Skip to content

G
gitlab-ce
Commit c47cc5c2 authored by Max Woolf's avatar Max Woolf
Browse files
Options

Add destroyservice to compliance frameworks 

Adds a new service to handle destruction
of compliance frameworks
parent 0a0d89ac
Show whitespace changes
Inline Side-by-side
Showing with 168 additions and 2 deletions
app/policies/group_policy.rb
View file @ c47cc5c2
......@@ -185,7 +185,10 @@ class GroupPolicy < BasePolicy
rule { developer & developer_maintainer_access }.enable :create_projects
rule { create_projects_disabled }.prevent :create_projects
rule { owner | admin }.enable :read_statistics
rule { owner | admin }.policy do
enable :owner_access
enable :read_statistics
end
rule { maintainer & can?(:create_projects) }.enable :transfer_projects
......
app/policies/namespace_policy.rb
View file @ c47cc5c2
......@@ -8,6 +8,7 @@ class NamespacePolicy < BasePolicy
condition(:owner) { @subject.owner == @user }
rule { owner | admin }.policy do
enable :owner_access
enable :create_projects
enable :admin_namespace
enable :read_namespace
......
ee/app/policies/compliance_management/framework_policy.rb 0 → 100644
View file @ c47cc5c2
# frozen_string_literal: true
module ComplianceManagement
class FrameworkPolicy < BasePolicy
delegate { @subject.namespace }
condition(:custom_compliance_frameworks_enabled) do
License.feature_available?(:custom_compliance_frameworks)
end
rule { can?(:owner_access) & custom_compliance_frameworks_enabled }.policy do
enable :manage_compliance_framework
end
end
end
ee/app/services/compliance_management/frameworks/destroy_service.rb 0 → 100644
View file @ c47cc5c2
# frozen_string_literal: true
module ComplianceManagement
module Frameworks
class DestroyService < BaseService
attr_reader :framework, :current_user
def initialize(framework:, current_user:)
@framework = framework
@current_user = current_user
end
def execute
return ServiceResponse.error(message: _('Not permitted to destroy framework')) unless permitted?
framework.destroy ? success : error
end
private
def permitted?
can? current_user, :manage_compliance_framework, framework
end
def success
ServiceResponse.success(message: _('Framework successfully deleted'))
end
def error
ServiceResponse.error(message: _('Failed to create framework'), payload: framework.errors )
end
end
end
end
ee/spec/policies/compliance_management/framework_policy_spec.rb 0 → 100644
View file @ c47cc5c2
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ComplianceManagement::FrameworkPolicy do
let_it_be(:framework) { create(:compliance_framework) }
let(:user) { framework.namespace.owner }
subject { described_class.new(user, framework) }
context 'feature is licensed' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
end
context 'user is namespace owner' do
it { is_expected.to be_allowed(:manage_compliance_framework) }
end
context 'user is group owner' do
let_it_be(:group) { create(:group) }
let_it_be(:framework) { create(:compliance_framework, namespace: group) }
let_it_be(:user) { create(:user) }
before do
group.add_owner(user)
end
it { is_expected.to be_allowed(:manage_compliance_framework) }
end
context 'user is not namespace owner' do
let(:user) { build(:user) }
it { is_expected.to be_disallowed(:manage_compliance_framework) }
end
context 'user is an admin', :enable_admin_mode do
let(:user) { build(:admin) }
it { is_expected.to be_allowed(:manage_compliance_framework) }
end
end
context 'feature is unlicensed' do
before do
stub_licensed_features(custom_compliance_frameworks: false)
end
it { is_expected.to be_disallowed(:manage_compliance_framework) }
end
end
ee/spec/services/compliance_management/frameworks/destroy_service_spec.rb 0 → 100644
View file @ c47cc5c2
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ComplianceManagement::Frameworks::DestroyService do
let_it_be(:namespace) { create(:namespace) }
let_it_be(:framework) { create(:compliance_framework, namespace: namespace) }
context 'when feature is disabled' do
before do
stub_licensed_features(custom_compliance_frameworks: false)
end
subject { described_class.new(framework: framework, current_user: namespace.owner) }
it 'does not destroy the compliance framework' do
expect { subject.execute }.not_to change { ComplianceManagement::Framework.count }
end
it 'is unsuccessful' do
expect(subject.execute.success?).to be false
end
end
context 'when feature is enabled' do
before do
stub_licensed_features(custom_compliance_frameworks: true)
end
context 'when current user is namespace owner' do
subject { described_class.new(framework: framework, current_user: namespace.owner) }
it 'destroys the compliance framework' do
expect { subject.execute }.to change { ComplianceManagement::Framework.count }.by(-1)
end
it 'is successful' do
expect(subject.execute.success?).to be true
end
end
context 'when current user is not the namespace owner' do
subject { described_class.new(framework: framework, current_user: create(:user)) }
it 'does not destroy the compliance framework' do
expect { subject.execute }.not_to change { ComplianceManagement::Framework.count }
end
it 'is unsuccessful' do
expect(subject.execute.success?).to be false
end
end
end
end
locale/gitlab.pot
View file @ c47cc5c2
......@@ -12235,6 +12235,9 @@ msgstr ""
msgid "Found errors in your .gitlab-ci.yml:"
msgstr ""
msgid "Framework successfully deleted"
msgstr ""
msgid "Free Trial"
msgstr ""
......@@ -18796,6 +18799,9 @@ msgstr ""
msgid "Not found."
msgstr ""
msgid "Not permitted to destroy framework"
msgstr ""
msgid "Not ready yet. Try again later."
msgstr ""
......
spec/policies/namespace_policy_spec.rb
View file @ c47cc5c2
......@@ -8,7 +8,7 @@ RSpec.describe NamespacePolicy do
let(:admin) { create(:admin) }
let(:namespace) { create(:namespace, owner: owner) }
let(:owner_permissions) { [:create_projects, :admin_namespace, :read_namespace, :read_statistics, :transfer_projects] }
let(:owner_permissions) { [:owner_access, :create_projects, :admin_namespace, :read_namespace, :read_statistics, :transfer_projects] }
subject { described_class.new(current_user, namespace) }
......
spec/support/shared_contexts/policies/group_policy_shared_context.rb
View file @ c47cc5c2
......@@ -30,6 +30,7 @@ RSpec.shared_context 'GroupPolicy context' do
let(:owner_permissions) do
[
:owner_access,
:admin_group,
:admin_namespace,
:admin_group_member,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7