Commit 1023f7c2 authored by Markus Koller's avatar Markus Koller

Merge branch 'issue_338706_add_read_usage_quota' into 'master'

Added read_usage_quotas ability to ProjectPolicy

See merge request gitlab-org/gitlab!82396
parents b8410b37 efcc97cc
# frozen_string_literal: true
class Projects::UsageQuotasController < Projects::ApplicationController
before_action :authorize_admin_project!
before_action :authorize_read_usage_quotas!
layout "project_settings"
......
......@@ -724,6 +724,10 @@ class ProjectPolicy < BasePolicy
enable :create_resource_access_tokens
end
rule { can?(:admin_project) }.policy do
enable :read_usage_quotas
end
rule { can?(:project_bot_access) }.policy do
prevent :create_resource_access_tokens
end
......
......@@ -4,17 +4,44 @@ require 'spec_helper'
RSpec.describe Projects::UsageQuotasController do
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, namespace: user.namespace) }
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, group: group) }
describe 'GET #index' do
render_views
it 'does not render search settings partial' do
subject { get(:index, params: { namespace_id: project.namespace, project_id: project }) }
before do
sign_in(user)
get(:index, params: { namespace_id: user.namespace, project_id: project })
end
context 'when user does not have read_usage_quotas permission' do
before do
project.add_developer(user)
end
it 'renders not_found' do
subject
expect(response).to render_template('errors/not_found')
expect(response).not_to render_template('shared/search_settings')
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when user has read_usage_quotas permission' do
before do
project.add_maintainer(user)
end
it 'renders index with 200 status code' do
subject
expect(response).to render_template('index')
expect(response).not_to render_template('shared/search_settings')
expect(response).to render_template('index')
expect(response).not_to render_template('shared/search_settings')
expect(response).to have_gitlab_http_status(:ok)
end
end
end
end
......@@ -309,6 +309,36 @@ RSpec.describe ProjectPolicy do
end
end
context 'reading usage quotas' do
%w(maintainer owner).each do |role|
context "with #{role}" do
let(:current_user) { send(role) }
it { is_expected.to be_allowed(:read_usage_quotas) }
end
end
%w(guest reporter developer anonymous).each do |role|
context "with #{role}" do
let(:current_user) { send(role) }
it { is_expected.to be_disallowed(:read_usage_quotas) }
end
end
context 'with an admin' do
let(:current_user) { admin }
context 'when admin mode is enabled', :enable_admin_mode do
it { expect_allowed(:read_usage_quotas) }
end
context 'when admin mode is disabled' do
it { expect_disallowed(:read_usage_quotas) }
end
end
end
it_behaves_like 'clusterable policies' do
let_it_be(:clusterable) { create(:project, :repository) }
let_it_be(:cluster) do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment