Skip to content

G
gitlab-ce
Commit 79110987 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC
Browse files
Options

Extend the group policy with `create_vulnerability_export` ability

parent 66f19537
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 10 deletions
ee/app/policies/ee/group_policy.rb
View file @ 79110987
...@@ -178,6 +178,8 @@ module EE ...@@ -178,6 +178,8 @@ module EE
rule { security_dashboard_enabled & developer }.enable :read_group_security_dashboard rule { security_dashboard_enabled & developer }.enable :read_group_security_dashboard
rule { can?(:read_group_security_dashboard) }.enable :create_vulnerability_export
rule { admin | owner }.policy do rule { admin | owner }.policy do
enable :read_group_compliance_dashboard enable :read_group_compliance_dashboard
enable :read_group_credentials_inventory enable :read_group_credentials_inventory
......
ee/spec/policies/group_policy_spec.rb
View file @ 79110987
...@@ -581,7 +581,9 @@ describe GroupPolicy do ...@@ -581,7 +581,9 @@ describe GroupPolicy do
end end
end end
describe 'read_group_security_dashboard' do describe 'read_group_security_dashboard & create_vulnerability_export' do
let(:abilities) { %i(read_group_security_dashboard create_vulnerability_export) }
before do before do
stub_licensed_features(security_dashboard: true) stub_licensed_features(security_dashboard: true)
end end
...@@ -589,57 +591,57 @@ describe GroupPolicy do ...@@ -589,57 +591,57 @@ describe GroupPolicy do
context 'with admin' do context 'with admin' do
let(:current_user) { admin } let(:current_user) { admin }
it { is_expected.to be_allowed(:read_group_security_dashboard) } it { is_expected.to be_allowed(*abilities) }
end end
context 'with owner' do context 'with owner' do
let(:current_user) { owner } let(:current_user) { owner }
it { is_expected.to be_allowed(:read_group_security_dashboard) } it { is_expected.to be_allowed(*abilities) }
end end
context 'with maintainer' do context 'with maintainer' do
let(:current_user) { maintainer } let(:current_user) { maintainer }
it { is_expected.to be_allowed(:read_group_security_dashboard) } it { is_expected.to be_allowed(*abilities) }
end end
context 'with developer' do context 'with developer' do
let(:current_user) { developer } let(:current_user) { developer }
it { is_expected.to be_allowed(:read_group_security_dashboard) } it { is_expected.to be_allowed(*abilities) }
context 'when security dashboard features is not available' do context 'when security dashboard features is not available' do
before do before do
stub_licensed_features(security_dashboard: false) stub_licensed_features(security_dashboard: false)
end end
it { is_expected.to be_disallowed(:read_group_security_dashboard) } it { is_expected.to be_disallowed(*abilities) }
end end
end end
context 'with reporter' do context 'with reporter' do
let(:current_user) { reporter } let(:current_user) { reporter }
it { is_expected.to be_disallowed(:read_group_security_dashboard) } it { is_expected.to be_disallowed(*abilities) }
end end
context 'with guest' do context 'with guest' do
let(:current_user) { guest } let(:current_user) { guest }
it { is_expected.to be_disallowed(:read_group_security_dashboard) } it { is_expected.to be_disallowed(*abilities) }
end end
context 'with non member' do context 'with non member' do
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
it { is_expected.to be_disallowed(:read_group_security_dashboard) } it { is_expected.to be_disallowed(*abilities) }
end end
context 'with anonymous' do context 'with anonymous' do
let(:current_user) { nil } let(:current_user) { nil }
it { is_expected.to be_disallowed(:read_group_security_dashboard) } it { is_expected.to be_disallowed(*abilities) }
end end
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7