Commit 6172b14a authored by Max Woolf's avatar Max Woolf

Merge branch '351602-auditor-group-level-events' into 'master'

Ensures audit events are visible to auditor at Group level

See merge request gitlab-org/gitlab!81267
parents 458ec608 662a01dc
...@@ -44,6 +44,8 @@ class Groups::AuditEventsController < Groups::ApplicationController ...@@ -44,6 +44,8 @@ class Groups::AuditEventsController < Groups::ApplicationController
end end
def filter_by_author(params) def filter_by_author(params)
can?(current_user, :admin_group, group) ? params : params.merge(author_id: current_user.id) return params if can?(current_user, :admin_group, group) || current_user.auditor?
params.merge(author_id: current_user.id)
end end
end end
...@@ -270,6 +270,7 @@ module EE ...@@ -270,6 +270,7 @@ module EE
rule { auditor }.policy do rule { auditor }.policy do
enable :read_group enable :read_group
enable :read_group_security_dashboard enable :read_group_security_dashboard
enable :read_group_audit_events
end end
rule { group_saml_config_enabled & group_saml_available & (admin | owner) }.enable :admin_group_saml rule { group_saml_config_enabled & group_saml_available & (admin | owner) }.enable :admin_group_saml
......
...@@ -610,6 +610,7 @@ RSpec.describe GroupPolicy do ...@@ -610,6 +610,7 @@ RSpec.describe GroupPolicy do
it { is_expected.to be_allowed(:read_group) } it { is_expected.to be_allowed(:read_group) }
it { is_expected.to be_allowed(:read_milestone) } it { is_expected.to be_allowed(:read_milestone) }
it { is_expected.to be_allowed(:read_group_audit_events) }
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment