Allow public view of pipeline schedules

cfbf23e3 · Lee Tickett · Grzegorz Bizon · e5b8b9e6 · cfbf23e3 · cfbf23e3
Commit cfbf23e3 authored Apr 30, 2020 by Lee Tickett Committed by Grzegorz Bizon Apr 30, 2020
5 changed files
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -218,6 +218,7 @@ class ProjectPolicy < BasePolicy
    enable :read_build
    enable :read_container_image
    enable :read_pipeline
+    enable :read_pipeline_schedule
    enable :read_environment
    enable :read_deployment
    enable :read_merge_request
@@ -262,7 +263,6 @@ class ProjectPolicy < BasePolicy
    enable :update_commit_status
    enable :create_build
    enable :update_build
-    enable :read_pipeline_schedule
    enable :create_merge_request_from
    enable :create_wiki
    enable :push_code
@@ -395,6 +395,7 @@ class ProjectPolicy < BasePolicy
    prevent :fork_project
    prevent :read_commit_status
    prevent :read_pipeline
+    prevent :read_pipeline_schedule
    prevent(*create_read_update_admin_destroy(:release))
  end

@@ -421,6 +422,7 @@ class ProjectPolicy < BasePolicy
    enable :read_merge_request
    enable :read_note
    enable :read_pipeline
+    enable :read_pipeline_schedule
    enable :read_commit_status
    enable :read_container_image
    enable :download_code
@@ -439,6 +441,7 @@ class ProjectPolicy < BasePolicy

  rule { public_builds & can?(:guest_access) }.policy do
    enable :read_pipeline
+    enable :read_pipeline_schedule
  end

  # These rules are included to allow maintainers of projects to push to certain

--- a/changelogs/unreleased/allow_public_view_of_pipeline_schedules.yml
+++ b/changelogs/unreleased/allow_public_view_of_pipeline_schedules.yml
+---
+title: Allow public access to pipeline schedules
+merge_request: 20806
+author: Lee Tickett
+type: fixed
--- a/spec/features/security/project/internal_access_spec.rb
+++ b/spec/features/security/project/internal_access_spec.rb
@@ -464,9 +464,9 @@ describe "Internal Project Access" do
    it { is_expected.to be_allowed_for(:owner).of(project) }
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
    it { is_expected.to be_allowed_for(:developer).of(project) }
-    it { is_expected.to be_denied_for(:reporter).of(project) }
-    it { is_expected.to be_denied_for(:guest).of(project) }
-    it { is_expected.to be_denied_for(:user) }
+    it { is_expected.to be_allowed_for(:reporter).of(project) }
+    it { is_expected.to be_allowed_for(:guest).of(project) }
+    it { is_expected.to be_allowed_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
@@ -499,7 +499,7 @@ describe "Private Project Access" do
    it { is_expected.to be_allowed_for(:owner).of(project) }
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
    it { is_expected.to be_allowed_for(:developer).of(project) }
-    it { is_expected.to be_denied_for(:reporter).of(project) }
+    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }

--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -278,11 +278,11 @@ describe "Public Project Access" do
    it { is_expected.to be_allowed_for(:owner).of(project) }
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
    it { is_expected.to be_allowed_for(:developer).of(project) }
-    it { is_expected.to be_denied_for(:reporter).of(project) }
-    it { is_expected.to be_denied_for(:guest).of(project) }
-    it { is_expected.to be_denied_for(:user) }
-    it { is_expected.to be_denied_for(:external) }
-    it { is_expected.to be_denied_for(:visitor) }
+    it { is_expected.to be_allowed_for(:reporter).of(project) }
+    it { is_expected.to be_allowed_for(:guest).of(project) }
+    it { is_expected.to be_allowed_for(:user) }
+    it { is_expected.to be_allowed_for(:external) }
+    it { is_expected.to be_allowed_for(:visitor) }
  end

  describe "GET /:project_path/-/environments" do