Conditionally display deploy tokens for packages

Only display the settings for the packages scope when the packages features is enabled in the group or project.

Conditionally display deploy tokens for packages
Only display the settings for the packages scope when the packages features is enabled in the group or project.
28309bec · Nourdin el Bacha · nelbacha · 7d53ceb1 · 28309bec · 28309bec
Commit 28309bec authored May 26, 2020 by Nourdin el Bacha Committed by nelbacha Jun 21, 2020
4 changed files
--- a/app/helpers/deploy_tokens_helper.rb
+++ b/app/helpers/deploy_tokens_helper.rb
@@ -7,8 +7,14 @@ module DeployTokensHelper
      Rails.env.test?
  end

-  def container_registry_enabled?(project)
+  def container_registry_enabled?(subject)
    Gitlab.config.registry.enabled &&
-      can?(current_user, :read_container_image, project)
+      can?(current_user, :read_container_image, subject)
+  end
+
+  def packages_registry_enabled?(subject)
+    Gitlab.config.packages.enabled &&
+      subject.feature_available?(:packages) &&
+      can?(current_user, :read_package, subject)
  end
 end
--- a/app/views/shared/deploy_tokens/_form.html.haml
+++ b/app/views/shared/deploy_tokens/_form.html.haml
@@ -35,6 +35,7 @@
        = label_tag ("deploy_token_write_registry"), 'write_registry', class: 'label-bold form-check-label'
        .text-secondary= s_('DeployTokens|Allows write access to the registry images')

+    - if packages_registry_enabled?(group_or_project)
      %fieldset.form-group.form-check
        = f.check_box :read_package_registry, class: 'form-check-input'
        = label_tag ("deploy_token_read_package_registry"), 'read_package_registry', class: 'label-bold form-check-label'
@@ -47,3 +48,4 @@

  .prepend-top-default
    = f.submit s_('DeployTokens|Create deploy token'), class: 'btn btn-success qa-create-deploy-token'
+
--- a/ee/changelogs/unreleased/nelbacha-master-patch-50345.yml
+++ b/ee/changelogs/unreleased/nelbacha-master-patch-50345.yml
+---
+title: Conditionally render the packages scopes in deploy token settings
+merge_request:
+author:
+type: fixed
--- a/ee/spec/views/shared/deploy_tokens/_form.html.haml_spec.rb
+++ b/ee/spec/views/shared/deploy_tokens/_form.html.haml_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'shared/deploy_tokens/_form.html.haml' do
+  using RSpec::Parameterized::TableSyntax
+
+  let_it_be(:user) { create(:user) }
+  let_it_be(:token) { build(:deploy_token) }
+  let_it_be(:project, refind: true) { create(:project, :private) }
+  let_it_be(:group, refind: true) { create(:group) }
+
+  RSpec.shared_examples "display deploy token settings" do |role, type, can|
+    let(:subject) { type == :project ? project : group }
+
+    if can
+      it "renders the packages scopes for user role #{role} in #{type}" do
+        render 'shared/deploy_tokens/form', token: token, group_or_project: subject
+        expect(rendered).to have_content('Allows read access to the package registry')
+      end
+    else
+      it "does not render the packages scopes for user role #{role} in #{type}" do
+        render 'shared/deploy_tokens/form', token: token, group_or_project: subject
+        expect(rendered).not_to have_content('Allows read access to the package registry')
+      end
+    end
+  end
+
+  where(:shared_examples_name, :packages_enabled, :feature_enabled, :role, :subject, :can) do
+    'display deploy token settings' | true  | true  | :owner      | :group   | true
+    'display deploy token settings' | true  | false | :owner      | :group   | false
+    'display deploy token settings' | false | true  | :owner      | :group   | false
+    'display deploy token settings' | false | false | :owner      | :group   | false
+    'display deploy token settings' | true  | true  | :maintainer | :group   | true
+    'display deploy token settings' | true  | false | :maintainer | :group   | false
+    'display deploy token settings' | false | true  | :maintainer | :group   | false
+    'display deploy token settings' | false | false | :maintainer | :group   | false
+    'display deploy token settings' | true  | true  | :maintainer | :project | true
+    'display deploy token settings' | false | true  | :maintainer | :project | false
+    'display deploy token settings' | true  | false | :maintainer | :project | false
+    'display deploy token settings' | false | false | :maintainer | :project | false
+  end
+
+  with_them do
+    before do
+      subject.send("add_#{role}", user)
+      allow(view).to receive(:current_user).and_return(user)
+      stub_config(packages: { enabled: packages_enabled })
+      stub_licensed_features(packages: feature_enabled)
+    end
+
+    it_behaves_like params[:shared_examples_name], params[:role], params[:subject], params[:can]
+  end
+end