Commit 550c4c51 authored by Nick Thomas's avatar Nick Thomas

Merge branch 'issue_222856' into 'master'

RUN AS-IF-FOSS: Downgrade support bot code to core

See merge request gitlab-org/gitlab!34883
parents d4103419 8b528426
...@@ -2414,6 +2414,11 @@ class Project < ApplicationRecord ...@@ -2414,6 +2414,11 @@ class Project < ApplicationRecord
super || build_metrics_setting super || build_metrics_setting
end end
def service_desk_enabled
false
end
alias_method :service_desk_enabled?, :service_desk_enabled
private private
def find_service(services, name) def find_service(services, name)
......
...@@ -656,6 +656,15 @@ class User < ApplicationRecord ...@@ -656,6 +656,15 @@ class User < ApplicationRecord
end end
end end
def support_bot
email_pattern = "support%s@#{Settings.gitlab.host}"
unique_internal(where(user_type: :support_bot), 'support-bot', email_pattern) do |u|
u.bio = 'The GitLab support bot used for Service Desk'
u.name = 'GitLab Support Bot'
end
end
# Return true if there is only single non-internal user in the deployment, # Return true if there is only single non-internal user in the deployment,
# ghost user is ignored. # ghost user is ignored.
def single_user? def single_user?
......
...@@ -21,6 +21,10 @@ class BasePolicy < DeclarativePolicy::Base ...@@ -21,6 +21,10 @@ class BasePolicy < DeclarativePolicy::Base
with_options scope: :user, score: 0 with_options scope: :user, score: 0
condition(:deactivated) { @user&.deactivated? } condition(:deactivated) { @user&.deactivated? }
desc "User is support bot"
with_options scope: :user, score: 0
condition(:support_bot) { @user&.support_bot? }
desc "User email is unconfirmed or user account is locked" desc "User email is unconfirmed or user account is locked"
with_options scope: :user, score: 0 with_options scope: :user, score: 0
condition(:inactive) do condition(:inactive) do
......
...@@ -45,6 +45,10 @@ module PolicyActor ...@@ -45,6 +45,10 @@ module PolicyActor
false false
end end
def support_bot?
false
end
def deactivated? def deactivated?
false false
end end
......
...@@ -123,6 +123,9 @@ class ProjectPolicy < BasePolicy ...@@ -123,6 +123,9 @@ class ProjectPolicy < BasePolicy
!@subject.design_management_enabled? !@subject.design_management_enabled?
end end
with_scope :subject
condition(:service_desk_enabled) { @subject.service_desk_enabled? }
# We aren't checking `:read_issue` or `:read_merge_request` in this case # We aren't checking `:read_issue` or `:read_merge_request` in this case
# because it could be possible for a user to see an issuable-iid # because it could be possible for a user to see an issuable-iid
# (`:read_issue_iid` or `:read_merge_request_iid`) but then wouldn't be # (`:read_issue_iid` or `:read_merge_request_iid`) but then wouldn't be
...@@ -578,6 +581,12 @@ class ProjectPolicy < BasePolicy ...@@ -578,6 +581,12 @@ class ProjectPolicy < BasePolicy
enable :read_build_report_results enable :read_build_report_results
end end
rule { support_bot }.enable :guest_access
rule { support_bot & ~service_desk_enabled }.policy do
prevent :create_note
prevent :read_project
end
private private
def team_member? def team_member?
...@@ -626,6 +635,7 @@ class ProjectPolicy < BasePolicy ...@@ -626,6 +635,7 @@ class ProjectPolicy < BasePolicy
def lookup_access_level! def lookup_access_level!
return ::Gitlab::Access::REPORTER if alert_bot? return ::Gitlab::Access::REPORTER if alert_bot?
return ::Gitlab::Access::REPORTER if support_bot? && service_desk_enabled?
# NOTE: max_member_access has its own cache # NOTE: max_member_access has its own cache
project.team.max_member_access(@user.id) project.team.max_member_access(@user.id)
......
...@@ -333,8 +333,9 @@ module EE ...@@ -333,8 +333,9 @@ module EE
feature_available?(:github_project_service_integration) feature_available?(:github_project_service_integration)
end end
override :service_desk_enabled
def service_desk_enabled def service_desk_enabled
::EE::Gitlab::ServiceDesk.enabled?(project: self) && super ::EE::Gitlab::ServiceDesk.enabled?(project: self) && self[:service_desk_enabled]
end end
alias_method :service_desk_enabled?, :service_desk_enabled alias_method :service_desk_enabled?, :service_desk_enabled
......
...@@ -95,15 +95,6 @@ module EE ...@@ -95,15 +95,6 @@ module EE
class_methods do class_methods do
extend ::Gitlab::Utils::Override extend ::Gitlab::Utils::Override
def support_bot
email_pattern = "support%s@#{Settings.gitlab.host}"
unique_internal(where(user_type: :support_bot), 'support-bot', email_pattern) do |u|
u.bio = 'The GitLab support bot used for Service Desk'
u.name = 'GitLab Support Bot'
end
end
def visual_review_bot def visual_review_bot
email_pattern = "visual_review%s@#{Settings.gitlab.host}" email_pattern = "visual_review%s@#{Settings.gitlab.host}"
......
...@@ -8,9 +8,6 @@ module EE ...@@ -8,9 +8,6 @@ module EE
with_scope :user with_scope :user
condition(:auditor, score: 0) { @user&.auditor? } condition(:auditor, score: 0) { @user&.auditor? }
with_scope :user
condition(:support_bot, score: 0) { @user&.support_bot? }
with_scope :user with_scope :user
condition(:visual_review_bot, score: 0) { @user&.visual_review_bot? } condition(:visual_review_bot, score: 0) { @user&.visual_review_bot? }
......
...@@ -6,10 +6,6 @@ module EE ...@@ -6,10 +6,6 @@ module EE
false false
end end
def support_bot?
false
end
def visual_review_bot? def visual_review_bot?
false false
end end
......
...@@ -18,9 +18,6 @@ module EE ...@@ -18,9 +18,6 @@ module EE
].freeze ].freeze
prepended do prepended do
with_scope :subject
condition(:service_desk_enabled) { @subject.service_desk_enabled? }
with_scope :subject with_scope :subject
condition(:related_issues_disabled) { !@subject.feature_available?(:related_issues) } condition(:related_issues_disabled) { !@subject.feature_available?(:related_issues) }
...@@ -205,12 +202,6 @@ module EE ...@@ -205,12 +202,6 @@ module EE
@subject.feature_available?(:group_timelogs) @subject.feature_available?(:group_timelogs)
end end
rule { support_bot }.enable :guest_access
rule { support_bot & ~service_desk_enabled }.policy do
prevent :create_note
prevent :read_project
end
rule { visual_review_bot }.policy do rule { visual_review_bot }.policy do
prevent :read_note prevent :read_note
enable :create_note enable :create_note
...@@ -440,7 +431,6 @@ module EE ...@@ -440,7 +431,6 @@ module EE
override :lookup_access_level! override :lookup_access_level!
def lookup_access_level! def lookup_access_level!
return ::Gitlab::Access::NO_ACCESS if needs_new_sso_session? return ::Gitlab::Access::NO_ACCESS if needs_new_sso_session?
return ::Gitlab::Access::REPORTER if support_bot? && service_desk_enabled?
return ::Gitlab::Access::NO_ACCESS if visual_review_bot? return ::Gitlab::Access::NO_ACCESS if visual_review_bot?
super super
......
...@@ -1060,7 +1060,6 @@ RSpec.describe User do ...@@ -1060,7 +1060,6 @@ RSpec.describe User do
where(:user_type, :expected_result) do where(:user_type, :expected_result) do
'service_user' | true 'service_user' | true
'support_bot' | false
'visual_review_bot' | false 'visual_review_bot' | false
end end
......
...@@ -1001,34 +1001,6 @@ RSpec.describe ProjectPolicy do ...@@ -1001,34 +1001,6 @@ RSpec.describe ProjectPolicy do
end end
end end
context 'support bot' do
let(:current_user) { User.support_bot }
context 'with service desk disabled' do
it { expect_allowed(:guest_access) }
it { expect_disallowed(:create_note, :read_project) }
end
context 'with service desk enabled' do
let(:project) { create(:project, :public, service_desk_enabled: true) }
before do
allow(::EE::Gitlab::ServiceDesk).to receive(:enabled?).and_return(true)
allow(::EE::Gitlab::ServiceDesk).to receive(:enabled?).with(project: project).and_return(true)
end
it { expect_allowed(:reporter_access, :create_note, :read_issue) }
context 'when issues are protected members only' do
before do
project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
end
it { expect_allowed(:reporter_access, :create_note, :read_issue) }
end
end
end
context 'visual review bot' do context 'visual review bot' do
let(:current_user) { User.visual_review_bot } let(:current_user) { User.visual_review_bot }
......
...@@ -4634,7 +4634,8 @@ describe User do ...@@ -4634,7 +4634,8 @@ describe User do
[ [
{ state: 'blocked' }, { state: 'blocked' },
{ user_type: :ghost }, { user_type: :ghost },
{ user_type: :alert_bot } { user_type: :alert_bot },
{ user_type: :support_bot }
] ]
end end
...@@ -4688,6 +4689,7 @@ describe User do ...@@ -4688,6 +4689,7 @@ describe User do
where(:user_type, :expected_result) do where(:user_type, :expected_result) do
'human' | true 'human' | true
'alert_bot' | false 'alert_bot' | false
'support_bot' | false
end end
with_them do with_them do
...@@ -4756,19 +4758,26 @@ describe User do ...@@ -4756,19 +4758,26 @@ describe User do
end end
end end
describe '#migration_bot' do context 'bot users' do
it 'creates the user if it does not exist' do shared_examples 'bot users' do |bot_type|
expect do it 'creates the user if it does not exist' do
described_class.migration_bot expect do
end.to change { User.where(user_type: :migration_bot).count }.by(1) described_class.public_send(bot_type)
end end.to change { User.where(user_type: bot_type).count }.by(1)
end
it 'does not create a new user if it already exists' do it 'does not create a new user if it already exists' do
described_class.migration_bot described_class.public_send(bot_type)
expect do expect do
described_class.migration_bot described_class.public_send(bot_type)
end.not_to change { User.count } end.not_to change { User.count }
end
end end
it_behaves_like 'bot users', :alert_bot
it_behaves_like 'bot users', :support_bot
it_behaves_like 'bot users', :migration_bot
it_behaves_like 'bot users', :ghost
end end
end end
...@@ -496,6 +496,33 @@ describe ProjectPolicy do ...@@ -496,6 +496,33 @@ describe ProjectPolicy do
end end
end end
context 'support bot' do
let(:current_user) { User.support_bot }
subject { described_class.new(current_user, project) }
context 'with service desk disabled' do
it { expect_allowed(:guest_access) }
it { expect_disallowed(:create_note, :read_project) }
end
context 'with service desk enabled' do
before do
allow(project).to receive(:service_desk_enabled?).and_return(true)
end
it { expect_allowed(:reporter_access, :create_note, :read_issue) }
context 'when issues are protected members only' do
before do
project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
end
it { expect_allowed(:reporter_access, :create_note, :read_issue) }
end
end
end
describe 'read_prometheus_alerts' do describe 'read_prometheus_alerts' do
subject { described_class.new(current_user, project) } subject { described_class.new(current_user, project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment