Hide New Epic button on boards for guest users

Fixes a bug where New Epic button showed for guest users when only `Reporter` or higher users are allowed to create epics within a group. Changelog: fixed EE: true

Hide New Epic button on boards for guest users
Fixes a bug where New Epic button showed for guest users when only `Reporter` or higher users are allowed to create epics within a group. Changelog: fixed EE: true
589d436f · Kushal Pandya · da9a8aa0 · 589d436f · 589d436f · 589d436f
Commit 589d436f authored Apr 07, 2022 by Kushal Pandya
5 changed files
--- a/app/assets/javascripts/boards/components/board_list_header.vue
+++ b/app/assets/javascripts/boards/components/board_list_header.vue
@@ -57,6 +57,9 @@ export default {
    currentUserId: {
      default: null,
    },
+    canCreateEpic: {
+      default: false,
+    },
  },
  props: {
    list: {
@@ -129,7 +132,7 @@ export default {
      return (this.listType === ListType.backlog || this.showListHeaderButton) && !this.isEpicBoard;
    },
    isNewEpicShown() {
-      return this.isEpicBoard && this.listType !== ListType.closed;
+      return this.isEpicBoard && this.canCreateEpic && this.listType !== ListType.closed;
    },
    isSettingsShown() {
      return (

--- a/ee/app/assets/javascripts/epic_boards/index.js
+++ b/ee/app/assets/javascripts/epic_boards/index.js
@@ -72,6 +72,7 @@ function mountBoardApp(el) {
      canUpdate: parseBoolean(el.dataset.canUpdate),
      canAdminList: parseBoolean(el.dataset.canAdminList),
      canAdminBoard: parseBoolean(el.dataset.canAdminBoard),
+      canCreateEpic: parseBoolean(el.dataset.canCreateEpic),
      allowLabelCreate: parseBoolean(el.dataset.canUpdate),
      allowLabelEdit: parseBoolean(el.dataset.canUpdate),
      allowScopedLabels: parseBoolean(el.dataset.scopedLabels),

--- a/ee/app/helpers/ee/boards_helper.rb
+++ b/ee/app/helpers/ee/boards_helper.rb
@@ -22,7 +22,8 @@ module EE
        board_weight: board.weight,
        show_promotion: show_feature_promotion,
        emails_disabled: current_board_parent.emails_disabled?.to_s,
-        weights: ::Issue.weight_options
+        weights: ::Issue.weight_options,
+        can_create_epic: can_create_epic?
      }
      super.merge(data).merge(licensed_features).merge(group_level_features)
@@ -50,6 +51,10 @@ module EE
    end
    # rubocop:enable Metrics/AbcSize
+    def can_create_epic?
+      return can?(current_user, :create_epic, current_board_namespace).to_s if board.is_a?(::Boards::EpicBoard)
+    end
    override :can_update?
    def can_update?
      return can?(current_user, :admin_epic, board) if board.is_a?(::Boards::EpicBoard)

--- a/ee/spec/frontend/boards/components/board_list_header_spec.js
+++ b/ee/spec/frontend/boards/components/board_list_header_spec.js
@@ -50,6 +50,7 @@ describe('Board List Header Component', () => {
    withLocalStorage = true,
    isSwimlanesHeader = false,
    weightFeatureAvailable = false,
+    canCreateEpic = true,
    listQueryHandler = jest.fn().mockResolvedValue(boardListQueryResponse()),
    currentUserId = 1,
    state = { activeId: inactiveId },
@@ -93,6 +94,7 @@ describe('Board List Header Component', () => {
        boardId,
        weightFeatureAvailable,
        currentUserId,
+        canCreateEpic,
      },
    });
  };
@@ -128,6 +130,19 @@ describe('Board List Header Component', () => {
      });
    });
+    it('does not render New epic button when canCreateEpic is false', () => {
+      createComponent({
+        canCreateEpic: false,
+        getters: {
+          isIssueBoard: () => false,
+          isEpicBoard: () => true,
+          isGroupBoard: () => true,
+        },
+      });
+      expect(wrapper.findComponent(GlButtonGroup).exists()).toBe(false);
+    });
    it('emits `toggle-epic-form` event on Sidebar eventHub when clicked', async () => {
      await newEpicButton.vm.$emit('click');

--- a/ee/spec/helpers/boards_helper_spec.rb
+++ b/ee/spec/helpers/boards_helper_spec.rb
@@ -137,6 +137,7 @@ RSpec.describe BoardsHelper do
        assign(:group, group)
        allow(helper).to receive(:can?).with(user, :create_non_backlog_issues, epic_board).and_return(false)
+        allow(helper).to receive(:can?).with(user, :create_epic, group).and_return(true)
        allow(helper).to receive(:can?).with(user, :admin_epic, epic_board).and_return(true)
        allow(helper).to receive(:can?).with(user, :admin_epic_board_list, group).and_return(true)
        allow(helper).to receive(:can?).with(user, :admin_epic_board, group).and_return(true)
@@ -146,6 +147,10 @@ RSpec.describe BoardsHelper do
        allow(helper).to receive(:can?).with(user, :admin_issue_board, group).and_return(false)
      end
+      it 'returns the correct permission for creating an epic from board' do
+        expect(board_data[:can_create_epic]).to eq "true"
+      end
      it 'returns the correct permission for updating the board' do
        expect(board_data[:can_update]).to eq "true"
      end