Commit 75547a72 authored by Sean McGivern's avatar Sean McGivern

Merge branch '255340-delete-compliance-framework-service' into 'master'

Add ComplianceManagement::Frameworks::DestroyService

See merge request gitlab-org/gitlab!47937
parents f9e9d273 c47cc5c2
......@@ -185,7 +185,10 @@ class GroupPolicy < BasePolicy
rule { developer & developer_maintainer_access }.enable :create_projects
rule { create_projects_disabled }.prevent :create_projects
rule { owner | admin }.enable :read_statistics
rule { owner | admin }.policy do
enable :owner_access
enable :read_statistics
end
rule { maintainer & can?(:create_projects) }.enable :transfer_projects
......
......@@ -8,6 +8,7 @@ class NamespacePolicy < BasePolicy
condition(:owner) { @subject.owner == @user }
rule { owner | admin }.policy do
enable :owner_access
enable :create_projects
enable :admin_namespace
enable :read_namespace
......
# frozen_string_literal: true
module ComplianceManagement
class FrameworkPolicy < BasePolicy
delegate { @subject.namespace }
condition(:custom_compliance_frameworks_enabled) do
License.feature_available?(:custom_compliance_frameworks)
end
rule { can?(:owner_access) & custom_compliance_frameworks_enabled }.policy do
enable :manage_compliance_framework
end
end
end
# frozen_string_literal: true
module ComplianceManagement
module Frameworks
class DestroyService < BaseService
attr_reader :framework, :current_user
def initialize(framework:, current_user:)
@framework = framework
@current_user = current_user
end
def execute
return ServiceResponse.error(message: _('Not permitted to destroy framework')) unless permitted?
framework.destroy ? success : error
end
private
def permitted?
can? current_user, :manage_compliance_framework, framework
end
def success
ServiceResponse.success(message: _('Framework successfully deleted'))
end
def error
ServiceResponse.error(message: _('Failed to create framework'), payload: framework.errors )
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ComplianceManagement::FrameworkPolicy do
let_it_be(:framework) { create(:compliance_framework) }
let(:user) { framework.namespace.owner }
subject { described_class.new(user, framework) }
context 'feature is licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
end
context 'user is namespace owner' do
it { is_expected.to be_allowed(:manage_compliance_framework) }
end
context 'user is group owner' do
let_it_be(:group) { create(:group) }
let_it_be(:framework) { create(:compliance_framework, namespace: group) }
let_it_be(:user) { create(:user) }
before do
group.add_owner(user)
end
it { is_expected.to be_allowed(:manage_compliance_framework) }
end
context 'user is not namespace owner' do
let(:user) { build(:user) }
it { is_expected.to be_disallowed(:manage_compliance_framework) }
end
context 'user is an admin', :enable_admin_mode do
let(:user) { build(:admin) }
it { is_expected.to be_allowed(:manage_compliance_framework) }
end
end
context 'feature is unlicensed' do
before do
stub_licensed_features(custom_compliance_frameworks: false)
end
it { is_expected.to be_disallowed(:manage_compliance_framework) }
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ComplianceManagement::Frameworks::DestroyService do
let_it_be(:namespace) { create(:namespace) }
let_it_be(:framework) { create(:compliance_framework, namespace: namespace) }
context 'when feature is disabled' do
before do
stub_licensed_features(custom_compliance_frameworks: false)
end
subject { described_class.new(framework: framework, current_user: namespace.owner) }
it 'does not destroy the compliance framework' do
expect { subject.execute }.not_to change { ComplianceManagement::Framework.count }
end
it 'is unsuccessful' do
expect(subject.execute.success?).to be false
end
end
context 'when feature is enabled' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
end
context 'when current user is namespace owner' do
subject { described_class.new(framework: framework, current_user: namespace.owner) }
it 'destroys the compliance framework' do
expect { subject.execute }.to change { ComplianceManagement::Framework.count }.by(-1)
end
it 'is successful' do
expect(subject.execute.success?).to be true
end
end
context 'when current user is not the namespace owner' do
subject { described_class.new(framework: framework, current_user: create(:user)) }
it 'does not destroy the compliance framework' do
expect { subject.execute }.not_to change { ComplianceManagement::Framework.count }
end
it 'is unsuccessful' do
expect(subject.execute.success?).to be false
end
end
end
end
......@@ -12199,6 +12199,9 @@ msgstr ""
msgid "Found errors in your .gitlab-ci.yml:"
msgstr ""
msgid "Framework successfully deleted"
msgstr ""
msgid "Free Trial"
msgstr ""
......@@ -18715,6 +18718,9 @@ msgstr ""
msgid "Not found."
msgstr ""
msgid "Not permitted to destroy framework"
msgstr ""
msgid "Not ready yet. Try again later."
msgstr ""
......
......@@ -8,7 +8,7 @@ RSpec.describe NamespacePolicy do
let(:admin) { create(:admin) }
let(:namespace) { create(:namespace, owner: owner) }
let(:owner_permissions) { [:create_projects, :admin_namespace, :read_namespace, :read_statistics, :transfer_projects] }
let(:owner_permissions) { [:owner_access, :create_projects, :admin_namespace, :read_namespace, :read_statistics, :transfer_projects] }
subject { described_class.new(current_user, namespace) }
......
......@@ -30,6 +30,7 @@ RSpec.shared_context 'GroupPolicy context' do
let(:owner_permissions) do
[
:owner_access,
:admin_group,
:admin_namespace,
:admin_group_member,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment