Move read_prometheus_alerts policy to CE

Contributes to migration of Prometheus alerts to Core

Move read_prometheus_alerts policy to CE
Contributes to migration of Prometheus alerts to Core
d16c5362 · Vitali Tatarintev · 438e0332 · d16c5362 · d16c5362 · d16c5362
Commit d16c5362 authored Mar 17, 2020 by Vitali Tatarintev
4 changed files
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -445,6 +445,8 @@ class ProjectPolicy < BasePolicy
    (can?(:read_project_for_iids) & issues_visible_to_user) | can?(:read_issue)
  end.enable :read_issue_iid

+  rule { can?(:maintainer_access) }.enable :read_prometheus_alerts
+
  rule do
    (~guest & can?(:read_project_for_iids) & merge_requests_visible_to_user) | can?(:read_merge_request)
  end.enable :read_merge_request_iid

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -90,10 +90,6 @@ module EE
        @subject.feature_available?(:security_dashboard)
      end

-      condition(:prometheus_alerts_enabled) do
-        @subject.feature_available?(:prometheus_alerts, @user)
-      end
-
      with_scope :subject
      condition(:license_scanning_enabled) do
        @subject.feature_available?(:license_scanning) || @subject.feature_available?(:license_management)
@@ -239,8 +235,6 @@ module EE

      rule { license_scanning_enabled & can?(:maintainer_access) }.enable :admin_software_license_policy

-      rule { prometheus_alerts_enabled & can?(:maintainer_access) }.enable :read_prometheus_alerts
-
      rule { auditor }.policy do
        enable :public_user_access
        prevent :request_access

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -963,66 +963,6 @@ describe ProjectPolicy do
    end
  end

-  describe 'read_prometheus_alerts' do
-    context 'with prometheus_alerts available' do
-      before do
-        stub_licensed_features(prometheus_alerts: true)
-      end
-
-      context 'with admin' do
-        let(:current_user) { admin }
-
-        it { is_expected.to be_allowed(:read_prometheus_alerts) }
-      end
-
-      context 'with owner' do
-        let(:current_user) { owner }
-
-        it { is_expected.to be_allowed(:read_prometheus_alerts) }
-      end
-
-      context 'with maintainer' do
-        let(:current_user) { maintainer }
-
-        it { is_expected.to be_allowed(:read_prometheus_alerts) }
-      end
-
-      context 'with developer' do
-        let(:current_user) { developer }
-
-        it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-      end
-
-      context 'with reporter' do
-        let(:current_user) { reporter }
-
-        it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-      end
-
-      context 'with guest' do
-        let(:current_user) { guest }
-
-        it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-      end
-
-      context 'with anonymous' do
-        let(:current_user) { nil }
-
-        it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-      end
-    end
-
-    context 'without prometheus_alerts available' do
-      before do
-        stub_licensed_features(prometheus_alerts: false)
-      end
-
-      let(:current_user) { admin }
-
-      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
-    end
-  end
-
  describe 'publish_status_page' do
    let(:anonymous) { nil }
    let(:feature) { :status_page }

--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -573,4 +573,50 @@ describe ProjectPolicy do
      it { is_expected.to be_allowed(:admin_issue) }
    end
  end
+
+  describe 'read_prometheus_alerts' do
+    subject { described_class.new(current_user, project) }
+
+    context 'with admin' do
+      let(:current_user) { admin }
+
+      it { is_expected.to be_allowed(:read_prometheus_alerts) }
+    end
+
+    context 'with owner' do
+      let(:current_user) { owner }
+
+      it { is_expected.to be_allowed(:read_prometheus_alerts) }
+    end
+
+    context 'with maintainer' do
+      let(:current_user) { maintainer }
+
+      it { is_expected.to be_allowed(:read_prometheus_alerts) }
+    end
+
+    context 'with developer' do
+      let(:current_user) { developer }
+
+      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
+    end
+
+    context 'with reporter' do
+      let(:current_user) { reporter }
+
+      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
+    end
+
+    context 'with guest' do
+      let(:current_user) { guest }
+
+      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
+    end
+
+    context 'with anonymous' do
+      let(:current_user) { nil }
+
+      it { is_expected.to be_disallowed(:read_prometheus_alerts) }
+    end
+  end
 end