Remove un-used endpoint for embeddable Insights

A few months ago there was interest in enhancing the Insights feature to allow for these custom charts to be embedded in other contexts. As a first step toward that, an endpoint was introduced for these embeddable charts. However, it has been decided we have higher-priority features to pursue. So this removes that endpoint code, however we may choose to restore it in the future if we decide to pursue embeddable Insights in the future.

Remove un-used endpoint for embeddable Insights
A few months ago there was interest in enhancing the Insights feature to allow for these custom charts to be embedded in other contexts. As a first step toward that, an endpoint was introduced for these embeddable charts. However, it has been decided we have higher-priority features to pursue. So this removes that endpoint code, however we may choose to restore it in the future if we decide to pursue embeddable Insights in the future.
f80ef32f · Dan Jensen · Markus Koller · dbcc9838 · f80ef32f · f80ef32f
Commit f80ef32f authored Nov 18, 2020 by Dan Jensen Committed by Markus Koller Nov 18, 2020
12 changed files
--- a/ee/app/controllers/concerns/insights_actions.rb
+++ b/ee/app/controllers/concerns/insights_actions.rb
@@ -3,27 +3,6 @@
 module InsightsActions
  extend ActiveSupport::Concern
-  module Embeddable
-    extend ActiveSupport::Concern
-    included do
-      before_action do
-        push_frontend_feature_flag(:embed_analytics_report, insights_entity)
-      end
-    end
-    def embedded
-      response.set_header('X-Frame-Options', 'SAMEORIGIN')
-      return render_404 unless Feature.enabled?(:embed_analytics_report, insights_entity)
-      return render_404 unless can?(current_user, :view_embedded_analytics_report, insights_entity)
-      render :embedded, layout: false
-    end
-  end
-  include Embeddable
  included do
    before_action :check_insights_available!
    before_action :validate_params, only: [:query]

--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -287,8 +287,6 @@ module EE
      rule { admin & is_gitlab_com }.enable :update_subscription_limit
-      rule { public_group }.enable :view_embedded_analytics_report
      rule { over_storage_limit }.policy do
        prevent :create_projects
        prevent :create_epic

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -349,8 +349,6 @@ module EE
      rule { status_page_available & can?(:owner_access) }.enable :mark_issue_for_publication
      rule { status_page_available & can?(:developer_access) }.enable :publish_status_page
-      rule { public_project }.enable :view_embedded_analytics_report
      rule { over_storage_limit }.policy do
        prevent(*readonly_abilities)

--- a/ee/app/views/groups/insights/embedded.html.haml
+++ b/ee/app/views/groups/insights/embedded.html.haml
- @no_container = true
-= render('shared/insights', endpoint: group_insights_path(@group, format: :json), query_endpoint: query_group_insights_path(@group))
--- a/ee/app/views/projects/insights/embedded.html.haml
+++ b/ee/app/views/projects/insights/embedded.html.haml
- @no_container = true
-= render('shared/insights', endpoint: namespace_project_insights_path(@project.namespace, @project, format: :json), query_endpoint: query_namespace_project_insights_path(@project.namespace, @project), notice: project_insights_config.notice_text)
--- a/ee/config/routes/group.rb
+++ b/ee/config/routes/group.rb
@@ -62,7 +62,6 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
    resource :insights, only: [:show], trailing_slash: true do
      collection do
        post :query
-        get :embedded
      end
    end

--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -132,7 +132,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
      resource :insights, only: [:show], trailing_slash: true do
        collection do
          post :query
-          get :embedded
        end
      end
      # All new routes should go under /-/ scope.

--- a/ee/spec/controllers/groups/insights_controller_spec.rb
+++ b/ee/spec/controllers/groups/insights_controller_spec.rb
@@ -145,47 +145,5 @@ RSpec.describe Groups::InsightsController do
        it_behaves_like '200 status'
      end
    end
-    describe 'GET #embedded' do
-      subject { get :embedded, params: params.merge(group_id: parent_group.to_param) }
-      shared_examples 'has iframe options set' do
-        it 'sets SAMEORIGIN frame option' do
-          subject
-          expect(response.headers['X-Frame-Options']).to eq 'SAMEORIGIN'
-        end
-      end
-      context 'when feature is disabled' do
-        before do
-          stub_feature_flags(embed_analytics_report: false)
-        end
-        it_behaves_like '404 status'
-        include_examples 'has iframe options set'
-      end
-      context 'when project is public' do
-        let_it_be(:parent_group) { create(:group, :public) }
-        let_it_be(:project) { create(:project, :public) }
-        it_behaves_like '200 status'
-        include_examples 'has iframe options set'
-      end
-      context 'when project is internal' do
-        let_it_be(:parent_group) { create(:group, :internal) }
-        let_it_be(:project) { create(:project, :internal) }
-        it_behaves_like '404 status'
-        include_examples 'has iframe options set'
-      end
-      context 'when project is private' do
-        it_behaves_like '404 status'
-        include_examples 'has iframe options set'
-      end
-    end
  end
 end
--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -1209,8 +1209,6 @@ RSpec.describe GroupPolicy do
  it_behaves_like 'update namespace limit policy'
-  include_examples 'analytics report embedding'
  context 'group access tokens' do
    it_behaves_like 'GitLab.com Core resource access tokens'

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -1380,8 +1380,6 @@ RSpec.describe ProjectPolicy do
    end
  end
-  include_examples 'analytics report embedding'
  context 'project access tokens' do
    it_behaves_like 'GitLab.com Core resource access tokens'

--- a/ee/spec/support/shared_examples/features/insights_shared_examples.rb
+++ b/ee/spec/support/shared_examples/features/insights_shared_examples.rb
@@ -76,24 +76,6 @@ RSpec.shared_examples 'Insights page' do
          expect(page).to have_gitlab_http_status(:not_found)
        end
      end
-      context 'when embeddable charts feature flag is turned on for insights configuration project' do
-        before do
-          stub_feature_flags(embed_analytics_report: false)
-        end
-        it 'returns enabled feature flag for enabled entity' do
-          stub_feature_flags(embed_analytics_report: entity)
-          visit route
-          expect(page).to have_pushed_frontend_feature_flags(embedAnalyticsReport: true)
-        end
-        it 'returns disabled feature flag for disabled entity' do
-          visit route
-          expect(page).to have_pushed_frontend_feature_flags(embedAnalyticsReport: false)
-        end
-      end
    end
    context 'without correct license' do

--- a/ee/spec/support/shared_examples/policies/analytics_report_embedding_shared_examples.rb
+++ b/ee/spec/support/shared_examples/policies/analytics_report_embedding_shared_examples.rb
-# frozen_string_literal: true
-RSpec.shared_examples 'analytics report embedding' do
-  let(:current_user) { nil }
-  context 'when subject is not public' do
-    before do
-      allow(subject.subject).to receive(:public?).and_return(false)
-    end
-    it { is_expected.to be_disallowed(:view_embedded_analytics_report) }
-  end
-  context 'when subject is public' do
-    before do
-      allow(subject.subject).to receive(:public?).and_return(true)
-    end
-    it { is_expected.to be_allowed(:view_embedded_analytics_report) }
-  end
-end