Merge branch 'xanf-change-permission-names' into 'master'

Rename compliance related report policies See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/168200 Merged-by: Brett Walker <bwalker@gitlab.com> Approved-by: Jarka Košanová <jarka@gitlab.com> Approved-by: Olaoluwa Oluro <olaoluro@gitlab.com> Approved-by: Adam Hegyi <ahegyi@gitlab.com> Approved-by: Brett Walker <bwalker@gitlab.com> Co-authored-by: Illya Klymov <iklymov@gitlab.com>

Merge branch 'xanf-change-permission-names' into 'master'
c75ad249 · Brett Walker · GitLab · 9961ba60 · 114d3c3a · c75ad249
--- a/ee/app/controllers/groups/security/compliance_standards_adherence_reports_controller.rb
+++ b/ee/app/controllers/groups/security/compliance_standards_adherence_reports_controller.rb
@@ -6,7 +6,7 @@ class ComplianceStandardsAdherenceReportsController < Groups::ApplicationControl
      include Groups::SecurityFeaturesHelper

      before_action do
-        render_404 unless can?(current_user, :read_group_compliance_adherence_report, group)
+        render_404 unless can?(current_user, :read_compliance_adherence_report, group)
      end

      feature_category :compliance_management

--- a/ee/app/controllers/groups/security/compliance_violation_reports_controller.rb
+++ b/ee/app/controllers/groups/security/compliance_violation_reports_controller.rb
@@ -6,7 +6,7 @@ class ComplianceViolationReportsController < Groups::ApplicationController
      include Groups::SecurityFeaturesHelper

      before_action do
-        render_404 unless can?(current_user, :read_group_compliance_violations_report, group)
+        render_404 unless can?(current_user, :read_compliance_violations_report, group)
      end

      feature_category :compliance_management

--- a/ee/app/finders/compliance_management/merge_requests/compliance_violations_finder.rb
+++ b/ee/app/finders/compliance_management/merge_requests/compliance_violations_finder.rb
@@ -61,7 +61,7 @@ def in_operator_scope
      end

      def allowed?
-        Ability.allowed?(current_user, :read_group_compliance_dashboard, group)
+        Ability.allowed?(current_user, :read_compliance_violations_report, group)
      end
    end
  end

--- a/ee/app/finders/projects/compliance_standards/adherence_finder.rb
+++ b/ee/app/finders/projects/compliance_standards/adherence_finder.rb
@@ -31,7 +31,7 @@ def execute
      def allowed?
        return true if params[:skip_authorization].present?

-        Ability.allowed?(current_user, :read_group_compliance_adherence_report, group)
+        Ability.allowed?(current_user, :read_compliance_adherence_report, group)
      end

      def init_collection

--- a/ee/app/graphql/ee/types/group_type.rb
+++ b/ee/app/graphql/ee/types/group_type.rb
@@ -144,7 +144,7 @@ module GroupType
          null: true,
          description: 'Compliance violations reported on merge requests merged within the group.',
          resolver: ::Resolvers::ComplianceManagement::MergeRequests::ComplianceViolationResolver,
-          authorize: :read_group_compliance_violations_report
+          authorize: :read_compliance_violations_report

        field :allow_stale_runner_pruning,
          ::GraphQL::Types::Boolean,
@@ -202,7 +202,7 @@ module GroupType
          null: true,
          description: 'Compliance standards adherence for the projects in a group and its subgroups.',
          resolver: ::Resolvers::Projects::ComplianceStandards::AdherenceResolver,
-          authorize: :read_group_compliance_adherence_report
+          authorize: :read_compliance_adherence_report

        field :value_stream_dashboard_usage_overview,
          ::Types::Analytics::ValueStreamDashboard::CountType,

--- a/ee/app/graphql/mutations/compliance_management/standards/refresh_adherence_checks.rb
+++ b/ee/app/graphql/mutations/compliance_management/standards/refresh_adherence_checks.rb
@@ -8,7 +8,7 @@ class RefreshAdherenceChecks < BaseMutation

        include Mutations::ResolvesGroup

-        authorize :read_group_compliance_dashboard
+        authorize :read_compliance_dashboard

        argument :group_path, GraphQL::Types::ID,
          required: true,

--- a/ee/app/graphql/resolvers/compliance_management/merge_requests/compliance_violation_resolver.rb
+++ b/ee/app/graphql/resolvers/compliance_management/merge_requests/compliance_violation_resolver.rb
@@ -11,7 +11,7 @@ class ComplianceViolationResolver < BaseResolver
        type ::Types::ComplianceManagement::MergeRequests::ComplianceViolationType.connection_type, null: true
        description 'Compliance violations reported on a merged merge request.'

-        authorize :read_group_compliance_dashboard
+        authorize :read_compliance_violations_report
        authorizes_object!

        argument :filters, Types::ComplianceManagement::MergeRequests::ComplianceViolationInputType,

--- a/ee/app/graphql/resolvers/projects/compliance_standards/adherence_resolver.rb
+++ b/ee/app/graphql/resolvers/projects/compliance_standards/adherence_resolver.rb
@@ -11,7 +11,7 @@ class AdherenceResolver < BaseResolver
        type ::Types::Projects::ComplianceStandards::AdherenceInputType.connection_type, null: true
        description 'Compliance standards adherence for a project.'

-        authorize :read_group_compliance_dashboard
+        authorize :read_compliance_adherence_report
        authorizes_object!

        argument :filters, Types::Projects::ComplianceStandards::AdherenceInputType,

--- a/ee/app/graphql/types/compliance_management/merge_requests/compliance_violation_type.rb
+++ b/ee/app/graphql/types/compliance_management/merge_requests/compliance_violation_type.rb
@@ -7,7 +7,7 @@ class ComplianceViolationType < ::Types::BaseObject
        graphql_name 'ComplianceViolation'
        description 'Compliance violation associated with a merged merge request.'

-        authorize :read_group_compliance_dashboard
+        authorize :read_compliance_violations_report

        field :id, GraphQL::Types::ID,
          null: false, description: 'Compliance violation ID.'

--- a/ee/app/graphql/types/projects/compliance_standards/adherence_type.rb
+++ b/ee/app/graphql/types/projects/compliance_standards/adherence_type.rb
@@ -7,7 +7,7 @@ class AdherenceType < ::Types::BaseObject
        graphql_name 'ComplianceStandardsAdherence'
        description 'Compliance standards adherence for a project.'

-        authorize :read_group_compliance_dashboard
+        authorize :read_compliance_dashboard

        field :id, GraphQL::Types::ID,
          null: false, description: 'Compliance standards adherence ID.'

--- a/ee/app/helpers/groups/security_features_helper.rb
+++ b/ee/app/helpers/groups/security_features_helper.rb
@@ -3,7 +3,7 @@
 module Groups::SecurityFeaturesHelper
  def group_level_compliance_dashboard_available?(group)
    group.licensed_feature_available?(:group_level_compliance_dashboard) &&
-      can?(current_user, :read_group_compliance_dashboard, group)
+      can?(current_user, :read_compliance_dashboard, group)
  end

  def authorize_compliance_dashboard!

--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -582,15 +582,15 @@ module GroupPolicy
      rule { custom_role_enables_admin_compliance_framework & compliance_framework_available }.policy do
        enable :admin_compliance_framework
        enable :admin_compliance_pipeline_configuration
-        enable :read_group_compliance_dashboard
+        enable :read_compliance_dashboard
      end

      rule { custom_role_enables_admin_compliance_framework & group_level_compliance_adherence_report_enabled }.policy do
-        enable :read_group_compliance_adherence_report
+        enable :read_compliance_adherence_report
      end

      rule { custom_role_enables_admin_compliance_framework & group_level_compliance_violations_report_enabled }.policy do
-        enable :read_group_compliance_violations_report
+        enable :read_compliance_violations_report
      end

      rule { custom_role_enables_remove_group & has_parent }.policy do
@@ -661,15 +661,15 @@ module GroupPolicy
      end

      rule { (admin | owner | auditor) & group_level_compliance_dashboard_enabled }.policy do
-        enable :read_group_compliance_dashboard
+        enable :read_compliance_dashboard
      end

      rule { (admin | owner | auditor) & group_level_compliance_adherence_report_enabled }.policy do
-        enable :read_group_compliance_adherence_report
+        enable :read_compliance_adherence_report
      end

      rule { (admin | owner | auditor) & group_level_compliance_violations_report_enabled }.policy do
-        enable :read_group_compliance_violations_report
+        enable :read_compliance_violations_report
      end

      rule { (admin | owner) & group_merge_request_approval_settings_enabled }.policy do

--- a/ee/app/services/compliance_management/frameworks/export_service.rb
+++ b/ee/app/services/compliance_management/frameworks/export_service.rb
@@ -32,7 +32,7 @@ def csv_builder
      end

      def allowed?
-        Ability.allowed?(user, :read_group_compliance_dashboard, group)
+        Ability.allowed?(user, :read_compliance_dashboard, group)
      end

      def rows

--- a/ee/app/services/compliance_management/standards/export_service.rb
+++ b/ee/app/services/compliance_management/standards/export_service.rb
@@ -32,7 +32,7 @@ def csv_builder
      end

      def allowed?
-        Ability.allowed?(user, :read_group_compliance_adherence_report, group)
+        Ability.allowed?(user, :read_compliance_adherence_report, group)
      end

      def rows

--- a/ee/app/services/compliance_management/standards/refresh_service.rb
+++ b/ee/app/services/compliance_management/standards/refresh_service.rb
@@ -24,7 +24,7 @@ def execute
      private

      def allowed?
-        Ability.allowed?(current_user, :read_group_compliance_adherence_report, group)
+        Ability.allowed?(current_user, :read_compliance_adherence_report, group)
      end
    end
  end

--- a/ee/app/services/compliance_management/violations/export_service.rb
+++ b/ee/app/services/compliance_management/violations/export_service.rb
@@ -33,7 +33,7 @@ def email_export
      attr_reader :user, :namespace, :filters, :sort

      def allowed?
-        Ability.allowed?(user, :read_group_compliance_violations_report, namespace)
+        Ability.allowed?(user, :read_compliance_violations_report, namespace)
      end

      def csv_builder

--- a/ee/app/views/shared/compliance/_compliance_dashboard.html.haml
+++ b/ee/app/views/shared/compliance/_compliance_dashboard.html.haml
 - group = local_assigns[:group]

- adherence_report_enabled = can?(current_user, :read_group_compliance_adherence_report, group)
- violations_report_enabled = can?(current_user, :read_group_compliance_violations_report, group)
+- adherence_report_enabled = can?(current_user, :read_compliance_adherence_report, group)
+- violations_report_enabled = can?(current_user, :read_compliance_violations_report, group)

 #js-compliance-report{ data: {
  violations_csv_export_path: violations_report_enabled && group_security_compliance_violation_reports_path(group, format: :csv),

--- a/ee/lib/sidebars/groups/menus/security_compliance_menu.rb
+++ b/ee/lib/sidebars/groups/menus/security_compliance_menu.rb
@@ -111,7 +111,7 @@ def compliance_menu_item

        def group_level_compliance_dashboard_available?
          context.group.licensed_feature_available?(:group_level_compliance_dashboard) &&
-            can?(context.current_user, :read_group_compliance_dashboard, context.group)
+            can?(context.current_user, :read_compliance_dashboard, context.group)
        end

        def credentials_menu_item

--- a/ee/spec/graphql/types/compliance_management/merge_requests/compliance_violation_type_spec.rb
+++ b/ee/spec/graphql/types/compliance_management/merge_requests/compliance_violation_type_spec.rb
@@ -9,5 +9,5 @@

  specify { expect(described_class.graphql_name).to eq('ComplianceViolation') }
  specify { expect(described_class).to have_graphql_fields(fields) }
-  specify { expect(described_class).to require_graphql_authorizations(:read_group_compliance_dashboard) }
+  specify { expect(described_class).to require_graphql_authorizations(:read_compliance_violations_report) }
 end
--- a/ee/spec/graphql/types/projects/compliance_standards/adherence_type_spec.rb
+++ b/ee/spec/graphql/types/projects/compliance_standards/adherence_type_spec.rb
@@ -9,5 +9,5 @@

  specify { expect(described_class.graphql_name).to eq('ComplianceStandardsAdherence') }
  specify { expect(described_class).to have_graphql_fields(fields) }
-  specify { expect(described_class).to require_graphql_authorizations(:read_group_compliance_dashboard) }
+  specify { expect(described_class).to require_graphql_authorizations(:read_compliance_dashboard) }
 end