Limit audit events search to current user

This change allows searching for only audit events of current user, who has limited read access to audit events. These roles are: - For group: developer and maintainer role - For project: developer role The search filter will also be hidden from these roles since they can only see their own events.

Limit audit events search to current user
This change allows searching for only audit events of current user, who has limited read access to audit events. These roles are: - For group: developer and maintainer role - For project: developer role The search filter will also be hidden from these roles since they can only see their own events.
1099fa1d · Tan Le · 79b0e5dd · 1099fa1d · 1099fa1d · 1099fa1d
Commit 1099fa1d authored Dec 13, 2020 by Tan Le
7 changed files
--- a/ee/app/assets/javascripts/audit_events/components/audit_events_app.vue
+++ b/ee/app/assets/javascripts/audit_events/components/audit_events_app.vue
@@ -34,6 +34,11 @@ export default {
      required: false,
      default: '',
    },
+    showFilter: {
+      type: Boolean,
+      required: false,
+      default: true,
+    },
  },
  computed: {
    ...mapState(['filterValue', 'startDate', 'endDate', 'sortBy']),
@@ -62,6 +67,7 @@ export default {
      <div class="gl-display-flex gl-justify-content-space-between gl-flex-wrap">
        <div class="gl-mb-5 gl-w-full">
          <audit-events-filter
+            v-if="showFilter"
            :filter-token-options="filterTokenOptions"
            :value="filterValue"
            @selected="setFilterValue"

--- a/ee/app/assets/javascripts/audit_events/init_audit_events.js
+++ b/ee/app/assets/javascripts/audit_events/init_audit_events.js
@@ -7,7 +7,7 @@ import createStore from './store';

 export default selector => {
  const el = document.querySelector(selector);
-  const { events, isLastPage, filterTokenOptions, exportUrl } = el.dataset;
+  const { events, isLastPage, filterTokenOptions, exportUrl, showFilter = true } = el.dataset;

  const store = createStore();
  store.dispatch('initializeAuditEvents');
@@ -24,6 +24,7 @@ export default selector => {
            convertObjectPropsToCamelCase(filterTokenOption),
          ),
          exportUrl,
+          showFilter: parseBoolean(showFilter),
        },
      }),
  });

--- a/ee/app/helpers/audit_events_helper.rb
+++ b/ee/app/helpers/audit_events_helper.rb
@@ -41,4 +41,12 @@ module AuditEventsHelper
  def export_url
    admin_audit_log_reports_url(format: :csv)
  end
+
+  def show_filter_for_project?(project)
+    can?(current_user, :admin_project, project)
+  end
+
+  def show_filter_for_group?(group)
+    can?(current_user, :admin_group, group)
+  end
 end
--- a/ee/app/views/groups/audit_events/index.html.haml
+++ b/ee/app/views/groups/audit_events/index.html.haml
@@ -6,4 +6,5 @@
 #js-group-audit-events-app{ data: { form_path: group_audit_events_path(@group),
  events: @events.to_json,
  is_last_page: @is_last_page.to_json,
-  filter_token_options: group_audit_event_tokens(@group.id).to_json } }
+  filter_token_options: group_audit_event_tokens(@group.id).to_json,
+  show_filter: show_filter_for_group?(@group).to_json } }
--- a/ee/app/views/projects/audit_events/index.html.haml
+++ b/ee/app/views/projects/audit_events/index.html.haml
@@ -10,7 +10,8 @@
  #js-project-audit-events-app{ data: { form_path: project_audit_events_path(@project),
  events: @events.to_json,
  is_last_page: @is_last_page.to_json,
-  filter_token_options: project_audit_event_tokens(@project.full_path).to_json } }
+  filter_token_options: project_audit_event_tokens(@project.full_path).to_json,
+  show_filter: show_filter_for_project?(@project).to_json } }

 - elsif show_promotions?
  = render 'shared/promotions/promote_audit_events'
--- a/ee/spec/frontend/audit_events/components/audit_events_app_spec.js
+++ b/ee/spec/frontend/audit_events/components/audit_events_app_spec.js
@@ -30,6 +30,7 @@ describe('AuditEventsApp', () => {
        filterTokenOptions,
        events,
        exportUrl,
+        showFilter: true,
        ...props,
      },
      stubs: {
@@ -125,4 +126,14 @@ describe('AuditEventsApp', () => {
      expect(wrapper.find(AuditEventsExportButton).exists()).toBe(false);
    });
  });
+
+  describe('when the show filter flag is disabled', () => {
+    beforeEach(() => {
+      initComponent({ showFilter: false });
+    });
+
+    it('does not render the audit events filter', () => {
+      expect(wrapper.find(AuditEventsFilter).exists()).toBe(false);
+    });
+  });
 });
--- a/ee/spec/helpers/projects_helper_spec.rb
+++ b/ee/spec/helpers/projects_helper_spec.rb
@@ -312,26 +312,49 @@ RSpec.describe ProjectsHelper do
    subject { helper.top_level_link(project) }

    before do
-      allow(project).to receive(:feature_available?).and_return(false)
      allow(helper).to receive(:can?).and_return(false)
      allow(helper).to receive(:current_user).and_return(user)
    end

-    it 'shows security/dashboard path' do
-      allow(helper).to receive(:can?).with(user, :read_project_security_dashboard, project).and_return(true)
+    context 'when user can read project security dashboard and audit events' do
+      before do
+        allow(helper).to receive(:can?).with(user, :read_project_security_dashboard, project).and_return(true)
+        allow(helper).to receive(:can?).with(user, :read_project_audit_events, project).and_return(true)
+      end

-      is_expected.to eq("/#{project.full_path}/-/security/dashboard")
+      it { is_expected.to eq("/#{project.full_path}/-/security/dashboard") }
    end

-    it 'shows audit_events path' do
-      allow(helper).to receive(:can?).with(user, :read_project_audit_events, project).and_return(true)
-      allow(project).to receive(:feature_available?).with(:audit_events).and_return(true)
+    context 'when user can read audit events' do
+      before do
+        allow(helper).to receive(:can?).with(user, :read_project_security_dashboard, project).and_return(false)
+        allow(helper).to receive(:can?).with(user, :read_project_audit_events, project).and_return(true)
+      end
+
+      context 'when the feature is enabled' do
+        before do
+          stub_licensed_features(audit_events: true)
+        end
+
+        it { is_expected.to eq("/#{project.full_path}/-/audit_events") }
+      end
+
+      context 'when the feature is disabled' do
+        before do
+          stub_licensed_features(audit_events: false)
+        end

-      is_expected.to eq("/#{project.full_path}/-/audit_events")
+        it { is_expected.to eq("/#{project.full_path}/-/dependencies") }
+      end
    end

-    it 'shows dependencies path' do
-      is_expected.to eq("/#{project.full_path}/-/dependencies")
+    context "when user can't read both project security dashboard and audit events" do
+      before do
+        allow(helper).to receive(:can?).with(user, :read_project_security_dashboard, project).and_return(false)
+        allow(helper).to receive(:can?).with(user, :read_project_audit_events, project).and_return(false)
+      end
+
+      it { is_expected.to eq("/#{project.full_path}/-/dependencies") }
    end
  end

@@ -341,26 +364,49 @@ RSpec.describe ProjectsHelper do
    subject { helper.top_level_qa_selector(project) }

    before do
-      allow(project).to receive(:feature_available?).and_return(false)
      allow(helper).to receive(:can?).and_return(false)
      allow(helper).to receive(:current_user).and_return(user)
    end

-    it 'shows security dashboard selector' do
-      allow(helper).to receive(:can?).with(user, :read_project_security_dashboard, project).and_return(true)
+    context 'when user can read project security dashboard and audit events' do
+      before do
+        allow(helper).to receive(:can?).with(user, :read_project_security_dashboard, project).and_return(true)
+        allow(helper).to receive(:can?).with(user, :read_project_audit_events, project).and_return(true)
+      end

-      is_expected.to eq('security_dashboard_link')
+      it { is_expected.to eq('security_dashboard_link') }
    end

-    it 'shows audit events selector' do
-      allow(helper).to receive(:can?).with(user, :read_project_audit_events, project).and_return(true)
-      allow(project).to receive(:feature_available?).with(:audit_events).and_return(true)
+    context 'when user can read audit events' do
+      before do
+        allow(helper).to receive(:can?).with(user, :read_project_security_dashboard, project).and_return(false)
+        allow(helper).to receive(:can?).with(user, :read_project_audit_events, project).and_return(true)
+      end
+
+      context 'when the feature is enabled' do
+        before do
+          stub_licensed_features(audit_events: true)
+        end
+
+        it { is_expected.to eq('audit_events_settings_link') }
+      end
+
+      context 'when the feature is disabled' do
+        before do
+          stub_licensed_features(audit_events: false)
+        end

-      is_expected.to eq('audit_events_settings_link')
+        it { is_expected.to eq('dependency_list_link') }
+      end
    end

-    it 'shows dependencies selector' do
-      is_expected.to eq('dependency_list_link')
+    context "when user can't read both project security dashboard and audit events" do
+      before do
+        allow(helper).to receive(:can?).with(user, :read_project_security_dashboard, project).and_return(false)
+        allow(helper).to receive(:can?).with(user, :read_project_audit_events, project).and_return(false)
+      end
+
+      it { is_expected.to eq('dependency_list_link') }
    end
  end