Add additional abilites to ProjectPolicy

To better authorize user actions related to metrics_user_starred_dashboard records we need to add dedicated abilities to project policy.

Add additional abilites to ProjectPolicy
To better authorize user actions related to metrics_user_starred_dashboard records we need to add dedicated abilities to project policy.
a3601446 · Mikolaj Wawrzyniak · baa0c3d7 · a3601446 · a3601446
Commit a3601446 authored May 08, 2020 by Mikolaj Wawrzyniak
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

app/policies/project_policy.rb app/policies/project_policy.rb +2 -0

spec/policies/project_policy_spec.rb spec/policies/project_policy_spec.rb +18 -0

No files found.
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -269,6 +269,8 @@ class ProjectPolicy < BasePolicy
    enable :read_prometheus
    enable :read_environment
    enable :read_deployment
+    enable :create_metrics_user_starred_dashboard
+    enable :read_metrics_user_starred_dashboard
  end

  rule { owner | admin | guest | group_member }.prevent :request_access

--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -501,6 +501,8 @@ describe ProjectPolicy do
          it { is_expected.to be_allowed(:metrics_dashboard) }
          it { is_expected.to be_allowed(:read_prometheus) }
          it { is_expected.to be_allowed(:read_deployment) }
+          it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) }
+          it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) }
        end

        context 'with guest' do
@@ -527,6 +529,8 @@ describe ProjectPolicy do
          it { is_expected.to be_allowed(:metrics_dashboard) }
          it { is_expected.to be_allowed(:read_prometheus) }
          it { is_expected.to be_allowed(:read_deployment) }
+          it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) }
+          it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) }
        end

        context 'with guest' do
@@ -535,6 +539,8 @@ describe ProjectPolicy do
          it { is_expected.to be_allowed(:metrics_dashboard) }
          it { is_expected.to be_allowed(:read_prometheus) }
          it { is_expected.to be_allowed(:read_deployment) }
+          it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) }
+          it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) }
        end

        context 'with anonymous' do
@@ -543,6 +549,8 @@ describe ProjectPolicy do
          it { is_expected.to be_allowed(:metrics_dashboard) }
          it { is_expected.to be_allowed(:read_prometheus) }
          it { is_expected.to be_allowed(:read_deployment) }
+          it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) }
+          it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) }
        end
      end
    end
@@ -557,6 +565,8 @@ describe ProjectPolicy do
          it { is_expected.to be_allowed(:metrics_dashboard) }
          it { is_expected.to be_allowed(:read_prometheus) }
          it { is_expected.to be_allowed(:read_deployment) }
+          it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) }
+          it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) }
        end

        context 'with guest' do
@@ -583,6 +593,8 @@ describe ProjectPolicy do
          it { is_expected.to be_allowed(:metrics_dashboard) }
          it { is_expected.to be_allowed(:read_prometheus) }
          it { is_expected.to be_allowed(:read_deployment) }
+          it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) }
+          it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) }
        end

        context 'with guest' do
@@ -591,6 +603,8 @@ describe ProjectPolicy do
          it { is_expected.to be_allowed(:metrics_dashboard) }
          it { is_expected.to be_allowed(:read_prometheus) }
          it { is_expected.to be_allowed(:read_deployment) }
+          it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) }
+          it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) }
        end

        context 'with anonymous' do
@@ -611,6 +625,8 @@ describe ProjectPolicy do
          it { is_expected.to be_allowed(:metrics_dashboard) }
          it { is_expected.to be_allowed(:read_prometheus) }
          it { is_expected.to be_allowed(:read_deployment) }
+          it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) }
+          it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) }
        end

        context 'with guest' do
@@ -633,6 +649,8 @@ describe ProjectPolicy do
          it { is_expected.to be_allowed(:metrics_dashboard) }
          it { is_expected.to be_allowed(:read_prometheus) }
          it { is_expected.to be_allowed(:read_deployment) }
+          it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) }
+          it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) }
        end

        context 'with guest' do