Merge branch 'fix/cycle-analytics-permissions' into 'master'
Added permissions per stage to cycle analytics endpoint See merge request !7613
This commit is contained in:
commit
80eaed1651
|
@ -54,7 +54,8 @@ class Projects::CycleAnalyticsController < Projects::ApplicationController
|
|||
|
||||
{
|
||||
summary: summary,
|
||||
stats: stats
|
||||
stats: stats,
|
||||
permissions: @cycle_analytics.permissions(user: current_user)
|
||||
}
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
class CycleAnalytics
|
||||
STAGES = %i[issue plan code test review staging production].freeze
|
||||
|
||||
def initialize(project, from:)
|
||||
@project = project
|
||||
@from = from
|
||||
|
@ -9,6 +11,10 @@ class CycleAnalytics
|
|||
@summary ||= Summary.new(@project, from: @from)
|
||||
end
|
||||
|
||||
def permissions(user:)
|
||||
Gitlab::CycleAnalytics::Permissions.get(user: user, project: @project)
|
||||
end
|
||||
|
||||
def issue
|
||||
@fetcher.calculate_metric(:issue,
|
||||
Issue.arel_table[:created_at],
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
title: Added permissions per stage to cycle analytics endpoint
|
||||
merge_request:
|
||||
author:
|
|
@ -0,0 +1,44 @@
|
|||
module Gitlab
|
||||
module CycleAnalytics
|
||||
class Permissions
|
||||
STAGE_PERMISSIONS = {
|
||||
issue: :read_issue,
|
||||
code: :read_merge_request,
|
||||
test: :read_build,
|
||||
review: :read_merge_request,
|
||||
staging: :read_build,
|
||||
production: :read_issue,
|
||||
}.freeze
|
||||
|
||||
def self.get(*args)
|
||||
new(*args).get
|
||||
end
|
||||
|
||||
def initialize(user:, project:)
|
||||
@user = user
|
||||
@project = project
|
||||
@stage_permission_hash = {}
|
||||
end
|
||||
|
||||
def get
|
||||
::CycleAnalytics::STAGES.each do |stage|
|
||||
@stage_permission_hash[stage] = authorized_stage?(stage)
|
||||
end
|
||||
|
||||
@stage_permission_hash
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def authorized_stage?(stage)
|
||||
return false unless authorize_project(:read_cycle_analytics)
|
||||
|
||||
STAGE_PERMISSIONS[stage] ? authorize_project(STAGE_PERMISSIONS[stage]) : true
|
||||
end
|
||||
|
||||
def authorize_project(permission)
|
||||
Ability.allowed?(@user, permission, @project)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,127 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe Gitlab::CycleAnalytics::Permissions do
|
||||
let(:project) { create(:empty_project) }
|
||||
let(:user) { create(:user) }
|
||||
|
||||
subject { described_class.get(user: user, project: project) }
|
||||
|
||||
context 'user with no relation to the project' do
|
||||
it 'has no permissions to issue stage' do
|
||||
expect(subject[:issue]).to eq(false)
|
||||
end
|
||||
|
||||
it 'has no permissions to test stage' do
|
||||
expect(subject[:test]).to eq(false)
|
||||
end
|
||||
|
||||
it 'has no permissions to staging stage' do
|
||||
expect(subject[:staging]).to eq(false)
|
||||
end
|
||||
|
||||
it 'has no permissions to production stage' do
|
||||
expect(subject[:production]).to eq(false)
|
||||
end
|
||||
|
||||
it 'has no permissions to code stage' do
|
||||
expect(subject[:code]).to eq(false)
|
||||
end
|
||||
|
||||
it 'has no permissions to review stage' do
|
||||
expect(subject[:review]).to eq(false)
|
||||
end
|
||||
|
||||
it 'has no permissions to plan stage' do
|
||||
expect(subject[:plan]).to eq(false)
|
||||
end
|
||||
end
|
||||
|
||||
context 'user is master' do
|
||||
before do
|
||||
project.team << [user, :master]
|
||||
end
|
||||
|
||||
it 'has permissions to issue stage' do
|
||||
expect(subject[:issue]).to eq(true)
|
||||
end
|
||||
|
||||
it 'has permissions to test stage' do
|
||||
expect(subject[:test]).to eq(true)
|
||||
end
|
||||
|
||||
it 'has permissions to staging stage' do
|
||||
expect(subject[:staging]).to eq(true)
|
||||
end
|
||||
|
||||
it 'has permissions to production stage' do
|
||||
expect(subject[:production]).to eq(true)
|
||||
end
|
||||
|
||||
it 'has permissions to code stage' do
|
||||
expect(subject[:code]).to eq(true)
|
||||
end
|
||||
|
||||
it 'has permissions to review stage' do
|
||||
expect(subject[:review]).to eq(true)
|
||||
end
|
||||
|
||||
it 'has permissions to plan stage' do
|
||||
expect(subject[:plan]).to eq(true)
|
||||
end
|
||||
end
|
||||
|
||||
context 'user has no build permissions' do
|
||||
before do
|
||||
project.team << [user, :guest]
|
||||
end
|
||||
|
||||
it 'has permissions to issue stage' do
|
||||
expect(subject[:issue]).to eq(true)
|
||||
end
|
||||
|
||||
it 'has no permissions to test stage' do
|
||||
expect(subject[:test]).to eq(false)
|
||||
end
|
||||
|
||||
it 'has no permissions to staging stage' do
|
||||
expect(subject[:staging]).to eq(false)
|
||||
end
|
||||
end
|
||||
|
||||
context 'user has no merge request permissions' do
|
||||
before do
|
||||
project.team << [user, :guest]
|
||||
end
|
||||
|
||||
it 'has permissions to issue stage' do
|
||||
expect(subject[:issue]).to eq(true)
|
||||
end
|
||||
|
||||
it 'has no permissions to code stage' do
|
||||
expect(subject[:code]).to eq(false)
|
||||
end
|
||||
|
||||
it 'has no permissions to review stage' do
|
||||
expect(subject[:review]).to eq(false)
|
||||
end
|
||||
end
|
||||
|
||||
context 'user has no issue permissions' do
|
||||
before do
|
||||
project.team << [user, :developer]
|
||||
project.project_feature.update_attribute(:issues_access_level, ProjectFeature::DISABLED)
|
||||
end
|
||||
|
||||
it 'has permissions to code stage' do
|
||||
expect(subject[:code]).to eq(true)
|
||||
end
|
||||
|
||||
it 'has no permissions to issue stage' do
|
||||
expect(subject[:issue]).to eq(false)
|
||||
end
|
||||
|
||||
it 'has no permissions to production stage' do
|
||||
expect(subject[:production]).to eq(false)
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue