From 82e89c82df7943678f2c768f2474d26c9da484d8 Mon Sep 17 00:00:00 2001 From: cablett Date: Thu, 9 Mar 2023 15:23:02 +1300 Subject: [PATCH] Add import work items policy - Remove unneeded Requirements license check --- app/policies/project_policy.rb | 1 + app/services/work_items/import_csv_service.rb | 2 +- .../ee/work_items/import_csv_service.rb | 3 +- spec/policies/project_policy_spec.rb | 30 +++++++++++++++++++ .../work_items/import_csv_service_spec.rb | 4 +++ 5 files changed, 37 insertions(+), 3 deletions(-) diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index fcb93e44191d17..d17f068f3da01e 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -436,6 +436,7 @@ class ProjectPolicy < BasePolicy rule { ~request_access_enabled }.prevent :request_access rule { can?(:developer_access) & can?(:create_issue) }.enable :import_issues + rule { can?(:reporter_access) & can?(:create_work_item) }.enable :import_work_items rule { can?(:developer_access) }.policy do enable :create_package diff --git a/app/services/work_items/import_csv_service.rb b/app/services/work_items/import_csv_service.rb index e83561832f3b1b..e7043cc882a442 100644 --- a/app/services/work_items/import_csv_service.rb +++ b/app/services/work_items/import_csv_service.rb @@ -26,7 +26,7 @@ def self.required_headers def execute raise FeatureNotAvailableError if ::Feature.disabled?(:import_export_work_items_csv, project) - raise NotAuthorizedError unless Ability.allowed?(user, :create_work_item, project) + raise NotAuthorizedError unless Ability.allowed?(user, :import_work_items, project) super end diff --git a/ee/app/services/ee/work_items/import_csv_service.rb b/ee/app/services/ee/work_items/import_csv_service.rb index 37b85888134643..59225823023e78 100644 --- a/ee/app/services/ee/work_items/import_csv_service.rb +++ b/ee/app/services/ee/work_items/import_csv_service.rb @@ -17,8 +17,7 @@ def available_work_item_types end def can_create_requirements? - project.licensed_feature_available?(:requirements) && - Ability.allowed?(user, :create_requirement, project) + Ability.allowed?(user, :create_requirement, project) end end end diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 38c487f3c36f9e..7b2b0122768b67 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -441,6 +441,36 @@ def set_access_level(access_level) end end + context 'importing work items' do + %w(reporter developer maintainer owner).each do |role| + context "with #{role}" do + let(:current_user) { send(role) } + + it { is_expected.to be_allowed(:import_work_items) } + end + end + + %w(guest anonymous).each do |role| + context "with #{role}" do + let(:current_user) { send(role) } + + it { is_expected.to be_disallowed(:import_work_items) } + end + end + + context 'with an admin' do + let(:current_user) { admin } + + context 'when admin mode is enabled', :enable_admin_mode do + it { expect_allowed(:import_work_items) } + end + + context 'when admin mode is disabled' do + it { expect_disallowed(:import_work_items) } + end + end + end + context 'reading usage quotas' do %w(maintainer owner).each do |role| context "with #{role}" do diff --git a/spec/services/work_items/import_csv_service_spec.rb b/spec/services/work_items/import_csv_service_spec.rb index 504001f4755583..3c710640f4afb4 100644 --- a/spec/services/work_items/import_csv_service_spec.rb +++ b/spec/services/work_items/import_csv_service_spec.rb @@ -110,6 +110,10 @@ end context 'when user does not have permission' do + before do + project.add_guest(user) + end + it 'raises an error' do expect { subject }.to raise_error(/You do not have permission to import work items in this project/) end -- GitLab