• Max Woolf's avatar
    Allow all users within a group to view all compliance frameworks · b7eb6ed7
    Max Woolf authored
    This fixes a bug where maintainers of a
    subgroup are unable to see a list of compliance
    frameworks belonging to the root group.
    
    We've split the :manage_compliance_framework policy in to two:
    
    * :manage_compliance_framework for owners of root groups
      to add/update/delete compliance frameworks.
    * :read_compliance_framework for _all_ users of
      a group namespace to allow them to read the details
      of a compliance framework.
    
    There's no reason to hide this information from users
    within a group as they will see the name, description,
    pipeline configuration through the UI anyway.
    
    Maintainers of subgroups that do not have owner access
    to the root namespace will now no longer see an error in the
    group settings page too.
    
    Also changes the FrameworkResolver GraphQL resolver
    to use :read_compliance_framework rather than
    :admin_compliance_framework
    
    EE: true
    Changelog: fixed
    b7eb6ed7
framework_policy.rb 999 Bytes