Commit 662a01dc authored by harsimarsandhu's avatar harsimarsandhu

Ensures audit events are visible to auditor

Changelog: fixed
EE: true
parent c5a348be
......@@ -44,6 +44,8 @@ class Groups::AuditEventsController < Groups::ApplicationController
end
def filter_by_author(params)
can?(current_user, :admin_group, group) ? params : params.merge(author_id: current_user.id)
return params if can?(current_user, :admin_group, group) || current_user.auditor?
params.merge(author_id: current_user.id)
end
end
......@@ -270,6 +270,7 @@ module EE
rule { auditor }.policy do
enable :read_group
enable :read_group_security_dashboard
enable :read_group_audit_events
end
rule { group_saml_config_enabled & group_saml_available & (admin | owner) }.enable :admin_group_saml
......
......@@ -610,6 +610,7 @@ RSpec.describe GroupPolicy do
it { is_expected.to be_allowed(:read_group) }
it { is_expected.to be_allowed(:read_milestone) }
it { is_expected.to be_allowed(:read_group_audit_events) }
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment