Downgrade support bot code to core

One of the tasks to downgrade service desk feature to core

Downgrade support bot code to core
One of the tasks to downgrade service desk feature to core
8b528426 · Felipe Artur · 2304a32e · 8b528426 · 8b528426 · 8b528426
Commit 8b528426 authored Jun 18, 2020 by Felipe Artur
14 changed files
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2410,6 +2410,11 @@ class Project < ApplicationRecord
    super || build_metrics_setting
  end

+  def service_desk_enabled
+    false
+  end
+  alias_method :service_desk_enabled?, :service_desk_enabled
+
  private

  def find_service(services, name)

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -655,6 +655,15 @@ class User < ApplicationRecord
      end
    end

+    def support_bot
+      email_pattern = "support%s@#{Settings.gitlab.host}"
+
+      unique_internal(where(user_type: :support_bot), 'support-bot', email_pattern) do |u|
+        u.bio = 'The GitLab support bot used for Service Desk'
+        u.name = 'GitLab Support Bot'
+      end
+    end
+
    # Return true if there is only single non-internal user in the deployment,
    # ghost user is ignored.
    def single_user?

--- a/app/policies/base_policy.rb
+++ b/app/policies/base_policy.rb
@@ -21,6 +21,10 @@ class BasePolicy < DeclarativePolicy::Base
  with_options scope: :user, score: 0
  condition(:deactivated) { @user&.deactivated? }

+  desc "User is support bot"
+  with_options scope: :user, score: 0
+  condition(:support_bot) { @user&.support_bot? }
+
  desc "User email is unconfirmed or user account is locked"
  with_options scope: :user, score: 0
  condition(:inactive) do

--- a/app/policies/concerns/policy_actor.rb
+++ b/app/policies/concerns/policy_actor.rb
@@ -45,6 +45,10 @@ module PolicyActor
    false
  end

+  def support_bot?
+    false
+  end
+
  def deactivated?
    false
  end

--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -123,6 +123,9 @@ class ProjectPolicy < BasePolicy
    !@subject.design_management_enabled?
  end

+  with_scope :subject
+  condition(:service_desk_enabled) { @subject.service_desk_enabled? }
+
  # We aren't checking `:read_issue` or `:read_merge_request` in this case
  # because it could be possible for a user to see an issuable-iid
  # (`:read_issue_iid` or `:read_merge_request_iid`) but then wouldn't be
@@ -576,6 +579,12 @@ class ProjectPolicy < BasePolicy
    enable :read_build_report_results
  end

+  rule { support_bot }.enable :guest_access
+  rule { support_bot & ~service_desk_enabled }.policy do
+    prevent :create_note
+    prevent :read_project
+  end
+
  private

  def team_member?
@@ -624,6 +633,7 @@ class ProjectPolicy < BasePolicy

  def lookup_access_level!
    return ::Gitlab::Access::REPORTER if alert_bot?
+    return ::Gitlab::Access::REPORTER if support_bot? && service_desk_enabled?

    # NOTE: max_member_access has its own cache
    project.team.max_member_access(@user.id)

--- a/ee/app/models/ee/project.rb
+++ b/ee/app/models/ee/project.rb
@@ -325,8 +325,9 @@ module EE
        feature_available?(:github_project_service_integration)
    end

+    override :service_desk_enabled
    def service_desk_enabled
-      ::EE::Gitlab::ServiceDesk.enabled?(project: self) && super
+      ::EE::Gitlab::ServiceDesk.enabled?(project: self) && self[:service_desk_enabled]
    end
    alias_method :service_desk_enabled?, :service_desk_enabled


--- a/ee/app/models/ee/user.rb
+++ b/ee/app/models/ee/user.rb
@@ -95,15 +95,6 @@ module EE
    class_methods do
      extend ::Gitlab::Utils::Override

-      def support_bot
-        email_pattern = "support%s@#{Settings.gitlab.host}"
-
-        unique_internal(where(user_type: :support_bot), 'support-bot', email_pattern) do |u|
-          u.bio = 'The GitLab support bot used for Service Desk'
-          u.name = 'GitLab Support Bot'
-        end
-      end
-
      def visual_review_bot
        email_pattern = "visual_review%s@#{Settings.gitlab.host}"


--- a/ee/app/policies/ee/base_policy.rb
+++ b/ee/app/policies/ee/base_policy.rb
@@ -8,9 +8,6 @@ module EE
      with_scope :user
      condition(:auditor, score: 0) { @user&.auditor? }

-      with_scope :user
-      condition(:support_bot, score: 0) { @user&.support_bot? }
-
      with_scope :user
      condition(:visual_review_bot, score: 0) { @user&.visual_review_bot? }


--- a/ee/app/policies/ee/policy_actor.rb
+++ b/ee/app/policies/ee/policy_actor.rb
@@ -6,10 +6,6 @@ module EE
      false
    end

-    def support_bot?
-      false
-    end
-
    def visual_review_bot?
      false
    end

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -18,9 +18,6 @@ module EE
    ].freeze

    prepended do
-      with_scope :subject
-      condition(:service_desk_enabled) { @subject.service_desk_enabled? }
-
      with_scope :subject
      condition(:related_issues_disabled) { !@subject.feature_available?(:related_issues) }

@@ -175,12 +172,6 @@ module EE
        @subject.feature_available?(:group_timelogs)
      end

-      rule { support_bot }.enable :guest_access
-      rule { support_bot & ~service_desk_enabled }.policy do
-        prevent :create_note
-        prevent :read_project
-      end
-
      rule { visual_review_bot }.policy do
        prevent :read_note
        enable :create_note
@@ -412,7 +403,6 @@ module EE
    override :lookup_access_level!
    def lookup_access_level!
      return ::Gitlab::Access::NO_ACCESS if needs_new_sso_session?
-      return ::Gitlab::Access::REPORTER if support_bot? && service_desk_enabled?
      return ::Gitlab::Access::NO_ACCESS if visual_review_bot?

      super

--- a/ee/spec/models/user_spec.rb
+++ b/ee/spec/models/user_spec.rb
@@ -1060,7 +1060,6 @@ RSpec.describe User do

      where(:user_type, :expected_result) do
        'service_user'      | true
-        'support_bot'       | false
        'visual_review_bot' | false
      end


--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -1001,34 +1001,6 @@ RSpec.describe ProjectPolicy do
    end
  end

-  context 'support bot' do
-    let(:current_user) { User.support_bot }
-
-    context 'with service desk disabled' do
-      it { expect_allowed(:guest_access) }
-      it { expect_disallowed(:create_note, :read_project) }
-    end
-
-    context 'with service desk enabled' do
-      let(:project) { create(:project, :public, service_desk_enabled: true) }
-
-      before do
-        allow(::EE::Gitlab::ServiceDesk).to receive(:enabled?).and_return(true)
-        allow(::EE::Gitlab::ServiceDesk).to receive(:enabled?).with(project: project).and_return(true)
-      end
-
-      it { expect_allowed(:reporter_access, :create_note, :read_issue) }
-
-      context 'when issues are protected members only' do
-        before do
-          project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
-        end
-
-        it { expect_allowed(:reporter_access, :create_note, :read_issue) }
-      end
-    end
-  end
-
  context 'visual review bot' do
    let(:current_user) { User.visual_review_bot }


--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -4634,7 +4634,8 @@ describe User do
          [
            { state: 'blocked' },
            { user_type: :ghost },
-            { user_type: :alert_bot }
+            { user_type: :alert_bot },
+            { user_type: :support_bot }
          ]
        end

@@ -4688,6 +4689,7 @@ describe User do
      where(:user_type, :expected_result) do
        'human'             | true
        'alert_bot'         | false
+        'support_bot'       | false
      end

      with_them do
@@ -4756,19 +4758,26 @@ describe User do
    end
  end

-  describe '#migration_bot' do
-    it 'creates the user if it does not exist' do
-      expect do
-        described_class.migration_bot
-      end.to change { User.where(user_type: :migration_bot).count }.by(1)
-    end
+  context 'bot users' do
+    shared_examples 'bot users' do |bot_type|
+      it 'creates the user if it does not exist' do
+        expect do
+          described_class.public_send(bot_type)
+        end.to change { User.where(user_type: bot_type).count }.by(1)
+      end

-    it 'does not create a new user if it already exists' do
-      described_class.migration_bot
+      it 'does not create a new user if it already exists' do
+        described_class.public_send(bot_type)

-      expect do
-        described_class.migration_bot
-      end.not_to change { User.count }
+        expect do
+          described_class.public_send(bot_type)
+        end.not_to change { User.count }
+      end
    end
+
+    it_behaves_like 'bot users', :alert_bot
+    it_behaves_like 'bot users', :support_bot
+    it_behaves_like 'bot users', :migration_bot
+    it_behaves_like 'bot users', :ghost
  end
 end
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -496,6 +496,33 @@ describe ProjectPolicy do
    end
  end

+  context 'support bot' do
+    let(:current_user) { User.support_bot }
+
+    subject { described_class.new(current_user, project) }
+
+    context 'with service desk disabled' do
+      it { expect_allowed(:guest_access) }
+      it { expect_disallowed(:create_note, :read_project) }
+    end
+
+    context 'with service desk enabled' do
+      before do
+        allow(project).to receive(:service_desk_enabled?).and_return(true)
+      end
+
+      it { expect_allowed(:reporter_access, :create_note, :read_issue) }
+
+      context 'when issues are protected members only' do
+        before do
+          project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
+        end
+
+        it { expect_allowed(:reporter_access, :create_note, :read_issue) }
+      end
+    end
+  end
+
  describe 'read_prometheus_alerts' do
    subject { described_class.new(current_user, project) }