Merge branch '358633-auditor-cannot-view-project-escalation-policies' into 'master'

Allow read-only access to escalation policies for auditors See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/98269 Merged-by: Alex Pooley <apooley@gitlab.com> Approved-by: Sunjung Park <spark@gitlab.com> Approved-by: Sarah Yasonik <syasonik@gitlab.com> Approved-by: Alex Pooley <apooley@gitlab.com> Co-authored-by: Peter Leitzen <pleitzen@gitlab.com>

Merge branch '358633-auditor-cannot-view-project-escalation-policies' into 'master'
e066c375 · Alex Pooley · 8a9ce220 · 5184eb65 · e066c375 · e066c375
--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -322,6 +322,10 @@ module ProjectPolicy
        enable :read_incident_management_oncall_schedule
      end
+      rule { auditor & escalation_policies_available }.policy do
+        enable :read_incident_management_escalation_policy
+      end
      rule { auditor & ~developer }.policy do
        prevent :create_vulnerability
        prevent :admin_vulnerability

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -1682,6 +1682,7 @@
        :owner      | nil   | true
        :admin      | false | false
        :admin      | true  | true
+        :auditor    | false | true
      end
      before do
@@ -1715,6 +1716,7 @@
        :owner      | nil   | true
        :admin      | false | false
        :admin      | true  | true
+        :auditor    | false | false
      end
      before do