Merge branch 'fix-quick-actions-permissions' into 'master'

Fix quick action permissions to match UI See merge request gitlab-org/gitlab!73710

Merge branch 'fix-quick-actions-permissions' into 'master'
Fix quick action permissions to match UI See merge request gitlab-org/gitlab!73710
906dd7b3 · Robert Speicher · 7aca0b8a · 8e85fac3 · 906dd7b3 · 906dd7b3
Commit 906dd7b3 authored Nov 10, 2021 by Robert Speicher
5 changed files
--- a/ee/lib/ee/gitlab/quick_actions/issue_and_merge_request_actions.rb
+++ b/ee/lib/ee/gitlab/quick_actions/issue_and_merge_request_actions.rb
@@ -17,7 +17,7 @@ module EE
            quick_action_target.supports_assignee? &&
              quick_action_target.allows_multiple_assignees? &&
              quick_action_target.persisted? &&
-              current_user.can?(:"admin_#{quick_action_target.to_ability_name}", project)
+              current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
          end
          command :reassign do |reassign_param|
            @updates[:assignee_ids] = extract_users(reassign_param).map(&:id)

--- a/lib/gitlab/quick_actions/issuable_actions.rb
+++ b/lib/gitlab/quick_actions/issuable_actions.rb
@@ -84,8 +84,7 @@ module Gitlab
        params '~label1 ~"label 2"'
        types Issuable
        condition do
-          parent &&
+          current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target) &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", parent) &&
            find_labels.any?
        end
        command :label do |labels_param|
@@ -107,7 +106,7 @@ module Gitlab
        condition do
          quick_action_target.persisted? &&
            quick_action_target.labels.any? &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", parent)
+            current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        command :unlabel, :remove_label do |labels_param = nil|
          if labels_param.present?
@@ -139,7 +138,7 @@ module Gitlab
        condition do
          quick_action_target.persisted? &&
            quick_action_target.labels.any? &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", parent)
+            current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        command :relabel do |labels_param|
          run_label_command(labels: find_labels(labels_param), command: :relabel, updates_key: :label_ids)

--- a/lib/gitlab/quick_actions/issue_actions.rb
+++ b/lib/gitlab/quick_actions/issue_actions.rb
@@ -19,7 +19,7 @@ module Gitlab
        types Issue
        condition do
          quick_action_target.respond_to?(:due_date) &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", project)
+            current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        parse_params do |due_date_param|
          Chronic.parse(due_date_param).try(:to_date)
@@ -40,7 +40,7 @@ module Gitlab
          quick_action_target.persisted? &&
            quick_action_target.respond_to?(:due_date) &&
            quick_action_target.due_date? &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", project)
+            current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        command :remove_due_date do
          @updates[:due_date] = nil
@@ -54,7 +54,7 @@ module Gitlab
        params '~"Target column"'
        types Issue
        condition do
-          current_user.can?(:"update_#{quick_action_target.to_ability_name}", quick_action_target) &&
+          current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target) &&
            quick_action_target.project.boards.count == 1
        end
        command :board_move do |target_list_name|
@@ -86,7 +86,7 @@ module Gitlab
        types Issue
        condition do
          quick_action_target.persisted? &&
-            current_user.can?(:"update_#{quick_action_target.to_ability_name}", quick_action_target)
+            current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        command :duplicate do |duplicate_param|
          canonical_issue = extract_references(duplicate_param, :issue).first

--- a/lib/gitlab/quick_actions/issue_and_merge_request_actions.rb
+++ b/lib/gitlab/quick_actions/issue_and_merge_request_actions.rb
@@ -26,7 +26,7 @@ module Gitlab
        end
        types Issue, MergeRequest
        condition do
-          quick_action_target.supports_assignee? && current_user.can?(:"admin_#{quick_action_target.to_ability_name}", project)
+          quick_action_target.supports_assignee? && current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        parse_params do |assignee_param|
          extract_users(assignee_param)
@@ -66,7 +66,7 @@ module Gitlab
        condition do
          quick_action_target.persisted? &&
            quick_action_target.assignees.any? &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", project)
+            current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        parse_params do |unassign_param|
          # When multiple users are assigned, all will be unassigned if multiple assignees are no longer allowed
@@ -92,7 +92,7 @@ module Gitlab
        types Issue, MergeRequest
        condition do
          quick_action_target.supports_milestone? &&
-          current_user.can?(:"admin_#{quick_action_target.to_ability_name}", project) &&
+          current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target) &&
            find_milestones(project, state: 'active').any?
        end
        parse_params do |milestone_param|
@@ -115,7 +115,7 @@ module Gitlab
          quick_action_target.persisted? &&
            quick_action_target.milestone_id? &&
            quick_action_target.supports_milestone? &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", project)
+            current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        command :remove_milestone do
          @updates[:milestone_id] = nil
@@ -128,7 +128,7 @@ module Gitlab
        params '#issue | !merge_request'
        types Issue, MergeRequest
        condition do
-          current_user.can?(:"admin_#{quick_action_target.to_ability_name}", quick_action_target)
+          current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        parse_params do |issuable_param|
          extract_references(issuable_param, :issue).first ||
@@ -225,7 +225,7 @@ module Gitlab
        condition do
          quick_action_target.persisted? &&
            !quick_action_target.discussion_locked? &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", quick_action_target)
+            current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        command :lock do
          @updates[:discussion_locked] = true
@@ -238,7 +238,7 @@ module Gitlab
        condition do
          quick_action_target.persisted? &&
            quick_action_target.discussion_locked? &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", quick_action_target)
+            current_user.can?(:"set_#{quick_action_target.to_ability_name}_metadata", quick_action_target)
        end
        command :unlock do
          @updates[:discussion_locked] = false

--- a/spec/services/quick_actions/interpret_service_spec.rb
+++ b/spec/services/quick_actions/interpret_service_spec.rb
@@ -2553,4 +2553,32 @@ RSpec.describe QuickActions::InterpretService do
      end
    end
  end
+  describe '#available_commands' do
+    context 'when Guest is creating a new issue' do
+      let_it_be(:guest) { create(:user) }
+      let(:issue) { build(:issue, project: public_project) }
+      let(:service) { described_class.new(project, guest) }
+      before_all do
+        public_project.add_guest(guest)
+      end
+      it 'includes commands to set metadata' do
+        # milestone action is only available when project has a milestone
+        milestone
+        available_commands = service.available_commands(issue)
+        expect(available_commands).to include(
+          a_hash_including(name: :label),
+          a_hash_including(name: :milestone),
+          a_hash_including(name: :copy_metadata),
+          a_hash_including(name: :assign),
+          a_hash_including(name: :due)
+        )
+      end
+    end
+  end
 end