From 1149c944d90ec2fccd7551c262895a0a6838dbbc Mon Sep 17 00:00:00 2001
From: Sashi <skumar@gitlab.com>
Date: Thu, 24 Mar 2022 23:56:54 +0530
Subject: [PATCH] Rename read policy for security orchestration policies
This MR updates the policy name with read_* prefix
for security orchestration policies.
EE: true
---
.../projects/security/policies_controller.rb | 2 +-
.../security_policy/commit_scan_execution_policy.rb | 2 +-
.../concerns/resolves_orchestration_policy.rb | 2 +-
ee/app/policies/ee/group_policy.rb | 2 +-
ee/app/policies/ee/project_policy.rb | 2 +-
.../projects/menus/security_compliance_menu.rb | 2 +-
.../groups/menus/security_compliance_menu.rb | 2 +-
ee/spec/policies/group_policy_spec.rb | 12 ++++++------
ee/spec/policies/project_policy_spec.rb | 4 ++--
9 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/ee/app/controllers/projects/security/policies_controller.rb b/ee/app/controllers/projects/security/policies_controller.rb
index 183c24b45f059..1fddd44dd519c 100644
--- a/ee/app/controllers/projects/security/policies_controller.rb
+++ b/ee/app/controllers/projects/security/policies_controller.rb
@@ -5,7 +5,7 @@ module Security
class PoliciesController < Projects::ApplicationController
include SecurityAndCompliancePermissions
- before_action :authorize_security_orchestration_policies!
+ before_action :authorize_read_security_orchestration_policies!
before_action :validate_policy_configuration, only: :edit
before_action do
diff --git a/ee/app/graphql/mutations/security_policy/commit_scan_execution_policy.rb b/ee/app/graphql/mutations/security_policy/commit_scan_execution_policy.rb
index 320fe48edc908..803a05fd0bd34 100644
--- a/ee/app/graphql/mutations/security_policy/commit_scan_execution_policy.rb
+++ b/ee/app/graphql/mutations/security_policy/commit_scan_execution_policy.rb
@@ -8,7 +8,7 @@ class CommitScanExecutionPolicy < BaseMutation
include FindsProjectOrGroupForSecurityPolicies
- authorize :security_orchestration_policies
+ authorize :read_security_orchestration_policies
argument :full_path, GraphQL::Types::String,
required: false,
diff --git a/ee/app/graphql/resolvers/concerns/resolves_orchestration_policy.rb b/ee/app/graphql/resolvers/concerns/resolves_orchestration_policy.rb
index b70c6cf3cefd0..741e54ba2eac0 100644
--- a/ee/app/graphql/resolvers/concerns/resolves_orchestration_policy.rb
+++ b/ee/app/graphql/resolvers/concerns/resolves_orchestration_policy.rb
@@ -14,7 +14,7 @@ module ResolvesOrchestrationPolicy
def authorize!
Ability.allowed?(
- context[:current_user], :security_orchestration_policies, policy_configuration.security_policy_management_project
+ context[:current_user], :read_security_orchestration_policies, policy_configuration.security_policy_management_project
) || raise_resource_not_available_error!
end
diff --git a/ee/app/policies/ee/group_policy.rb b/ee/app/policies/ee/group_policy.rb
index fa78f57379e21..716806303b855 100644
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -311,7 +311,7 @@ module GroupPolicy
end
rule { security_orchestration_policies_enabled & can?(:developer_access) }.policy do
- enable :security_orchestration_policies
+ enable :read_security_orchestration_policies
end
rule { security_dashboard_enabled & developer }.policy do
diff --git a/ee/app/policies/ee/project_policy.rb b/ee/app/policies/ee/project_policy.rb
index 46e5f7e114458..8270feaad939a 100644
--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -199,7 +199,7 @@ module ProjectPolicy
rule { can?(:read_project) & iterations_available }.enable :read_iteration
rule { security_orchestration_policies_enabled & can?(:developer_access) }.policy do
- enable :security_orchestration_policies
+ enable :read_security_orchestration_policies
end
rule { security_orchestration_policies_enabled & can?(:owner_access) }.policy do
diff --git a/ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb b/ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb
index 838accb780aef..615ee9bef4435 100644
--- a/ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb
+++ b/ee/lib/ee/sidebars/projects/menus/security_compliance_menu.rb
@@ -145,7 +145,7 @@ def threat_monitoring_menu_item
end
def scan_policies_menu_item
- unless can?(context.current_user, :security_orchestration_policies, context.project)
+ unless can?(context.current_user, :read_security_orchestration_policies, context.project)
return ::Sidebars::NilMenuItem.new(item_id: :scan_policies)
end
diff --git a/ee/lib/sidebars/groups/menus/security_compliance_menu.rb b/ee/lib/sidebars/groups/menus/security_compliance_menu.rb
index 4b112bd82c27d..24f72b3020601 100644
--- a/ee/lib/sidebars/groups/menus/security_compliance_menu.rb
+++ b/ee/lib/sidebars/groups/menus/security_compliance_menu.rb
@@ -125,7 +125,7 @@ def scan_policies_menu_item
def group_level_security_policies_available?
Feature.enabled?(:group_level_security_policies, context.group, default_enabled: :yaml) &&
- can?(context.current_user, :security_orchestration_policies, context.group)
+ can?(context.current_user, :read_security_orchestration_policies, context.group)
end
def audit_events_menu_item
diff --git a/ee/spec/policies/group_policy_spec.rb b/ee/spec/policies/group_policy_spec.rb
index ce9cd536b64c8..06ddb34452fe9 100644
--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -922,7 +922,7 @@ def stub_group_saml_config(enabled)
with_them do
let(:current_user) { public_send(role) }
- it { is_expected.to be_allowed(:security_orchestration_policies) }
+ it { is_expected.to be_allowed(:read_security_orchestration_policies) }
end
end
@@ -932,7 +932,7 @@ def stub_group_saml_config(enabled)
with_them do
let(:current_user) { public_send(role) }
- it { is_expected.to be_allowed(:security_orchestration_policies) }
+ it { is_expected.to be_allowed(:read_security_orchestration_policies) }
end
end
end
@@ -1947,7 +1947,7 @@ def expect_private_group_permissions_as_if_non_member
with_them do
let(:current_user) { public_send(role) }
- it { is_expected.to be_disallowed(:security_orchestration_policies) }
+ it { is_expected.to be_disallowed(:read_security_orchestration_policies) }
it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
end
end
@@ -1958,7 +1958,7 @@ def expect_private_group_permissions_as_if_non_member
with_them do
let(:current_user) { public_send(role) }
- it { is_expected.to be_disallowed(:security_orchestration_policies) }
+ it { is_expected.to be_disallowed(:read_security_orchestration_policies) }
it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
end
end
@@ -1975,7 +1975,7 @@ def expect_private_group_permissions_as_if_non_member
with_them do
let(:current_user) { public_send(role) }
- it { is_expected.to be_allowed(:security_orchestration_policies) }
+ it { is_expected.to be_allowed(:read_security_orchestration_policies) }
it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
end
end
@@ -1986,7 +1986,7 @@ def expect_private_group_permissions_as_if_non_member
with_them do
let(:current_user) { public_send(role) }
- it { is_expected.to be_allowed(:security_orchestration_policies) }
+ it { is_expected.to be_allowed(:read_security_orchestration_policies) }
it { is_expected.to be_allowed(:update_security_orchestration_policy_project) }
end
end
diff --git a/ee/spec/policies/project_policy_spec.rb b/ee/spec/policies/project_policy_spec.rb
index 4159d23b0c076..5a086fffbdc59 100644
--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -779,7 +779,7 @@
with_them do
let(:current_user) { public_send(role) }
- it { is_expected.to be_allowed(:security_orchestration_policies) }
+ it { is_expected.to be_allowed(:read_security_orchestration_policies) }
it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
end
end
@@ -790,7 +790,7 @@
with_them do
let(:current_user) { public_send(role) }
- it { is_expected.to be_allowed(:security_orchestration_policies) }
+ it { is_expected.to be_allowed(:read_security_orchestration_policies) }
it { is_expected.to be_allowed(:update_security_orchestration_policy_project) }
end
end
--
GitLab