Commit 174311a0 authored by Mark Chao's avatar Mark Chao

Merge branch 'jp-elink-perms' into 'master'

Add related_epic permissions

See merge request gitlab-org/gitlab!81380
parents d22ed346 92704e90
......@@ -187,6 +187,7 @@ class License < ApplicationRecord
prometheus_alerts
pseudonymizer
quality_management
related_epics
release_evidence_test_artifacts
report_approver_rules
requirements
......
......@@ -10,6 +10,8 @@ class EpicPolicy < BasePolicy
@subject.confidential?
end
condition(:related_epics_available) { @subject.group.licensed_feature_available?(:related_epics) }
rule { can?(:read_epic) }.policy do
enable :read_epic_iid
enable :read_note
......@@ -40,4 +42,12 @@ class EpicPolicy < BasePolicy
enable :set_epic_metadata
enable :set_confidentiality
end
rule { can?(:read_epic) & related_epics_available }.policy do
enable :read_related_epic_link
end
rule { can?(:admin_epic) & related_epics_available }.policy do
enable :admin_related_epic_link
end
end
......@@ -27,22 +27,41 @@ RSpec.describe EpicPolicy do
end
shared_examples 'can only read epics' do
it do
is_expected.to be_allowed(:read_epic, :read_epic_iid, :read_note, :create_todo)
is_expected.to be_disallowed(:update_epic, :destroy_epic, :admin_epic, :create_epic)
it 'matches expected permissions' do
is_expected.to be_allowed(:read_epic, :read_epic_iid, :read_note,
:create_todo, :read_related_epic_link)
is_expected.to be_disallowed(:update_epic, :destroy_epic, :admin_epic,
:create_epic, :admin_related_epic_link)
end
end
shared_examples 'can manage epics' do
it { is_expected.to be_allowed(:read_epic, :read_epic_iid, :read_note, :update_epic, :admin_epic, :create_epic, :create_todo) }
it 'matches expected permissions' do
is_expected.to be_allowed(:read_epic, :read_epic_iid, :read_note,
:update_epic, :admin_epic, :create_epic,
:create_todo, :read_related_epic_link,
:admin_related_epic_link)
end
end
shared_examples 'all epic permissions disabled' do
it { is_expected.to be_disallowed(:read_epic, :read_epic_iid, :update_epic, :destroy_epic, :admin_epic, :create_epic, :create_note, :award_emoji, :read_note, :create_todo) }
it 'matches expected permissions' do
is_expected.to be_disallowed(:read_epic, :read_epic_iid, :update_epic,
:destroy_epic, :admin_epic, :create_epic,
:create_note, :award_emoji, :read_note,
:create_todo, :read_related_epic_link,
:admin_related_epic_link)
end
end
shared_examples 'all reporter epic permissions enabled' do
it { is_expected.to be_allowed(:read_epic, :read_epic_iid, :update_epic, :admin_epic, :create_epic, :create_note, :award_emoji, :read_note, :create_todo) }
it 'matches expected permissions' do
is_expected.to be_allowed(:read_epic, :read_epic_iid, :update_epic,
:admin_epic, :create_epic, :create_note,
:award_emoji, :read_note, :create_todo,
:read_related_epic_link,
:admin_related_epic_link)
end
end
shared_examples 'group member permissions' do
......@@ -111,7 +130,7 @@ RSpec.describe EpicPolicy do
context 'when epics feature is enabled' do
before do
stub_licensed_features(epics: true)
stub_licensed_features(epics: true, related_epics: true)
end
context 'when an epic is in a private group' do
......@@ -227,5 +246,22 @@ RSpec.describe EpicPolicy do
it_behaves_like 'all reporter epic permissions enabled'
end
end
context 'when related_epics feature is not available' do
let(:group) { create(:group) }
before do
stub_licensed_features(epics: true)
group.add_maintainer(user)
end
it 'matches expected permissions' do
is_expected.to be_allowed(:read_epic, :read_epic_iid, :update_epic,
:admin_epic, :create_epic, :create_note,
:award_emoji, :read_note, :create_todo)
is_expected.to be_disallowed(:read_related_epic_link,
:admin_related_epic_link)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment