Merge branch '351603-auditor-project-level-events' into 'master'

Ensures audit events are visible to auditor at Project level See merge request gitlab-org/gitlab!81497

Merge branch '351603-auditor-project-level-events' into 'master'
Ensures audit events are visible to auditor at Project level See merge request gitlab-org/gitlab!81497
1f4de299 · Vitali Tatarintev · 89339612 · 0afc1625 · 1f4de299 · 1f4de299
Commit 1f4de299 authored Mar 01, 2022 by Vitali Tatarintev
4 changed files
--- a/ee/app/controllers/projects/audit_events_controller.rb
+++ b/ee/app/controllers/projects/audit_events_controller.rb
@@ -43,6 +43,8 @@ class Projects::AuditEventsController < Projects::ApplicationController
  end
  def filter_by_author(params)
-    can?(current_user, :admin_project, project) ? params : params.merge(author_id: current_user.id)
+    return params if can?(current_user, :admin_project, project) || current_user.auditor?
+    params.merge(author_id: current_user.id)
  end
 end
--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -276,6 +276,7 @@ module EE
        enable :read_environment
        enable :read_deployment
        enable :read_pages
+        enable :read_project_audit_events
      end
      rule { ~security_and_compliance_disabled & auditor }.policy do

--- a/ee/spec/controllers/projects/audit_events_controller_spec.rb
+++ b/ee/spec/controllers/projects/audit_events_controller_spec.rb
--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -47,6 +47,7 @@ RSpec.describe ProjectPolicy do
        read_software_license_policy
        read_threat_monitoring read_merge_train
        read_release
+        read_project_audit_events
      ]
    end