Commit 26886d56 authored by Imre Farkas's avatar Imre Farkas

Merge branch '10242-unify-vulnerabilities-admin-permissions' into 'master'

Unify permissions to manage Vulnerabilities under admin_vulnerability

See merge request gitlab-org/gitlab!20635
parents 72bab7cd 4db26ef2
......@@ -10,6 +10,7 @@ module EE
issue_link
approvers
vulnerability_feedback
vulnerability
license_management
feature_flag
feature_flags_client
......@@ -160,8 +161,7 @@ module EE
rule { can?(:read_project_security_dashboard) & can?(:developer_access) }.policy do
enable :read_vulnerability
enable :create_vulnerability
enable :resolve_vulnerability
enable :dismiss_vulnerability
enable :admin_vulnerability
end
rule { can?(:read_project) & (can?(:read_merge_request) | can?(:read_build)) }.enable :read_vulnerability_feedback
......
......@@ -13,7 +13,7 @@ module Vulnerabilities
end
def execute
raise Gitlab::Access::AccessDeniedError unless can?(@user, :dismiss_vulnerability, @project)
raise Gitlab::Access::AccessDeniedError unless can?(@user, :admin_vulnerability, @project)
@vulnerability.transaction do
result = dismiss_findings
......
......@@ -10,7 +10,7 @@ module Vulnerabilities
end
def execute
raise Gitlab::Access::AccessDeniedError unless can?(@user, :resolve_vulnerability, @vulnerability.project)
raise Gitlab::Access::AccessDeniedError unless can?(@user, :admin_vulnerability, @vulnerability.project)
@vulnerability.tap do |vulnerability|
vulnerability.update(state: :resolved, resolved_by: @user, resolved_at: Time.current)
......
......@@ -46,7 +46,7 @@ module API
success EE::API::Entities::Vulnerability
end
post ':id/resolve' do
vulnerability = find_and_authorize_vulnerability!(:resolve_vulnerability)
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
break not_modified! if vulnerability.resolved?
vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute
......@@ -57,7 +57,7 @@ module API
success EE::API::Entities::Vulnerability
end
post ':id/dismiss' do
vulnerability = find_and_authorize_vulnerability!(:dismiss_vulnerability)
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
break not_modified! if vulnerability.closed?
vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute
......
......@@ -33,7 +33,7 @@ describe ProjectPolicy do
let(:additional_developer_permissions) do
%i[
admin_vulnerability_feedback read_project_security_dashboard read_feature_flag
read_vulnerability create_vulnerability resolve_vulnerability dismiss_vulnerability
read_vulnerability create_vulnerability admin_vulnerability
]
end
let(:additional_maintainer_permissions) { %i[push_code_to_protected_branches admin_feature_flags_client] }
......@@ -495,8 +495,7 @@ describe ProjectPolicy do
include_context 'when security dashboard feature is not available'
it { is_expected.to be_disallowed(:create_vulnerability) }
it { is_expected.to be_disallowed(:resolve_vulnerability) }
it { is_expected.to be_disallowed(:dismiss_vulnerability) }
it { is_expected.to be_disallowed(:admin_vulnerability) }
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment