From b1aca3e2ae71dd04951c0f2e87b876f3ef1405d1 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 25 Sep 2023 11:59:44 -0600 Subject: [PATCH] Release `admin_merge_request` granular permission Changelog: added EE: true --- ee/app/policies/ee/merge_request_policy.rb | 3 +-- ee/app/policies/ee/project_policy.rb | 3 +-- .../feature_flags/development/admin_merge_request.yml | 8 -------- ee/spec/policies/merge_request_policy_spec.rb | 10 ---------- ee/spec/policies/project_policy_spec.rb | 11 ----------- 5 files changed, 2 insertions(+), 33 deletions(-) delete mode 100644 ee/config/feature_flags/development/admin_merge_request.yml diff --git a/ee/app/policies/ee/merge_request_policy.rb b/ee/app/policies/ee/merge_request_policy.rb index 3c32f63243b60f..9cd286fe0fc793 100644 --- a/ee/app/policies/ee/merge_request_policy.rb +++ b/ee/app/policies/ee/merge_request_policy.rb @@ -61,8 +61,7 @@ module MergeRequestPolicy condition(:role_enables_admin_merge_request) do next unless @user.is_a?(User) - ::Feature.enabled?(:admin_merge_request, subject&.project) && - @user.custom_permission_for?(subject&.project, :admin_merge_request) + @user.custom_permission_for?(subject&.project, :admin_merge_request) end with_scope :subject diff --git a/ee/app/policies/ee/project_policy.rb b/ee/app/policies/ee/project_policy.rb index 09541c771e228e..8d067869d1260c 100644 --- a/ee/app/policies/ee/project_policy.rb +++ b/ee/app/policies/ee/project_policy.rb @@ -237,8 +237,7 @@ module ProjectPolicy condition(:role_enables_admin_merge_request) do next unless @user.is_a?(User) - ::Feature.enabled?(:admin_merge_request, subject) && - @user.custom_permission_for?(project, :admin_merge_request) + @user.custom_permission_for?(project, :admin_merge_request) end desc "Custom role on project that enables admin vulnerability" diff --git a/ee/config/feature_flags/development/admin_merge_request.yml b/ee/config/feature_flags/development/admin_merge_request.yml deleted file mode 100644 index a46560d3893a72..00000000000000 --- a/ee/config/feature_flags/development/admin_merge_request.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: admin_merge_request -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128302 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/421478 -milestone: '16.4' -type: development -group: group::threat insights -default_enabled: true diff --git a/ee/spec/policies/merge_request_policy_spec.rb b/ee/spec/policies/merge_request_policy_spec.rb index 85c8fa71086d96..74f30a9e4cef94 100644 --- a/ee/spec/policies/merge_request_policy_spec.rb +++ b/ee/spec/policies/merge_request_policy_spec.rb @@ -567,16 +567,6 @@ def policy_for(user) it 'enables the `approve_merge_request` ability' do expect(subject).to be_allowed(:approve_merge_request) end - - context 'when the `admin_merge_request` feature flag is disabled' do - before do - stub_feature_flags(admin_merge_request: false) - end - - it 'disables the `approve_merge_request` ability' do - expect(subject).to be_disallowed(:approve_merge_request) - end - end end context 'when the user is a member of a custom role with `admin_merge_request` disabled' do diff --git a/ee/spec/policies/project_policy_spec.rb b/ee/spec/policies/project_policy_spec.rb index c433a0407a285a..2719c54f2e0b29 100644 --- a/ee/spec/policies/project_policy_spec.rb +++ b/ee/spec/policies/project_policy_spec.rb @@ -2655,17 +2655,6 @@ def create_member_role(member, abilities = member_role_abilities) it { is_expected.to be_disallowed(:read_merge_request, :admin_merge_request, :download_code) } end - - context 'with `admin_merge_request` feature disabled' do - before do - stub_feature_flags(admin_merge_request: false) - stub_licensed_features(custom_roles: true) - create_member_role(group_member_guest, admin_merge_request: true) - end - - it { is_expected.to be_disallowed(:admin_merge_request) } - it { is_expected.to be_disallowed(:download_code) } - end end end -- GitLab