From 27234b09a0b4ef34e89c4d22a850827c62b7618b Mon Sep 17 00:00:00 2001 From: Eugie Limpin Date: Tue, 15 Jul 2025 16:43:21 +0800 Subject: [PATCH 1/6] Show Dashboard, Projects, and Groups sub-menus --- .../lib/ee/sidebars/admin/menus/admin_overview_menu_spec.rb | 5 +++-- lib/sidebars/admin/menus/admin_overview_menu.rb | 6 +++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/ee/spec/lib/ee/sidebars/admin/menus/admin_overview_menu_spec.rb b/ee/spec/lib/ee/sidebars/admin/menus/admin_overview_menu_spec.rb index c2f3932289d854..cc5fbd27a0c80c 100644 --- a/ee/spec/lib/ee/sidebars/admin/menus/admin_overview_menu_spec.rb +++ b/ee/spec/lib/ee/sidebars/admin/menus/admin_overview_menu_spec.rb @@ -51,8 +51,9 @@ subject(:menu_items) { menu.renderable_items.map(&:title) } where(:custom_ability, :expected_menu_items) do - :read_admin_users | [_('Dashboard'), _('Users')] - :read_admin_monitoring | [_('Dashboard'), _('Gitaly servers')] + :read_admin_users | [_('Dashboard'), _('Users')] + :read_admin_monitoring | [_('Dashboard'), _('Gitaly servers')] + :read_admin_groups | [_('Dashboard'), _('Projects'), _('Groups')] end with_them do diff --git a/lib/sidebars/admin/menus/admin_overview_menu.rb b/lib/sidebars/admin/menus/admin_overview_menu.rb index c58cff892e834f..69fef0c37e4f10 100644 --- a/lib/sidebars/admin/menus/admin_overview_menu.rb +++ b/lib/sidebars/admin/menus/admin_overview_menu.rb @@ -54,7 +54,7 @@ def projects_menu_item link: admin_projects_path, active_routes: { controller: 'admin/projects' }, item_id: :projects - ) { can?(current_user, :admin_all_resources) } + ) { can?(current_user, :read_admin_groups) } end def users_menu_item @@ -74,7 +74,7 @@ def groups_menu_item active_routes: { controller: 'groups' }, item_id: :groups, container_html_options: { 'data-testid': 'admin-overview-groups-link' } - ) { can?(current_user, :admin_all_resources) } + ) { can?(current_user, :read_admin_groups) } end def organizations_menu_item @@ -111,4 +111,4 @@ def gitaly_servers_menu_item end end -Sidebars::Admin::Menus::AdminOverviewMenu.prepend_mod_with('Sidebars::Admin::Menus::AdminOverviewMenu') +Sidebars::Admin::Menus::AdminOverviewMenu.prepend_mod -- GitLab From 44d0f24815e6300f1445c7a7911ccddd862939f6 Mon Sep 17 00:00:00 2001 From: Eugie Limpin Date: Tue, 15 Jul 2025 16:44:54 +0800 Subject: [PATCH 2/6] Allow access to groups and projects pages in the admin area In addition to allowing access to groups and projects pages, we also ensure buttons resulting to actions that require write access are not displayed. --- app/views/admin/groups/_group.html.haml | 11 +- app/views/admin/groups/index.html.haml | 9 +- app/views/admin/groups/show.html.haml | 7 +- app/views/admin/projects/index.html.haml | 5 +- .../controllers/ee/admin/groups_controller.rb | 2 + .../ee/admin/projects_controller.rb | 2 + ee/spec/features/admin/admin_groups_spec.rb | 109 ++++++++++++------ ee/spec/features/admin/admin_projects_spec.rb | 44 +++++++ .../admin/read_admin_groups_spec.rb | 50 ++++++++ 9 files changed, 191 insertions(+), 48 deletions(-) create mode 100644 ee/spec/features/admin/admin_projects_spec.rb create mode 100644 ee/spec/requests/custom_roles/admin/read_admin_groups_spec.rb diff --git a/app/views/admin/groups/_group.html.haml b/app/views/admin/groups/_group.html.haml index 8743d87b677635..0aca7d3fefbdce 100644 --- a/app/views/admin/groups/_group.html.haml +++ b/app/views/admin/groups/_group.html.haml @@ -30,9 +30,10 @@ %span.gl-ml-5.visibility-icon.has-tooltip{ data: { container: 'body', placement: 'left' }, title: visibility_icon_description(group) } = visibility_level_icon(group.visibility_level) - .controls.gl-flex.gl-shrink-0.gl-ml-5 - = render Pajamas::ButtonComponent.new(href: admin_group_edit_path(group), button_options: { id: "edit_#{dom_id(group)}" }) do - = _('Edit') + - if current_user.can_admin_all_resources? + .controls.gl-flex.gl-shrink-0.gl-ml-5 + = render Pajamas::ButtonComponent.new(href: admin_group_edit_path(group), button_options: { id: "edit_#{dom_id(group)}" }) do + = _('Edit') - = form_tag([:admin, group], method: :delete, id: remove_form_id) do - .js-confirm-danger{ data: group_confirm_modal_data(group: group, remove_form_id: remove_form_id, permanently_remove: true, button_text: _('Delete')) } + = form_tag([:admin, group], method: :delete, id: remove_form_id) do + .js-confirm-danger{ data: group_confirm_modal_data(group: group, remove_form_id: remove_form_id, permanently_remove: true, button_text: _('Delete')) } diff --git a/app/views/admin/groups/index.html.haml b/app/views/admin/groups/index.html.haml index b297a48144d83b..ea0e1d8c4c261a 100644 --- a/app/views/admin/groups/index.html.haml +++ b/app/views/admin/groups/index.html.haml @@ -1,10 +1,11 @@ - page_title _("Groups") - add_page_specific_style 'page_bundles/search' -= render ::Layouts::PageHeadingComponent.new(_('Groups'), options: { data: { event_tracking_load: 'true', event_tracking: 'view_admin_groups_pageload' } }) do |c| - - c.with_actions do - = link_button_to new_admin_group_path, variant: :confirm do - = _('New group') +- if current_user.can_admin_all_resources? + = render ::Layouts::PageHeadingComponent.new(_('Groups'), options: { data: { event_tracking_load: 'true', event_tracking: 'view_admin_groups_pageload' } }) do |c| + - c.with_actions do + = link_button_to new_admin_group_path, variant: :confirm do + = _('New group') - if Feature.enabled?(:admin_groups_vue, current_user) #js-admin-groups-app diff --git a/app/views/admin/groups/show.html.haml b/app/views/admin/groups/show.html.haml index ac7cf6344c6b16..b3a26c036cd45b 100644 --- a/app/views/admin/groups/show.html.haml +++ b/app/views/admin/groups/show.html.haml @@ -7,9 +7,10 @@ = render ::Layouts::PageHeadingComponent.new(@group.full_name) do |c| - c.with_actions do - = render Pajamas::ButtonComponent.new(href: admin_group_edit_path(@group), - button_options: { data: { testid: 'edit-group-link' }}) do - = _('Edit') + - if current_user.can_admin_all_resources? + = render Pajamas::ButtonComponent.new(href: admin_group_edit_path(@group), + button_options: { data: { testid: 'edit-group-link' }}) do + = _('Edit') .gl-grid.md:gl-grid-cols-2.gl-gap-5 .gl-flex.gl-flex-col.gl-gap-5 diff --git a/app/views/admin/projects/index.html.haml b/app/views/admin/projects/index.html.haml index 610831a44a760d..55c7b2b6f82afa 100644 --- a/app/views/admin/projects/index.html.haml +++ b/app/views/admin/projects/index.html.haml @@ -9,8 +9,9 @@ = render ::Layouts::PageHeadingComponent.new(_('Projects'), options: { data: { event_tracking_load: 'true', event_tracking: 'view_admin_projects_pageload' } }) do |c| - c.with_actions do - = link_button_to new_project_path, variant: :confirm do - = _('New Project') + - if current_user.can_admin_all_resources? + = link_button_to new_project_path, variant: :confirm do + = _('New Project') - if Feature.enabled?(:admin_projects_vue, current_user) #js-admin-projects-app{ data: { app_data: admin_projects_app_data } } diff --git a/ee/app/controllers/ee/admin/groups_controller.rb b/ee/app/controllers/ee/admin/groups_controller.rb index ebf75fac3d1a4c..820099c579ee04 100644 --- a/ee/app/controllers/ee/admin/groups_controller.rb +++ b/ee/app/controllers/ee/admin/groups_controller.rb @@ -10,6 +10,8 @@ module GroupsController prepended do feature_category :continuous_integration, [:reset_runners_minutes] + authorize! :read_admin_groups, only: %i[index show] + before_action do push_saas_feature(:gitlab_com_subscriptions) end diff --git a/ee/app/controllers/ee/admin/projects_controller.rb b/ee/app/controllers/ee/admin/projects_controller.rb index 51372efb037b15..4751a4c83fe15d 100644 --- a/ee/app/controllers/ee/admin/projects_controller.rb +++ b/ee/app/controllers/ee/admin/projects_controller.rb @@ -6,6 +6,8 @@ module ProjectsController extend ActiveSupport::Concern prepended do + authorize! :read_admin_groups, only: %i[index show] + before_action :limited_actions_message!, only: :show end end diff --git a/ee/spec/features/admin/admin_groups_spec.rb b/ee/spec/features/admin/admin_groups_spec.rb index 1432f2f56c6d05..d6faeedb434211 100644 --- a/ee/spec/features/admin/admin_groups_spec.rb +++ b/ee/spec/features/admin/admin_groups_spec.rb @@ -2,57 +2,98 @@ require 'spec_helper' -RSpec.describe 'Admin Groups', feature_category: :hosted_runners do - include ::Ci::MinutesHelpers - +RSpec.describe 'Admin Groups', feature_category: :groups_and_projects do let_it_be(:group) { create :group } - let_it_be(:admin) { create(:admin) } - let_it_be(:project, reload: true) { create(:project, namespace: group) } - before do - sign_in(admin) - enable_admin_mode!(admin) - end + context 'when current user is an admin', feature_category: :hosted_runners do + include ::Ci::MinutesHelpers - describe 'show a group' do - context 'with compute usage' do - before do - project.update!(shared_runners_enabled: true) - set_ci_minutes_used(group, 300) - group.update!(shared_runners_minutes_limit: 400) - end + let_it_be(:admin) { create(:admin) } + let_it_be(:project, reload: true) { create(:project, namespace: group) } - context 'when gitlab saas', :saas do - it 'renders compute usage report' do - visit admin_group_path(group) + before do + sign_in(admin) + enable_admin_mode!(admin) + end - expect(page).to have_content('Compute quota: 300 / 400') + describe 'show a group' do + context 'with compute usage' do + before do + project.update!(shared_runners_enabled: true) + set_ci_minutes_used(group, 300) + group.update!(shared_runners_minutes_limit: 400) end - it 'renders additional compute minutes' do - group.update!(extra_shared_runners_minutes_limit: 100) + context 'when gitlab saas', :saas do + it 'renders compute usage report' do + visit admin_group_path(group) - visit admin_group_path(group) + expect(page).to have_content('Compute quota: 300 / 400') + end - expect(page).to have_content('Additional compute minutes:') - end - end + it 'renders additional compute minutes' do + group.update!(extra_shared_runners_minutes_limit: 100) - context 'when self-managed' do - it 'renders compute usage report' do - visit admin_group_path(group) + visit admin_group_path(group) - expect(page).not_to have_content('Compute quota: 300 / 400') + expect(page).to have_content('Additional compute minutes:') + end end - it 'does not render additional compute minutes' do - group.update!(extra_shared_runners_minutes_limit: 100) + context 'when self-managed' do + it 'renders compute usage report' do + visit admin_group_path(group) - visit admin_group_path(group) + expect(page).not_to have_content('Compute quota: 300 / 400') + end - expect(page).not_to have_content('Additional compute minutes:') + it 'does not render additional compute minutes' do + group.update!(extra_shared_runners_minutes_limit: 100) + + visit admin_group_path(group) + + expect(page).not_to have_content('Additional compute minutes:') + end end end end end + + context 'when current user is a regular user with read_admin_groups permission', :js do + let_it_be(:current_user) { create(:user) } + let_it_be(:role) { create(:admin_member_role, :read_admin_groups, user: current_user) } + + before do + stub_feature_flags(admin_groups_vue: false) + stub_licensed_features(custom_roles: true) + + enable_admin_mode!(current_user) + + sign_in(current_user) + end + + describe 'list' do + before do + stub_feature_flags(admin_groups_vue: false) + end + + it 'renders without admin-only buttons' do + visit admin_groups_path + + expect(page).to have_content(group.name) + expect(page).not_to have_content("New group") + expect(page).not_to have_content("Edit") + expect(page).not_to have_content("Delete") + end + end + + describe 'show', :aggregate_failures do + it 'shows the group without admin-only buttons' do + visit admin_group_path(group) + + expect(page).to have_content group.name + expect(page).not_to have_content("Edit") + end + end + end end diff --git a/ee/spec/features/admin/admin_projects_spec.rb b/ee/spec/features/admin/admin_projects_spec.rb new file mode 100644 index 00000000000000..40ef66953506f5 --- /dev/null +++ b/ee/spec/features/admin/admin_projects_spec.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Admin Projects', feature_category: :permissions do + let_it_be_with_reload(:project) { create(:project) } + + context 'when user is a regular user with read_admin_groups custom admin role', :js do + let_it_be(:current_user) { create(:user) } + let_it_be(:role) { create(:admin_member_role, :read_admin_groups, user: current_user) } + + before do + stub_licensed_features(custom_roles: true) + + enable_admin_mode!(current_user) + + sign_in(current_user) + end + + describe 'list' do + before do + stub_feature_flags(admin_projects_vue: false) + end + + it 'renders without admin-only buttons' do + visit admin_projects_path + + expect(page).to have_content(project.name) + expect(page).not_to have_content("New Project") + expect(page).not_to have_content("Edit") + expect(page).not_to have_content("Delete") + end + end + + describe 'show', :aggregate_failures do + it 'shows the project without admin-only buttons' do + visit admin_project_path(project) + + expect(page).to have_content project.name + expect(page).not_to have_content("Edit") + end + end + end +end diff --git a/ee/spec/requests/custom_roles/admin/read_admin_groups_spec.rb b/ee/spec/requests/custom_roles/admin/read_admin_groups_spec.rb new file mode 100644 index 00000000000000..c35105a3c075a6 --- /dev/null +++ b/ee/spec/requests/custom_roles/admin/read_admin_groups_spec.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'User with read_admin_groups', :enable_admin_mode, feature_category: :permissions do + let_it_be(:current_user) { create(:user) } + let_it_be(:permission) { :read_admin_groups } + let_it_be(:role) { create(:admin_member_role, permission, user: current_user) } + + before do + stub_licensed_features(custom_roles: true) + sign_in(current_user) + end + + shared_examples 'is accessible' do + it 'is accessible' do + request + + expect(response).to have_gitlab_http_status(:ok) + end + end + + describe Admin::GroupsController do + describe "GET #index" do + subject(:request) { get admin_groups_path } + + it_behaves_like 'is accessible' + end + + describe "GET #show" do + subject(:request) { get admin_group_path(create(:group)) } + + it_behaves_like 'is accessible' + end + end + + describe Admin::ProjectsController do + describe "GET #index" do + subject(:request) { get admin_projects_path } + + it_behaves_like 'is accessible' + end + + describe "GET #show" do + subject(:request) { get admin_project_path(create(:project)) } + + it_behaves_like 'is accessible' + end + end +end -- GitLab From 3d1b4ed6d7f16df53faf0691e1546f0218cee0d1 Mon Sep 17 00:00:00 2001 From: Eugie Limpin Date: Wed, 16 Jul 2025 15:54:40 +0800 Subject: [PATCH 3/6] Check for read_admin_projects permission --- .../ee/admin/projects_controller.rb | 2 +- ee/spec/features/admin/admin_projects_spec.rb | 4 +-- .../admin/menus/admin_overview_menu_spec.rb | 3 +- .../admin/read_admin_groups_spec.rb | 14 -------- .../admin/read_admin_projects_spec.rb | 36 +++++++++++++++++++ .../admin/menus/admin_overview_menu.rb | 2 +- 6 files changed, 42 insertions(+), 19 deletions(-) create mode 100644 ee/spec/requests/custom_roles/admin/read_admin_projects_spec.rb diff --git a/ee/app/controllers/ee/admin/projects_controller.rb b/ee/app/controllers/ee/admin/projects_controller.rb index 4751a4c83fe15d..6c3895dbe6660a 100644 --- a/ee/app/controllers/ee/admin/projects_controller.rb +++ b/ee/app/controllers/ee/admin/projects_controller.rb @@ -6,7 +6,7 @@ module ProjectsController extend ActiveSupport::Concern prepended do - authorize! :read_admin_groups, only: %i[index show] + authorize! :read_admin_projects, only: %i[index show] before_action :limited_actions_message!, only: :show end diff --git a/ee/spec/features/admin/admin_projects_spec.rb b/ee/spec/features/admin/admin_projects_spec.rb index 40ef66953506f5..1319d4946e36e8 100644 --- a/ee/spec/features/admin/admin_projects_spec.rb +++ b/ee/spec/features/admin/admin_projects_spec.rb @@ -5,9 +5,9 @@ RSpec.describe 'Admin Projects', feature_category: :permissions do let_it_be_with_reload(:project) { create(:project) } - context 'when user is a regular user with read_admin_groups custom admin role', :js do + context 'when user is a regular user with read_admin_projects custom admin role', :js do let_it_be(:current_user) { create(:user) } - let_it_be(:role) { create(:admin_member_role, :read_admin_groups, user: current_user) } + let_it_be(:role) { create(:admin_member_role, :read_admin_projects, user: current_user) } before do stub_licensed_features(custom_roles: true) diff --git a/ee/spec/lib/ee/sidebars/admin/menus/admin_overview_menu_spec.rb b/ee/spec/lib/ee/sidebars/admin/menus/admin_overview_menu_spec.rb index cc5fbd27a0c80c..26c3975592c06d 100644 --- a/ee/spec/lib/ee/sidebars/admin/menus/admin_overview_menu_spec.rb +++ b/ee/spec/lib/ee/sidebars/admin/menus/admin_overview_menu_spec.rb @@ -53,7 +53,8 @@ where(:custom_ability, :expected_menu_items) do :read_admin_users | [_('Dashboard'), _('Users')] :read_admin_monitoring | [_('Dashboard'), _('Gitaly servers')] - :read_admin_groups | [_('Dashboard'), _('Projects'), _('Groups')] + :read_admin_groups | [_('Dashboard'), _('Groups')] + :read_admin_projects | [_('Dashboard'), _('Projects')] end with_them do diff --git a/ee/spec/requests/custom_roles/admin/read_admin_groups_spec.rb b/ee/spec/requests/custom_roles/admin/read_admin_groups_spec.rb index c35105a3c075a6..fb2495cee54f18 100644 --- a/ee/spec/requests/custom_roles/admin/read_admin_groups_spec.rb +++ b/ee/spec/requests/custom_roles/admin/read_admin_groups_spec.rb @@ -33,18 +33,4 @@ it_behaves_like 'is accessible' end end - - describe Admin::ProjectsController do - describe "GET #index" do - subject(:request) { get admin_projects_path } - - it_behaves_like 'is accessible' - end - - describe "GET #show" do - subject(:request) { get admin_project_path(create(:project)) } - - it_behaves_like 'is accessible' - end - end end diff --git a/ee/spec/requests/custom_roles/admin/read_admin_projects_spec.rb b/ee/spec/requests/custom_roles/admin/read_admin_projects_spec.rb new file mode 100644 index 00000000000000..c9c4ef14cef300 --- /dev/null +++ b/ee/spec/requests/custom_roles/admin/read_admin_projects_spec.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'User with read_admin_projects', :enable_admin_mode, feature_category: :permissions do + let_it_be(:current_user) { create(:user) } + let_it_be(:permission) { :read_admin_projects } + let_it_be(:role) { create(:admin_member_role, permission, user: current_user) } + + before do + stub_licensed_features(custom_roles: true) + sign_in(current_user) + end + + shared_examples 'is accessible' do + it 'is accessible' do + request + + expect(response).to have_gitlab_http_status(:ok) + end + end + + describe Admin::ProjectsController do + describe "GET #index" do + subject(:request) { get admin_projects_path } + + it_behaves_like 'is accessible' + end + + describe "GET #show" do + subject(:request) { get admin_project_path(create(:project)) } + + it_behaves_like 'is accessible' + end + end +end diff --git a/lib/sidebars/admin/menus/admin_overview_menu.rb b/lib/sidebars/admin/menus/admin_overview_menu.rb index 69fef0c37e4f10..81f72e9de39349 100644 --- a/lib/sidebars/admin/menus/admin_overview_menu.rb +++ b/lib/sidebars/admin/menus/admin_overview_menu.rb @@ -54,7 +54,7 @@ def projects_menu_item link: admin_projects_path, active_routes: { controller: 'admin/projects' }, item_id: :projects - ) { can?(current_user, :read_admin_groups) } + ) { can?(current_user, :read_admin_projects) } end def users_menu_item -- GitLab From d17a899291c6585a26e7c65771808054d54a52cf Mon Sep 17 00:00:00 2001 From: Eugie Limpin Date: Wed, 16 Jul 2025 16:29:31 +0800 Subject: [PATCH 4/6] Apply condition only to the action button --- app/views/admin/groups/index.html.haml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/admin/groups/index.html.haml b/app/views/admin/groups/index.html.haml index ea0e1d8c4c261a..5f84f4bc6efa54 100644 --- a/app/views/admin/groups/index.html.haml +++ b/app/views/admin/groups/index.html.haml @@ -1,9 +1,9 @@ - page_title _("Groups") - add_page_specific_style 'page_bundles/search' -- if current_user.can_admin_all_resources? - = render ::Layouts::PageHeadingComponent.new(_('Groups'), options: { data: { event_tracking_load: 'true', event_tracking: 'view_admin_groups_pageload' } }) do |c| - - c.with_actions do += render ::Layouts::PageHeadingComponent.new(_('Groups'), options: { data: { event_tracking_load: 'true', event_tracking: 'view_admin_groups_pageload' } }) do |c| + - c.with_actions do + - if current_user.can_admin_all_resources? = link_button_to new_admin_group_path, variant: :confirm do = _('New group') -- GitLab From 4aa78a364274504dc8907742660f4b090120ed0a Mon Sep 17 00:00:00 2001 From: Eugie Limpin Date: Thu, 17 Jul 2025 10:12:03 +0800 Subject: [PATCH 5/6] Update feature specs --- ee/spec/features/admin/admin_projects_spec.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/ee/spec/features/admin/admin_projects_spec.rb b/ee/spec/features/admin/admin_projects_spec.rb index 1319d4946e36e8..f1ed469c902a8e 100644 --- a/ee/spec/features/admin/admin_projects_spec.rb +++ b/ee/spec/features/admin/admin_projects_spec.rb @@ -10,6 +10,7 @@ let_it_be(:role) { create(:admin_member_role, :read_admin_projects, user: current_user) } before do + stub_feature_flags(admin_projects_vue: false) stub_licensed_features(custom_roles: true) enable_admin_mode!(current_user) @@ -18,10 +19,6 @@ end describe 'list' do - before do - stub_feature_flags(admin_projects_vue: false) - end - it 'renders without admin-only buttons' do visit admin_projects_path -- GitLab From f16819f6c65592f5b02eb1b85a268bddd4e3e2ee Mon Sep 17 00:00:00 2001 From: Eugie Limpin Date: Wed, 23 Jul 2025 09:46:15 +0800 Subject: [PATCH 6/6] Fix failing view spec --- ee/spec/views/admin/groups/_group.html.haml_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ee/spec/views/admin/groups/_group.html.haml_spec.rb b/ee/spec/views/admin/groups/_group.html.haml_spec.rb index 1ecaa70819dd55..993c1a98b0dfef 100644 --- a/ee/spec/views/admin/groups/_group.html.haml_spec.rb +++ b/ee/spec/views/admin/groups/_group.html.haml_spec.rb @@ -3,11 +3,13 @@ require 'spec_helper' RSpec.describe 'admin/groups/_group', feature_category: :system_access do + let_it_be(:user) { build(:admin) } let(:group) { build(:group) } before do assign(:group, group) allow(group).to receive(:storage_size) + allow(view).to receive(:current_user).and_return(user) end context 'for namespace plan badge' do -- GitLab