Revert Dependency Proxy permission

Revert Dependency Proxy read permission from requiring reporter group access to requiring guest root access. Changelog: changed

Revert Dependency Proxy permission
Revert Dependency Proxy read permission from requiring reporter group access to requiring guest root access. Changelog: changed
7dc1c46c · Steve Abrams · 304eb1d1 · 7dc1c46c · 7dc1c46c · 7dc1c46c
Commit 7dc1c46c authored Aug 06, 2021 by Steve Abrams
3 changed files
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -52,7 +52,7 @@ class GroupPolicy < BasePolicy

  condition(:dependency_proxy_access_allowed) do
    if Feature.enabled?(:dependency_proxy_for_private_groups, default_enabled: true)
-      access_level >= GroupMember::REPORTER || valid_dependency_proxy_deploy_token
+      access_level >= GroupMember::GUEST || valid_dependency_proxy_deploy_token
    else
      can?(:read_group)
    end

--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -301,7 +301,7 @@ The following table lists group permissions available for each role:
 | Create/edit/delete iterations                          |       |          | ✓         | ✓          | ✓     |
 | Create/edit/delete metrics dashboard annotations       |       |          | ✓         | ✓          | ✓     |
 | Enable/disable a dependency proxy                      |       |          | ✓         | ✓          | ✓     |
-| Pull a container image using the dependency proxy      |       | ✓        | ✓         | ✓          | ✓     |
+| Pull a container image using the dependency proxy      | ✓     | ✓        | ✓         | ✓          | ✓     |
 | Purge the dependency proxy for a group                 |       |          |           |            | ✓     |
 | Publish [packages](packages/index.md)                  |       |          | ✓         | ✓          | ✓     |
 | Use security dashboard **(ULTIMATE)**                  |       |          | ✓         | ✓          | ✓     |

--- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb
+++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb
@@ -185,7 +185,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do
        end

        before do
-          group.add_reporter(user)
+          group.add_guest(user)
        end

        it 'proxies status from the remote token request', :aggregate_failures do
@@ -206,7 +206,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do
        end

        before do
-          group.add_reporter(user)
+          group.add_guest(user)
        end

        it 'proxies status from the remote manifest request', :aggregate_failures do
@@ -219,7 +219,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do

      context 'a valid user' do
        before do
-          group.add_reporter(user)
+          group.add_guest(user)
        end

        it_behaves_like 'a successful manifest pull'
@@ -308,7 +308,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do
        end

        before do
-          group.add_reporter(user)
+          group.add_guest(user)
        end

        it 'proxies status from the remote blob request', :aggregate_failures do
@@ -321,7 +321,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do

      context 'a valid user' do
        before do
-          group.add_reporter(user)
+          group.add_guest(user)
        end

        it_behaves_like 'a successful blob pull'