Commit bd024427 authored by James Lopez's avatar James Lopez

Merge branch '13247-add-permission-for-security-findings' into 'master'

Add policy for security findings

See merge request gitlab-org/gitlab!20726
parents 732de68b 9ac115c3
......@@ -150,6 +150,8 @@ module EE
rule { can?(:public_access) }.enable :read_package
rule { can?(:read_project) & can?(:read_build) }.enable :read_security_findings
rule { can?(:developer_access) }.policy do
enable :read_project_security_dashboard
end
......
......@@ -47,7 +47,7 @@ describe ProjectPolicy do
read_environment read_deployment read_merge_request read_pages
create_merge_request_in award_emoji
read_project_security_dashboard read_vulnerability
read_vulnerability_feedback read_software_license_policy
read_vulnerability_feedback read_security_findings read_software_license_policy
]
end
......@@ -411,6 +411,54 @@ describe ProjectPolicy do
end
end
describe 'read_security_findings' do
context 'with private project' do
let(:project) { create(:project, :private, namespace: owner.namespace) }
context 'with guest or above' do
let(:current_user) { guest }
it { is_expected.to be_allowed(:read_security_findings) }
end
context 'with non member' do
let(:current_user) { create(:user) }
it { is_expected.to be_disallowed(:read_security_findings) }
end
context 'with anonymous' do
let(:current_user) { nil }
it { is_expected.to be_disallowed(:read_security_findings) }
end
end
context 'with public project' do
let(:current_user) { create(:user) }
context 'with limited access to builds' do
context 'when builds enabled only for project members' do
let(:project) { create(:project, :public, :builds_private) }
it { is_expected.not_to be_allowed(:read_security_findings) }
end
context 'when public builds disabled' do
let(:project) { create(:project, :public, public_builds: false) }
it { is_expected.not_to be_allowed(:read_security_findings) }
end
end
context 'with public access to repository' do
let(:project) { create(:project, :public) }
it { is_expected.to be_allowed(:read_security_findings) }
end
end
end
describe 'vulnerability feedback permissions' do
subject { described_class.new(current_user, project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment