Create cross project group features

This allows us to check specific abilities in views, while still enabling/disabling them at once.

Create cross project group features
a57ec31e · Bob Van Landuyt · 83f79ced · a57ec31e · a57ec31e · a57ec31e
Commit a57ec31e authored 6 years ago by Bob Van Landuyt
--- a/app/helpers/groups_helper.rb
+++ b/app/helpers/groups_helper.rb
@@ -128,8 +128,10 @@ module GroupsHelper
  def get_group_sidebar_links
    links = [:overview, :group_members]
  
-    if can?(current_user, :read_cross_project)
-      links += [:activity, :issues, :boards, :labels, :milestones, :merge_requests]
+    resources = [:activity, :issues, :boards, :labels, :milestones,
+                 :merge_requests]
+    links += resources.select do |resource|
+      can?(current_user, "read_group_#{resource}".to_sym, @group)
    end
  
    if can?(current_user, :admin_group, @group)

--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -72,6 +72,19 @@ class GroupPolicy < BasePolicy
    enable :change_visibility_level
  end
  
+  rule { can?(:read_nested_project_resources) }.policy do
+    enable :read_group_activity
+    enable :read_group_issues
+    enable :read_group_boards
+    enable :read_group_labels
+    enable :read_group_milestones
+    enable :read_group_merge_requests
+  end
+
+  rule { can?(:read_cross_project) & can?(:read_group) }.policy do
+    enable :read_nested_project_resources
+  end
+
  rule { owner & nested_groups_supported }.enable :create_subgroup
  
  rule { public_group | logged_in_viewable }.enable :view_globally

--- a/spec/helpers/groups_helper_spec.rb
+++ b/spec/helpers/groups_helper_spec.rb
@@ -206,8 +206,9 @@ describe GroupsHelper do
    let(:group) { create(:group, :public) }
    let(:user) { create(:user) }
    before do
+      group.add_owner(user)
      allow(helper).to receive(:current_user) { user }
-      allow(helper).to receive(:can?) { true }
+      allow(helper).to receive(:can?) { |*args| Ability.allowed?(*args) }
      helper.instance_variable_set(:@group, group)
    end
  
@@ -231,7 +232,10 @@ describe GroupsHelper do
      cross_project_features = [:activity, :issues, :labels, :milestones,
                                :merge_requests]
  
-      expect(helper).to receive(:can?).with(user, :read_cross_project) { false }
+      allow(Ability).to receive(:allowed?).and_call_original
+      cross_project_features.each do |feature|
+        expect(Ability).to receive(:allowed?).with(user, "read_group_#{feature}".to_sym, group) { false }
+      end
  
      expect(helper.group_sidebar_links).not_to include(*cross_project_features)
    end

--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -9,7 +9,11 @@ describe GroupPolicy do
  let(:admin) { create(:admin) }
  let(:group) { create(:group, :private) }
  
-  let(:guest_permissions) { [:read_label, :read_group, :upload_file, :read_namespace] }
+  let(:guest_permissions) do
+    [:read_label, :read_group, :upload_file, :read_namespace, :read_group_activity,
+     :read_group_issues, :read_group_boards, :read_group_labels, :read_group_milestones,
+     :read_group_merge_requests]
+  end
  
  let(:reporter_permissions) { [:admin_label] }