342
# frozen_string_literal: true
RSpec
.
shared_examples
'resource with requirement permissions'
do
let
(
:all_permissions
)
{
[
:read_requirement
,
:create_requirement
,
:admin_requirement
,
:update_requirement
,
:destroy_requirement
]
}
let
(
:manage_permissions
)
{
all_permissions
-
[
:destroy_requirement
]
}
let
(
:non_read_permissions
)
{
all_permissions
-
[
:read_requirement
]
}
subject
{
described_class
.
new
(
current_user
,
resource
)
}
shared_examples
'user with manage permissions'
do
it
{
is_expected
.
to
be_allowed
(
*
manage_permissions
)
}
it
{
is_expected
.
to
be_disallowed
(
:destroy_requirement
)
}
end
shared_examples
'user with read only permissions'
do
it
{
is_expected
.
to
be_allowed
(
:read_requirement
)
}
it
{
is_expected
.
to
be_disallowed
(
*
non_read_permissions
)
}
end
context
'when requirements feature is enabled'
do
before
do
stub_licensed_features
(
requirements:
true
)
end
context
'with admin'
do
let
(
:current_user
)
{
admin
}
it_behaves_like
'user with read only permissions'
end
context
'with owner'
do
let
(
:current_user
)
{
owner
}
it
{
is_expected
.
to
be_allowed
(
*
all_permissions
)
}
end
context
'with maintainer'
do
let
(
:current_user
)
{
maintainer
}
it_behaves_like
'user with manage permissions'
end
context
'with developer'
do
let
(
:current_user
)
{
developer
}
it_behaves_like
'user with manage permissions'
end
context
'with reporter'
do
let
(
:current_user
)
{
reporter
}
it_behaves_like
'user with manage permissions'
end
context
'with guest'
do
let
(
:current_user
)
{
guest
}
it_behaves_like
'user with read only permissions'
end
context
'with non member'
do
let
(
:current_user
)
{
create
(
:user
)
}
it_behaves_like
'user with read only permissions'
context
'with private resource parent'
do
before
do
parent
=
resource
.
is_a?
(
Project
)
?
resource
:
resource
.
resource_parent
parent
.
update!
(
visibility_level:
Gitlab
::
VisibilityLevel
::
PRIVATE
)
end
it
{
is_expected
.
to
be_disallowed
(
*
all_permissions
)
}
end
end
end
context
'when requirements feature is disabled'
do
before
do
stub_licensed_features
(
requirements:
false
)
end
context
'with owner'
do
let
(
:current_user
)
{
owner
}
it
{
is_expected
.
to
be_disallowed
(
*
all_permissions
)
}
end
context
'with admin'
do
let
(
:current_user
)
{
admin
}
it
{
is_expected
.
to
be_disallowed
(
*
all_permissions
)
}
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment