Add specs and cleanup method

Add specs and clean method around metrics dashboard auth.

Add specs and cleanup method
Add specs and clean method around metrics dashboard auth.
6e657a34 · Ryan Cobb · Jose Vargas · a5d176ac · 6e657a34 · 6e657a34
Commit 6e657a34 authored Apr 16, 2020 by Ryan Cobb Committed by Jose Vargas Apr 28, 2020
4 changed files
--- a/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
+++ b/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
@@ -212,6 +212,7 @@ export default {
        this.buildsAccessLevel = Math.min(10, this.buildsAccessLevel);
        this.wikiAccessLevel = Math.min(10, this.wikiAccessLevel);
        this.snippetsAccessLevel = Math.min(10, this.snippetsAccessLevel);
+        this.metricsAccessLevel = Math.min(10, this.metricsAccessLevel);
        if (this.pagesAccessLevel === 20) {
          // When from Internal->Private narrow access for only members
          this.pagesAccessLevel = 10;
@@ -491,12 +492,12 @@ export default {
              class="form-control select-control"
            >
              <option
-                :value="visibilityOptions.INTERNAL"
+                :value="featureAccessLevelMembers[0]"
                :disabled="!visibilityAllowed(visibilityOptions.INTERNAL)"
                >{{ featureAccessLevelMembers[1] }}</option
              >
              <option
-                :value="visibilityOptions.PUBLIC"
+                :value="featureAccessLevelEveryone[0]"
                :disabled="!visibilityAllowed(visibilityOptions.PUBLIC)"
                >{{ featureAccessLevelEveryone[1] }}</option
              >

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2400,11 +2400,12 @@ class Project < ApplicationRecord
  end
  
  def metrics_dashboard_allowed?(user)
-    if (public? && metrics_dashboard_access_level >= 20) || feature_available?(:metrics_dashboard, user)
-      true
-    else
-      false
-    end
+    project_feature.metrics_dashboard_access_level = 10 if private? # private projects should never have an access level above private
+
+    return true if public? && metrics_dashboard_access_level >= 20
+    return false unless user
+
+    feature_available?(:metrics_dashboard, user) ? true : false
  end

  private

--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -255,7 +255,7 @@ class ProjectPolicy < BasePolicy
    enable :fork_project
  end

-  rule { metrics_dashboard_allowed }.policy do
+  rule { metrics_dashboard_allowed }.enable do
    enable :metrics_dashboard
    enable :read_prometheus
    enable :read_environment

--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -5944,6 +5944,145 @@ describe Project do
    end
  end

+  describe '#metrics_dashboard_allowed?' do
+    context 'project is public' do
+      let(:project) { create(:project, :public) }
+
+      context 'metrics_dashboard_access_level is set to private' do
+        before do
+          project.metrics_dashboard_access_level = 'private'
+        end
+
+        it 'does not allow anonymous access' do
+          user = nil
+
+          expect(project.metrics_dashboard_allowed?(user)).to be false
+        end
+
+        it 'allows logged in users' do
+          user = create(:user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be false
+        end
+
+        it 'allows project members' do
+          user = create(:user)
+          project.add_developer(user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be true
+        end
+      end
+
+      context 'metrics_dashboard_access_level is set to enabled' do
+        before do
+          project.metrics_dashboard_access_level = 'enabled'
+        end
+
+        it 'allows annoymous access' do
+          user = nil
+
+          expect(project.metrics_dashboard_allowed?(user)).to be true
+        end
+
+        it 'allows logged in users' do
+          user = create(:user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be true
+        end
+
+        it 'allows project members' do
+          user = create(:user)
+          project.add_developer(user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be true
+        end
+      end
+    end
+
+    context 'project is internal' do
+      let(:project) { create(:project, :internal) }
+
+      context 'metrics_dashboard_access_level is set to private' do
+        before do
+          project.metrics_dashboard_access_level = 'private'
+        end
+
+        it 'does not allow anonymous access' do
+          user = nil
+
+          expect(project.metrics_dashboard_allowed?(user)).to be false
+        end
+
+        it 'allows logged in users' do
+          user = create(:user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be false
+        end
+
+        it 'allows project members' do
+          user = create(:user)
+          project.add_developer(user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be true
+        end
+      end
+
+      context 'metrics_dashboard_access_level is set to enabled' do
+        before do
+          project.metrics_dashboard_access_level = 'enabled'
+        end
+
+        it 'does not allow anonymous access' do
+          user = nil
+
+          expect(project.metrics_dashboard_allowed?(user)).to be false
+        end
+
+        it 'allows logged in users' do
+          user = create(:user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be true
+        end
+
+        it 'allows project members' do
+          user = create(:user)
+          project.add_developer(user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be true
+        end
+      end
+    end
+
+    context 'project is private' do
+      let(:project) { create(:project, :private) }
+
+      context 'metrics_dashboard_access_level is set to private' do
+        before do
+          project.metrics_dashboard_access_level = 'private'
+        end
+
+        it 'does not allow anonymous access' do
+          user = nil
+
+          expect(project.metrics_dashboard_allowed?(user)).to be false
+        end
+
+        it 'does not allow logged in users' do
+          user = create(:user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be false
+        end
+
+        it 'allows project members' do
+          user = create(:user)
+          project.add_developer(user)
+
+          expect(project.metrics_dashboard_allowed?(user)).to be true
+        end
+      end
+    end
+  end
+
  def finish_job(export_job)
    export_job.start
    export_job.finish