Allow auditor to view repository analytics

The auditor role should be able to view repository analytics of a group they are not a member of, as per our docs. Changelog: fixed EE: true

Allow auditor to view repository analytics
The auditor role should be able to view repository analytics of a group they are not a member of, as per our docs. Changelog: fixed EE: true
7de245e4 · Magdalena Frankiewicz · a8999822 · 7de245e4 · 7de245e4 · 7de245e4
Commit 7de245e4 authored Mar 31, 2022 by Magdalena Frankiewicz
3 changed files
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -174,6 +174,7 @@ module EE
      rule { auditor }.policy do
        enable :view_productivity_analytics
        enable :view_group_devops_adoption
+        enable :read_group_repository_analytics
      end
      rule { owner | admin }.policy do

--- a/ee/spec/controllers/groups/analytics/repository_analytics_controller_spec.rb
+++ b/ee/spec/controllers/groups/analytics/repository_analytics_controller_spec.rb
@@ -65,6 +65,12 @@ RSpec.describe Groups::Analytics::RepositoryAnalyticsController do
      end
      it { is_expected.to have_gitlab_http_status(:forbidden) }
+      context 'when the user is an auditor' do
+        let(:current_user) { create(:user, :auditor) }
+        it { is_expected.to have_gitlab_http_status(:success) }
+      end
    end
  end
 end
--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -309,6 +309,12 @@ RSpec.describe GroupPolicy do
      it { is_expected.to be_allowed(:read_group_repository_analytics) }
    end
+    context 'for auditor' do
+      let(:current_user) { auditor }
+      it { is_expected.to be_allowed(:read_group_repository_analytics) }
+    end
  end
  context 'when group repository analytics is not available' do