Commit 9fb9481e authored by Stan Hu's avatar Stan Hu

Merge branch 'issue_320887' into 'master'

Rename issue boards permissions

See merge request gitlab-org/gitlab!55114
parents 7a5c1f0d 1cca0e9c
...@@ -35,7 +35,7 @@ module BoardsResponses ...@@ -35,7 +35,7 @@ module BoardsResponses
end end
def authorize_read_list def authorize_read_list
authorize_action_for!(board, :read_list) authorize_action_for!(board, :read_issue_board_list)
end end
def authorize_read_issue def authorize_read_issue
...@@ -54,7 +54,7 @@ module BoardsResponses ...@@ -54,7 +54,7 @@ module BoardsResponses
end end
def authorize_admin_list def authorize_admin_list
authorize_action_for!(board, :admin_list) authorize_action_for!(board, :admin_issue_board_list)
end end
def authorize_action_for!(resource, ability) def authorize_action_for!(resource, ability)
......
...@@ -80,7 +80,7 @@ module MultipleBoardsActions ...@@ -80,7 +80,7 @@ module MultipleBoardsActions
end end
def authorize_admin_board! def authorize_admin_board!
return render_404 unless can?(current_user, :admin_board, parent) return render_404 unless can?(current_user, :admin_issue_board, parent)
end end
def serializer def serializer
......
...@@ -44,6 +44,6 @@ class Groups::BoardsController < Groups::ApplicationController ...@@ -44,6 +44,6 @@ class Groups::BoardsController < Groups::ApplicationController
end end
def authorize_read_board! def authorize_read_board!
access_denied! unless can?(current_user, :read_board, group) access_denied! unless can?(current_user, :read_issue_board, group)
end end
end end
...@@ -45,6 +45,6 @@ class Projects::BoardsController < Projects::ApplicationController ...@@ -45,6 +45,6 @@ class Projects::BoardsController < Projects::ApplicationController
end end
def authorize_read_board! def authorize_read_board!
access_denied! unless can?(current_user, :read_board, project) access_denied! unless can?(current_user, :read_issue_board, project)
end end
end end
...@@ -14,7 +14,7 @@ module Mutations ...@@ -14,7 +14,7 @@ module Mutations
null: true, null: true,
description: 'The board after mutation.' description: 'The board after mutation.'
authorize :admin_board authorize :admin_issue_board
def resolve(args) def resolve(args)
board_parent = authorized_resource_parent_find!(args) board_parent = authorized_resource_parent_find!(args)
......
...@@ -14,7 +14,7 @@ module Mutations ...@@ -14,7 +14,7 @@ module Mutations
required: true, required: true,
description: 'The global ID of the board to destroy.' description: 'The global ID of the board to destroy.'
authorize :admin_board authorize :admin_issue_board
def resolve(id:) def resolve(id:)
board = authorized_find!(id: id) board = authorized_find!(id: id)
......
...@@ -83,7 +83,7 @@ module Mutations ...@@ -83,7 +83,7 @@ module Mutations
end end
def authorize_board!(board) def authorize_board!(board)
return if Ability.allowed?(current_user, :read_board, board.resource_parent) return if Ability.allowed?(current_user, :read_issue_board, board.resource_parent)
raise_resource_not_available_error! raise_resource_not_available_error!
end end
......
...@@ -15,7 +15,7 @@ module Mutations ...@@ -15,7 +15,7 @@ module Mutations
null: true, null: true,
description: 'Issue list in the issue board.' description: 'Issue list in the issue board.'
authorize :admin_list authorize :admin_issue_board_list
private private
......
...@@ -33,7 +33,7 @@ module Mutations ...@@ -33,7 +33,7 @@ module Mutations
def can_admin_list?(list) def can_admin_list?(list)
return false unless list.present? return false unless list.present?
Ability.allowed?(current_user, :admin_list, list.board) Ability.allowed?(current_user, :admin_issue_board_list, list.board)
end end
end end
end end
......
...@@ -44,7 +44,7 @@ module Mutations ...@@ -44,7 +44,7 @@ module Mutations
def can_read_list?(list) def can_read_list?(list)
return false unless list.present? return false unless list.present?
Ability.allowed?(current_user, :read_list, list.board) Ability.allowed?(current_user, :read_issue_board_list, list.board)
end end
end end
end end
......
...@@ -17,7 +17,7 @@ module Mutations ...@@ -17,7 +17,7 @@ module Mutations
null: true, null: true,
description: 'The board after mutation.' description: 'The board after mutation.'
authorize :admin_board authorize :admin_issue_board
def resolve(id:, **args) def resolve(id:, **args)
board = authorized_find!(id: id) board = authorized_find!(id: id)
......
...@@ -9,7 +9,7 @@ module Resolvers ...@@ -9,7 +9,7 @@ module Resolvers
type Types::BoardListType, null: true type Types::BoardListType, null: true
extras [:lookahead] extras [:lookahead]
authorize :read_list authorize :read_issue_board_list
argument :id, Types::GlobalIDType[List], argument :id, Types::GlobalIDType[List],
required: false, required: false,
......
...@@ -5,7 +5,7 @@ module Types ...@@ -5,7 +5,7 @@ module Types
graphql_name 'Board' graphql_name 'Board'
description 'Represents a project or group issue board' description 'Represents a project or group issue board'
accepts ::Board accepts ::Board
authorize :read_board authorize :read_issue_board
present_using BoardPresenter present_using BoardPresenter
......
...@@ -17,7 +17,7 @@ module ReadonlyAbilities ...@@ -17,7 +17,7 @@ module ReadonlyAbilities
READONLY_FEATURES = %i[ READONLY_FEATURES = %i[
issue issue
list issue_board_list
merge_request merge_request
label label
milestone milestone
......
...@@ -97,9 +97,9 @@ class GroupPolicy < BasePolicy ...@@ -97,9 +97,9 @@ class GroupPolicy < BasePolicy
rule { can?(:read_group) }.policy do rule { can?(:read_group) }.policy do
enable :read_milestone enable :read_milestone
enable :read_list enable :read_issue_board_list
enable :read_label enable :read_label
enable :read_board enable :read_issue_board
enable :read_group_member enable :read_group_member
enable :read_custom_emoji enable :read_custom_emoji
end end
...@@ -122,9 +122,9 @@ class GroupPolicy < BasePolicy ...@@ -122,9 +122,9 @@ class GroupPolicy < BasePolicy
rule { reporter }.policy do rule { reporter }.policy do
enable :reporter_access enable :reporter_access
enable :read_container_image enable :read_container_image
enable :admin_board enable :admin_issue_board
enable :admin_label enable :admin_label
enable :admin_list enable :admin_issue_board_list
enable :admin_issue enable :admin_issue
enable :read_metrics_dashboard_annotation enable :read_metrics_dashboard_annotation
enable :read_prometheus enable :read_prometheus
......
...@@ -204,8 +204,8 @@ class ProjectPolicy < BasePolicy ...@@ -204,8 +204,8 @@ class ProjectPolicy < BasePolicy
rule { can?(:guest_access) }.policy do rule { can?(:guest_access) }.policy do
enable :read_project enable :read_project
enable :create_merge_request_in enable :create_merge_request_in
enable :read_board enable :read_issue_board
enable :read_list enable :read_issue_board_list
enable :read_wiki enable :read_wiki
enable :read_issue enable :read_issue
enable :read_label enable :read_label
...@@ -231,7 +231,7 @@ class ProjectPolicy < BasePolicy ...@@ -231,7 +231,7 @@ class ProjectPolicy < BasePolicy
rule { guest & can?(:read_container_image) }.enable :build_read_container_image rule { guest & can?(:read_container_image) }.enable :build_read_container_image
rule { can?(:reporter_access) }.policy do rule { can?(:reporter_access) }.policy do
enable :admin_board enable :admin_issue_board
enable :download_code enable :download_code
enable :read_statistics enable :read_statistics
enable :download_wiki_code enable :download_wiki_code
...@@ -240,7 +240,7 @@ class ProjectPolicy < BasePolicy ...@@ -240,7 +240,7 @@ class ProjectPolicy < BasePolicy
enable :reopen_issue enable :reopen_issue
enable :admin_issue enable :admin_issue
enable :admin_label enable :admin_label
enable :admin_list enable :admin_issue_board_list
enable :admin_issue_link enable :admin_issue_link
enable :read_commit_status enable :read_commit_status
enable :read_build enable :read_build
...@@ -319,7 +319,7 @@ class ProjectPolicy < BasePolicy ...@@ -319,7 +319,7 @@ class ProjectPolicy < BasePolicy
rule { can?(:developer_access) }.policy do rule { can?(:developer_access) }.policy do
enable :create_package enable :create_package
enable :admin_board enable :admin_issue_board
enable :admin_merge_request enable :admin_merge_request
enable :admin_milestone enable :admin_milestone
enable :update_merge_request enable :update_merge_request
...@@ -369,7 +369,7 @@ class ProjectPolicy < BasePolicy ...@@ -369,7 +369,7 @@ class ProjectPolicy < BasePolicy
rule { can?(:maintainer_access) }.policy do rule { can?(:maintainer_access) }.policy do
enable :destroy_package enable :destroy_package
enable :admin_board enable :admin_issue_board
enable :push_to_delete_protected_branch enable :push_to_delete_protected_branch
enable :update_snippet enable :update_snippet
enable :admin_snippet enable :admin_snippet
...@@ -429,8 +429,8 @@ class ProjectPolicy < BasePolicy ...@@ -429,8 +429,8 @@ class ProjectPolicy < BasePolicy
rule { issues_disabled }.policy do rule { issues_disabled }.policy do
prevent(*create_read_update_admin_destroy(:issue)) prevent(*create_read_update_admin_destroy(:issue))
prevent(*create_read_update_admin_destroy(:board)) prevent(*create_read_update_admin_destroy(:issue_board))
prevent(*create_read_update_admin_destroy(:list)) prevent(*create_read_update_admin_destroy(:issue_board_list))
end end
rule { merge_requests_disabled | repository_disabled }.policy do rule { merge_requests_disabled | repository_disabled }.policy do
...@@ -507,8 +507,8 @@ class ProjectPolicy < BasePolicy ...@@ -507,8 +507,8 @@ class ProjectPolicy < BasePolicy
rule { can?(:public_access) }.policy do rule { can?(:public_access) }.policy do
enable :read_package enable :read_package
enable :read_project enable :read_project
enable :read_board enable :read_issue_board
enable :read_list enable :read_issue_board_list
enable :read_wiki enable :read_wiki
enable :read_label enable :read_label
enable :read_milestone enable :read_milestone
......
...@@ -47,11 +47,11 @@ module Boards ...@@ -47,11 +47,11 @@ module Boards
end end
def can_read?(list) def can_read?(list)
Ability.allowed?(current_user, :read_list, parent) Ability.allowed?(current_user, :read_issue_board_list, parent)
end end
def can_admin?(list) def can_admin?(list)
Ability.allowed?(current_user, :admin_list, parent) Ability.allowed?(current_user, :admin_issue_board_list, parent)
end end
end end
end end
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
- group = local_assigns.fetch(:group, false) - group = local_assigns.fetch(:group, false)
-# TODO: Move group_id and can_admin_list to the board store -# TODO: Move group_id and can_admin_list to the board store
See: https://gitlab.com/gitlab-org/gitlab/-/issues/213082 See: https://gitlab.com/gitlab-org/gitlab/-/issues/213082
- can_admin_list = can?(current_user, :admin_list, current_board_parent) == true - can_admin_list = can?(current_user, :admin_issue_board_list, current_board_parent) == true
- @no_breadcrumb_container = true - @no_breadcrumb_container = true
- @no_container = true - @no_container = true
- @content_class = "issue-boards-content js-focus-mode-board" - @content_class = "issue-boards-content js-focus-mode-board"
......
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
milestone_path: milestones_filter_path(milestone_filter_opts), milestone_path: milestones_filter_path(milestone_filter_opts),
board_base_url: board_base_url, board_base_url: board_base_url,
has_missing_boards: (!multiple_boards_available? && current_board_parent.boards.size > 1).to_s, has_missing_boards: (!multiple_boards_available? && current_board_parent.boards.size > 1).to_s,
can_admin_board: can?(current_user, :admin_board, parent).to_s, can_admin_board: can?(current_user, :admin_issue_board, parent).to_s,
multiple_issue_boards_available: parent.multiple_issue_boards_available?.to_s, multiple_issue_boards_available: parent.multiple_issue_boards_available?.to_s,
labels_path: labels_filter_path_with_defaults(only_group_labels: true, include_descendant_groups: true), labels_path: labels_filter_path_with_defaults(only_group_labels: true, include_descendant_groups: true),
labels_web_url: parent.is_a?(Project) ? project_labels_path(@project) : group_labels_path(@group), labels_web_url: parent.is_a?(Project) ? project_labels_path(@project) : group_labels_path(@group),
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
- placeholder = local_assigns[:placeholder] || _('Search or filter results...') - placeholder = local_assigns[:placeholder] || _('Search or filter results...')
- is_not_boards_modal_or_productivity_analytics = type != :boards_modal && type != :productivity_analytics - is_not_boards_modal_or_productivity_analytics = type != :boards_modal && type != :productivity_analytics
- block_css_class = is_not_boards_modal_or_productivity_analytics ? 'row-content-block second-block' : '' - block_css_class = is_not_boards_modal_or_productivity_analytics ? 'row-content-block second-block' : ''
- user_can_admin_list = board && can?(current_user, :admin_list, board.resource_parent) - user_can_admin_list = board && can?(current_user, :admin_issue_board_list, board.resource_parent)
.issues-filters{ class: ("w-100" if type == :boards_modal) } .issues-filters{ class: ("w-100" if type == :boards_modal) }
.issues-details-filters.filtered-search-block.d-flex.flex-column.flex-lg-row{ class: block_css_class, "v-pre" => type == :boards_modal } .issues-details-filters.filtered-search-block.d-flex.flex-column.flex-lg-row{ class: block_css_class, "v-pre" => type == :boards_modal }
...@@ -202,7 +202,7 @@ ...@@ -202,7 +202,7 @@
- else - else
= render 'shared/issuable/board_create_list_dropdown', board: board = render 'shared/issuable/board_create_list_dropdown', board: board
- if @project - if @project
#js-add-issues-btn{ data: { can_admin_list: can?(current_user, :admin_list, @project) } } #js-add-issues-btn{ data: { can_admin_list: can?(current_user, :admin_issue_board_list, @project) } }
#js-toggle-focus-btn #js-toggle-focus-btn
- elsif is_not_boards_modal_or_productivity_analytics && show_sorting_dropdown - elsif is_not_boards_modal_or_productivity_analytics && show_sorting_dropdown
= render 'shared/issuable/sort_dropdown' = render 'shared/issuable/sort_dropdown'
...@@ -69,7 +69,7 @@ module Mutations ...@@ -69,7 +69,7 @@ module Mutations
end end
def authorize_admin_rights! def authorize_admin_rights!
raise_resource_not_available_error! unless Ability.allowed?(current_user, :admin_list, board) raise_resource_not_available_error! unless Ability.allowed?(current_user, :admin_issue_board_list, board)
end end
def find_list_by_global_id(gid) def find_list_by_global_id(gid)
......
...@@ -25,7 +25,7 @@ module Mutations ...@@ -25,7 +25,7 @@ module Mutations
null: true, null: true,
description: 'User preferences for the epic in the board after mutation.' description: 'User preferences for the epic in the board after mutation.'
authorize :read_board authorize :read_issue_board
def resolve(board_id:, epic_id:, **args) def resolve(board_id:, epic_id:, **args)
board = authorized_find!(id: board_id) board = authorized_find!(id: board_id)
......
...@@ -144,7 +144,7 @@ module EE ...@@ -144,7 +144,7 @@ module EE
end end
rule { reporter }.policy do rule { reporter }.policy do
enable :admin_list enable :admin_issue_board_list
enable :view_productivity_analytics enable :view_productivity_analytics
enable :view_type_of_work_charts enable :view_type_of_work_charts
enable :read_group_timelogs enable :read_group_timelogs
...@@ -341,7 +341,7 @@ module EE ...@@ -341,7 +341,7 @@ module EE
prevent :admin_milestone prevent :admin_milestone
prevent :upload_file prevent :upload_file
prevent :admin_label prevent :admin_label
prevent :admin_list prevent :admin_issue_board_list
prevent :admin_issue prevent :admin_issue
prevent :admin_pipeline prevent :admin_pipeline
prevent :add_cluster prevent :add_cluster
......
...@@ -209,7 +209,7 @@ module EE ...@@ -209,7 +209,7 @@ module EE
rule { can?(:guest_access) & iterations_available }.enable :read_iteration rule { can?(:guest_access) & iterations_available }.enable :read_iteration
rule { can?(:reporter_access) }.policy do rule { can?(:reporter_access) }.policy do
enable :admin_board enable :admin_issue_board
enable :admin_epic_issue enable :admin_epic_issue
enable :read_group_timelogs enable :read_group_timelogs
end end
...@@ -217,7 +217,7 @@ module EE ...@@ -217,7 +217,7 @@ module EE
rule { oncall_schedules_available & can?(:reporter_access) }.enable :read_incident_management_oncall_schedule rule { oncall_schedules_available & can?(:reporter_access) }.enable :read_incident_management_oncall_schedule
rule { can?(:developer_access) }.policy do rule { can?(:developer_access) }.policy do
enable :admin_board enable :admin_issue_board
enable :read_vulnerability_feedback enable :read_vulnerability_feedback
enable :create_vulnerability_feedback enable :create_vulnerability_feedback
enable :destroy_vulnerability_feedback enable :destroy_vulnerability_feedback
......
...@@ -10,7 +10,7 @@ module EE ...@@ -10,7 +10,7 @@ module EE
].freeze ].freeze
READONLY_FEATURES_EE = %i[ READONLY_FEATURES_EE = %i[
board issue_board
issue_link issue_link
approvers approvers
vulnerability_feedback vulnerability_feedback
......
...@@ -34,7 +34,7 @@ module EE ...@@ -34,7 +34,7 @@ module EE
requires :name, type: String, desc: 'The board name' requires :name, type: String, desc: 'The board name'
end end
post '/' do post '/' do
authorize!(:admin_board, board_parent) authorize!(:admin_issue_board, board_parent)
create_board create_board
end end
...@@ -44,7 +44,7 @@ module EE ...@@ -44,7 +44,7 @@ module EE
success ::API::Entities::Board success ::API::Entities::Board
end end
delete '/:board_id' do delete '/:board_id' do
authorize!(:admin_board, board_parent) authorize!(:admin_issue_board, board_parent)
delete_board delete_board
end end
......
...@@ -106,7 +106,7 @@ RSpec.describe Projects::BoardsController do ...@@ -106,7 +106,7 @@ RSpec.describe Projects::BoardsController do
before do before do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :admin_board, project).and_return(false) allow(Ability).to receive(:allowed?).with(user, :admin_issue_board, project).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
...@@ -185,7 +185,7 @@ RSpec.describe Projects::BoardsController do ...@@ -185,7 +185,7 @@ RSpec.describe Projects::BoardsController do
before do before do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :admin_board, project).and_return(false) allow(Ability).to receive(:allowed?).with(user, :admin_issue_board, project).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
...@@ -235,7 +235,7 @@ RSpec.describe Projects::BoardsController do ...@@ -235,7 +235,7 @@ RSpec.describe Projects::BoardsController do
before do before do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :admin_board, project).and_return(false) allow(Ability).to receive(:allowed?).with(user, :admin_issue_board, project).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
......
...@@ -32,7 +32,7 @@ RSpec.describe Mutations::Boards::Update do ...@@ -32,7 +32,7 @@ RSpec.describe Mutations::Boards::Update do
subject { mutation.resolve(**mutation_params) } subject { mutation.resolve(**mutation_params) }
specify { expect(described_class).to require_graphql_authorizations(:admin_board) } specify { expect(described_class).to require_graphql_authorizations(:admin_issue_board) }
describe '#resolve' do describe '#resolve' do
context 'when the user cannot admin the board' do context 'when the user cannot admin the board' do
......
...@@ -1267,7 +1267,7 @@ RSpec.describe GroupPolicy do ...@@ -1267,7 +1267,7 @@ RSpec.describe GroupPolicy do
let(:current_user) { owner } let(:current_user) { owner }
let(:policies) do let(:policies) do
%i[create_projects create_epic update_epic admin_milestone upload_file admin_label %i[create_projects create_epic update_epic admin_milestone upload_file admin_label
admin_list admin_issue admin_pipeline add_cluster create_cluster update_cluster admin_issue_board_list admin_issue admin_pipeline add_cluster create_cluster update_cluster
admin_cluster admin_group_member create_deploy_token create_subgroup] admin_cluster admin_group_member create_deploy_token create_subgroup]
end end
......
...@@ -34,7 +34,7 @@ RSpec.describe ProjectPolicy do ...@@ -34,7 +34,7 @@ RSpec.describe ProjectPolicy do
let(:auditor_permissions) do let(:auditor_permissions) do
%i[ %i[
download_code download_wiki_code read_project read_board read_list download_code download_wiki_code read_project read_issue_board read_issue_board_list
read_project_for_iids read_issue_iid read_merge_request_iid read_wiki read_project_for_iids read_issue_iid read_merge_request_iid read_wiki
read_issue read_label read_issue_link read_milestone read_iteration read_issue read_label read_issue_link read_milestone read_iteration
read_snippet read_project_member read_note read_cycle_analytics read_snippet read_project_member read_note read_cycle_analytics
...@@ -190,7 +190,7 @@ RSpec.describe ProjectPolicy do ...@@ -190,7 +190,7 @@ RSpec.describe ProjectPolicy do
end end
it 'disables boards permissions' do it 'disables boards permissions' do
expect_disallowed :admin_board expect_disallowed :admin_issue_board
end end
end end
end end
...@@ -1641,7 +1641,8 @@ RSpec.describe ProjectPolicy do ...@@ -1641,7 +1641,8 @@ RSpec.describe ProjectPolicy do
# These are abilities that are not explicitly allowed by policies because most of them are not # These are abilities that are not explicitly allowed by policies because most of them are not
# real abilities. They are prevented due to the use of create_update_admin helper method. # real abilities. They are prevented due to the use of create_update_admin helper method.
let(:abilities_not_currently_enabled) do let(:abilities_not_currently_enabled) do
%i[create_merge_request create_list update_list create_label update_label create_milestone %i[create_merge_request create_issue_board_list create_issue_board update_issue_board
update_issue_board_list create_label update_label create_milestone
update_milestone update_wiki update_design admin_design update_note update_milestone update_wiki update_design admin_design update_note
update_pipeline_schedule admin_pipeline_schedule create_trigger update_trigger update_pipeline_schedule admin_pipeline_schedule create_trigger update_trigger
admin_trigger create_pages admin_release request_access create_board update_board admin_trigger create_pages admin_release request_access create_board update_board
......
...@@ -30,7 +30,7 @@ module API ...@@ -30,7 +30,7 @@ module API
use :pagination use :pagination
end end
get '/' do get '/' do
authorize!(:read_board, user_project) authorize!(:read_issue_board, user_project)
present paginate(board_parent.boards.with_associations), with: Entities::Board present paginate(board_parent.boards.with_associations), with: Entities::Board
end end
...@@ -39,7 +39,7 @@ module API ...@@ -39,7 +39,7 @@ module API
success Entities::Board success Entities::Board
end end
get '/:board_id' do get '/:board_id' do
authorize!(:read_board, user_project) authorize!(:read_issue_board, user_project)
present board, with: Entities::Board present board, with: Entities::Board
end end
...@@ -51,7 +51,7 @@ module API ...@@ -51,7 +51,7 @@ module API
requires :name, type: String, desc: 'The board name' requires :name, type: String, desc: 'The board name'
end end
post '/' do post '/' do
authorize!(:admin_board, board_parent) authorize!(:admin_issue_board, board_parent)
create_board create_board
end end
...@@ -64,7 +64,7 @@ module API ...@@ -64,7 +64,7 @@ module API
use :update_params use :update_params
end end
put '/:board_id' do put '/:board_id' do
authorize!(:admin_board, board_parent) authorize!(:admin_issue_board, board_parent)
update_board update_board
end end
...@@ -75,7 +75,7 @@ module API ...@@ -75,7 +75,7 @@ module API
end end
delete '/:board_id' do delete '/:board_id' do
authorize!(:admin_board, board_parent) authorize!(:admin_issue_board, board_parent)
delete_board delete_board
end end
...@@ -93,7 +93,7 @@ module API ...@@ -93,7 +93,7 @@ module API
use :pagination use :pagination
end end
get '/lists' do get '/lists' do
authorize!(:read_board, user_project) authorize!(:read_issue_board, user_project)
present paginate(board_lists), with: Entities::List present paginate(board_lists), with: Entities::List
end end
...@@ -105,7 +105,7 @@ module API ...@@ -105,7 +105,7 @@ module API
requires :list_id, type: Integer, desc: 'The ID of a list' requires :list_id, type: Integer, desc: 'The ID of a list'
end end
get '/lists/:list_id' do get '/lists/:list_id' do
authorize!(:read_board, user_project) authorize!(:read_issue_board, user_project)
present board_lists.find(params[:list_id]), with: Entities::List present board_lists.find(params[:list_id]), with: Entities::List
end end
...@@ -117,7 +117,7 @@ module API ...@@ -117,7 +117,7 @@ module API
use :list_creation_params use :list_creation_params
end end
post '/lists' do post '/lists' do
authorize!(:admin_list, user_project) authorize!(:admin_issue_board_list, user_project)
create_list create_list
end end
...@@ -133,7 +133,7 @@ module API ...@@ -133,7 +133,7 @@ module API
put '/lists/:list_id' do put '/lists/:list_id' do
list = board_lists.find(params[:list_id]) list = board_lists.find(params[:list_id])
authorize!(:admin_list, user_project) authorize!(:admin_issue_board_list, user_project)
move_list(list) move_list(list)
end end
...@@ -146,7 +146,7 @@ module API ...@@ -146,7 +146,7 @@ module API
requires :list_id, type: Integer, desc: 'The ID of a board list' requires :list_id, type: Integer, desc: 'The ID of a board list'
end end
delete "/lists/:list_id" do delete "/lists/:list_id" do
authorize!(:admin_list, user_project) authorize!(:admin_issue_board_list, user_project)
list = board_lists.find(params[:list_id]) list = board_lists.find(params[:list_id])
destroy_list(list) destroy_list(list)
......
...@@ -30,7 +30,7 @@ module API ...@@ -30,7 +30,7 @@ module API
use :pagination use :pagination
end end
get '/' do get '/' do
authorize!(:read_board, user_group) authorize!(:read_issue_board, user_group)
present paginate(board_parent.boards.with_associations), with: Entities::Board present paginate(board_parent.boards.with_associations), with: Entities::Board
end end
...@@ -39,7 +39,7 @@ module API ...@@ -39,7 +39,7 @@ module API
success Entities::Board success Entities::Board
end end
get '/:board_id' do get '/:board_id' do
authorize!(:read_board, user_group) authorize!(:read_issue_board, user_group)
present board, with: Entities::Board present board, with: Entities::Board
end end
...@@ -51,7 +51,7 @@ module API ...@@ -51,7 +51,7 @@ module API
use :update_params use :update_params
end end
put '/:board_id' do put '/:board_id' do
authorize!(:admin_board, board_parent) authorize!(:admin_issue_board, board_parent)
update_board update_board
end end
...@@ -69,7 +69,7 @@ module API ...@@ -69,7 +69,7 @@ module API
use :pagination use :pagination
end end
get '/lists' do get '/lists' do
authorize!(:read_board, user_group) authorize!(:read_issue_board, user_group)
present paginate(board_lists), with: Entities::List present paginate(board_lists), with: Entities::List
end end
...@@ -81,7 +81,7 @@ module API ...@@ -81,7 +81,7 @@ module API
requires :list_id, type: Integer, desc: 'The ID of a list' requires :list_id, type: Integer, desc: 'The ID of a list'
end end
get '/lists/:list_id' do get '/lists/:list_id' do
authorize!(:read_board, user_group) authorize!(:read_issue_board, user_group)
present board_lists.find(params[:list_id]), with: Entities::List present board_lists.find(params[:list_id]), with: Entities::List
end end
...@@ -93,7 +93,7 @@ module API ...@@ -93,7 +93,7 @@ module API
use :list_creation_params use :list_creation_params
end end
post '/lists' do post '/lists' do
authorize!(:admin_list, user_group) authorize!(:admin_issue_board_list, user_group)
create_list create_list
end end
...@@ -109,7 +109,7 @@ module API ...@@ -109,7 +109,7 @@ module API
put '/lists/:list_id' do put '/lists/:list_id' do
list = board_lists.find(params[:list_id]) list = board_lists.find(params[:list_id])
authorize!(:admin_list, user_group) authorize!(:admin_issue_board_list, user_group)
move_list(list) move_list(list)
end end
...@@ -122,7 +122,7 @@ module API ...@@ -122,7 +122,7 @@ module API
requires :list_id, type: Integer, desc: 'The ID of a board list' requires :list_id, type: Integer, desc: 'The ID of a board list'
end end
delete "/lists/:list_id" do delete "/lists/:list_id" do
authorize!(:admin_list, user_group) authorize!(:admin_issue_board_list, user_group)
list = board_lists.find(params[:list_id]) list = board_lists.find(params[:list_id])
destroy_list(list) destroy_list(list)
......
...@@ -29,7 +29,7 @@ RSpec.describe Groups::BoardsController do ...@@ -29,7 +29,7 @@ RSpec.describe Groups::BoardsController do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_board, group).and_return(false) allow(Ability).to receive(:allowed?).with(user, :read_issue_board, group).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
...@@ -74,7 +74,7 @@ RSpec.describe Groups::BoardsController do ...@@ -74,7 +74,7 @@ RSpec.describe Groups::BoardsController do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_board, group).and_return(false) allow(Ability).to receive(:allowed?).with(user, :read_issue_board, group).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
...@@ -111,7 +111,7 @@ RSpec.describe Groups::BoardsController do ...@@ -111,7 +111,7 @@ RSpec.describe Groups::BoardsController do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_board, group).and_return(false) allow(Ability).to receive(:allowed?).with(user, :read_issue_board, group).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
......
...@@ -34,7 +34,7 @@ RSpec.describe Projects::BoardsController do ...@@ -34,7 +34,7 @@ RSpec.describe Projects::BoardsController do
before do before do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false) allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
...@@ -78,7 +78,7 @@ RSpec.describe Projects::BoardsController do ...@@ -78,7 +78,7 @@ RSpec.describe Projects::BoardsController do
before do before do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false) allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
...@@ -134,7 +134,7 @@ RSpec.describe Projects::BoardsController do ...@@ -134,7 +134,7 @@ RSpec.describe Projects::BoardsController do
before do before do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false) allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
...@@ -172,7 +172,7 @@ RSpec.describe Projects::BoardsController do ...@@ -172,7 +172,7 @@ RSpec.describe Projects::BoardsController do
before do before do
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false) allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false)
end end
it 'returns a not found 404 response' do it 'returns a not found 404 response' do
......
...@@ -20,7 +20,7 @@ RSpec.describe Mutations::Boards::Update do ...@@ -20,7 +20,7 @@ RSpec.describe Mutations::Boards::Update do
subject { mutation.resolve(**mutation_params) } subject { mutation.resolve(**mutation_params) }
specify { expect(described_class).to require_graphql_authorizations(:admin_board) } specify { expect(described_class).to require_graphql_authorizations(:admin_issue_board) }
describe '#resolve' do describe '#resolve' do
context 'when the user cannot admin the board' do context 'when the user cannot admin the board' do
......
...@@ -5,7 +5,7 @@ require 'spec_helper' ...@@ -5,7 +5,7 @@ require 'spec_helper'
RSpec.describe GitlabSchema.types['Board'] do RSpec.describe GitlabSchema.types['Board'] do
specify { expect(described_class.graphql_name).to eq('Board') } specify { expect(described_class.graphql_name).to eq('Board') }
specify { expect(described_class).to require_graphql_authorizations(:read_board) } specify { expect(described_class).to require_graphql_authorizations(:read_issue_board) }
it 'has specific fields' do it 'has specific fields' do
expected_fields = %w[id name web_url web_path] expected_fields = %w[id name web_url web_path]
......
...@@ -1834,7 +1834,7 @@ RSpec.describe User do ...@@ -1834,7 +1834,7 @@ RSpec.describe User do
end end
describe '.instance_access_request_approvers_to_be_notified' do describe '.instance_access_request_approvers_to_be_notified' do
let_it_be(:admin_list) { create_list(:user, 12, :admin, :with_sign_ins) } let_it_be(:admin_issue_board_list) { create_list(:user, 12, :admin, :with_sign_ins) }
it 'returns up to the ten most recently active instance admins' do it 'returns up to the ten most recently active instance admins' do
active_admins_in_recent_sign_in_desc_order = User.admins.active.order_recent_sign_in.limit(10) active_admins_in_recent_sign_in_desc_order = User.admins.active.order_recent_sign_in.limit(10)
......
...@@ -64,8 +64,8 @@ RSpec.describe ProjectPolicy do ...@@ -64,8 +64,8 @@ RSpec.describe ProjectPolicy do
end end
it 'disables boards and lists permissions' do it 'disables boards and lists permissions' do
expect_disallowed :read_board, :create_board, :update_board expect_disallowed :read_issue_board, :create_board, :update_board
expect_disallowed :read_list, :create_list, :update_list, :admin_list expect_disallowed :read_issue_board_list, :create_list, :update_list, :admin_issue_board_list
end end
context 'when external tracker configured' do context 'when external tracker configured' do
......
...@@ -18,12 +18,12 @@ RSpec.shared_context 'GroupPolicy context' do ...@@ -18,12 +18,12 @@ RSpec.shared_context 'GroupPolicy context' do
] ]
end end
let(:read_group_permissions) { %i[read_label read_list read_milestone read_board] } let(:read_group_permissions) { %i[read_label read_issue_board_list read_milestone read_issue_board] }
let(:reporter_permissions) do let(:reporter_permissions) do
%i[ %i[
admin_label admin_label
admin_board admin_issue_board
read_container_image read_container_image
read_metrics_dashboard_annotation read_metrics_dashboard_annotation
read_prometheus read_prometheus
......
...@@ -16,8 +16,8 @@ RSpec.shared_context 'ProjectPolicy context' do ...@@ -16,8 +16,8 @@ RSpec.shared_context 'ProjectPolicy context' do
let(:base_guest_permissions) do let(:base_guest_permissions) do
%i[ %i[
award_emoji create_issue create_merge_request_in create_note award_emoji create_issue create_merge_request_in create_note
create_project read_board read_issue read_issue_iid read_issue_link create_project read_issue_board read_issue read_issue_iid read_issue_link
read_label read_list read_milestone read_note read_project read_label read_issue_board_list read_milestone read_note read_project
read_project_for_iids read_project_member read_release read_snippet read_project_for_iids read_project_member read_release read_snippet
read_wiki upload_file read_wiki upload_file
] ]
...@@ -25,7 +25,7 @@ RSpec.shared_context 'ProjectPolicy context' do ...@@ -25,7 +25,7 @@ RSpec.shared_context 'ProjectPolicy context' do
let(:base_reporter_permissions) do let(:base_reporter_permissions) do
%i[ %i[
admin_issue admin_issue_link admin_label admin_list create_snippet admin_issue admin_issue_link admin_label admin_issue_board_list create_snippet
download_code download_wiki_code fork_project metrics_dashboard download_code download_wiki_code fork_project metrics_dashboard
read_build read_commit_status read_confidential_issues read_build read_commit_status read_confidential_issues
read_container_image read_deployment read_environment read_merge_request read_container_image read_deployment read_environment read_merge_request
......
...@@ -25,7 +25,7 @@ RSpec.shared_examples 'group and project boards query' do ...@@ -25,7 +25,7 @@ RSpec.shared_examples 'group and project boards query' do
board = create(:board, resource_parent: board_parent, name: 'A') board = create(:board, resource_parent: board_parent, name: 'A')
allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_board, board).and_return(false) allow(Ability).to receive(:allowed?).with(user, :read_issue_board, board).and_return(false)
post_graphql(query, current_user: current_user) post_graphql(query, current_user: current_user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment