Skip to content

G
gitlab-ce
Commit 0afc1625 authored by harsimarsandhu's avatar harsimarsandhu
Browse files
Options

Ensures audit events are visible to auditor 

Changelog: fixed
EE: true
parent 136f200c
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 133 additions and 98 deletions
ee/app/controllers/projects/audit_events_controller.rb
View file @ 0afc1625
......@@ -43,6 +43,8 @@ class Projects::AuditEventsController < Projects::ApplicationController
end
def filter_by_author(params)
can?(current_user, :admin_project, project) ? params : params.merge(author_id: current_user.id)
return params if can?(current_user, :admin_project, project) || current_user.auditor?
params.merge(author_id: current_user.id)
end
end
ee/app/policies/ee/project_policy.rb
View file @ 0afc1625
......@@ -276,6 +276,7 @@ module EE
enable :read_environment
enable :read_deployment
enable :read_pages
enable :read_project_audit_events
end
rule { ~security_and_compliance_disabled & auditor }.policy do
......
ee/spec/policies/project_policy_spec.rb
View file @ 0afc1625
......@@ -47,6 +47,7 @@ RSpec.describe ProjectPolicy do
read_software_license_policy
read_threat_monitoring read_merge_train
read_release
read_project_audit_events
]
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7