Commit 6172b14a authored by Max Woolf's avatar Max Woolf

Merge branch '351602-auditor-group-level-events' into 'master'

Ensures audit events are visible to auditor at Group level

See merge request gitlab-org/gitlab!81267
parents 458ec608 662a01dc
...@@ -44,6 +44,8 @@ class Groups::AuditEventsController < Groups::ApplicationController ...@@ -44,6 +44,8 @@ class Groups::AuditEventsController < Groups::ApplicationController
end end
def filter_by_author(params) def filter_by_author(params)
can?(current_user, :admin_group, group) ? params : params.merge(author_id: current_user.id) return params if can?(current_user, :admin_group, group) || current_user.auditor?
params.merge(author_id: current_user.id)
end end
end end
...@@ -270,6 +270,7 @@ module EE ...@@ -270,6 +270,7 @@ module EE
rule { auditor }.policy do rule { auditor }.policy do
enable :read_group enable :read_group
enable :read_group_security_dashboard enable :read_group_security_dashboard
enable :read_group_audit_events
end end
rule { group_saml_config_enabled & group_saml_available & (admin | owner) }.enable :admin_group_saml rule { group_saml_config_enabled & group_saml_available & (admin | owner) }.enable :admin_group_saml
......
...@@ -7,6 +7,7 @@ RSpec.describe Groups::AuditEventsController do ...@@ -7,6 +7,7 @@ RSpec.describe Groups::AuditEventsController do
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:owner) { create(:user) } let_it_be(:owner) { create(:user) }
let_it_be(:auditor) { create(:user, auditor: true) }
let_it_be(:group) { create(:group, :private) } let_it_be(:group) { create(:group, :private) }
let_it_be(:events) { create_list(:group_audit_event, 5, entity_id: group.id) } let_it_be(:events) { create_list(:group_audit_event, 5, entity_id: group.id) }
...@@ -15,18 +16,7 @@ RSpec.describe Groups::AuditEventsController do ...@@ -15,18 +16,7 @@ RSpec.describe Groups::AuditEventsController do
let(:entity_type) { nil } let(:entity_type) { nil }
let(:entity_id) { nil } let(:entity_id) { nil }
context 'authorized' do shared_context 'when audit_events feature is available' do
before do
group.add_owner(owner)
sign_in(owner)
end
context do
let(:request) do
get :index, params: { group_id: group.to_param, sort: sort, entity_type: entity_type, entity_id: entity_id }
end
context 'when audit_events feature is available' do
let(:level) { Gitlab::Audit::Levels::Group.new(group: group) } let(:level) { Gitlab::Audit::Levels::Group.new(group: group) }
let(:audit_logs_params) { ActionController::Parameters.new(sort: '', entity_type: '', entity_id: '', created_after: Date.current.beginning_of_month, created_before: Date.current.end_of_day).permit! } let(:audit_logs_params) { ActionController::Parameters.new(sort: '', entity_type: '', entity_id: '', created_after: Date.current.beginning_of_month, created_before: Date.current.end_of_day).permit! }
...@@ -137,7 +127,7 @@ RSpec.describe Groups::AuditEventsController do ...@@ -137,7 +127,7 @@ RSpec.describe Groups::AuditEventsController do
expect_snowplow_event( expect_snowplow_event(
category: 'Groups::AuditEventsController', category: 'Groups::AuditEventsController',
action: 'search_audit_event', action: 'search_audit_event',
user: owner, user: client,
namespace: group namespace: group
) )
end end
...@@ -161,6 +151,42 @@ RSpec.describe Groups::AuditEventsController do ...@@ -161,6 +151,42 @@ RSpec.describe Groups::AuditEventsController do
end end
end end
end end
context 'when authorized owner' do
before do
group.add_owner(owner)
sign_in(owner)
end
let(:client) { owner }
context do
let(:request) do
get :index, params: { group_id: group.to_param, sort: sort, entity_type: entity_type, entity_id: entity_id }
end
it_behaves_like 'when audit_events feature is available'
end
it_behaves_like 'tracking unique visits', :index do
let(:request_params) { { group_id: group.to_param, sort: sort, entity_type: entity_type, entity_id: entity_id } }
let(:target_id) { 'g_compliance_audit_events' }
end
end
context 'when authorized auditor' do
before do
sign_in(auditor)
end
let(:client) { auditor }
context do
let(:request) do
get :index, params: { group_id: group.to_param, sort: sort, entity_type: entity_type, entity_id: entity_id }
end
it_behaves_like 'when audit_events feature is available'
end end
it_behaves_like 'tracking unique visits', :index do it_behaves_like 'tracking unique visits', :index do
......
...@@ -610,6 +610,7 @@ RSpec.describe GroupPolicy do ...@@ -610,6 +610,7 @@ RSpec.describe GroupPolicy do
it { is_expected.to be_allowed(:read_group) } it { is_expected.to be_allowed(:read_group) }
it { is_expected.to be_allowed(:read_milestone) } it { is_expected.to be_allowed(:read_milestone) }
it { is_expected.to be_allowed(:read_group_audit_events) }
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment