Group Level Wiki: BE Refactor Wiki Permissions to support Group Level Wiki
Problem to solve
Our policy objects need to support group wikis.
Note: This issue is a child of the Group Level Wiki Implementation Epic &2214 (closed)
Proposal
- Introduce new wiki abilities on group objects, reusing as much of the existing project policies as possible.
- Check if any other project abilities are needed for wikis, that aren't present on groups.
We want to reuse the same ability names, i.e.:
can?(user, :read_wiki, project)
can?(user, :read_wiki, group)
# rather than
can?(user, :read_project_wiki, project)
can?(user, :read_group_wiki, group)
Tentative MR Breakdown
Only one MR is predicted for now.
Permissions and Security
Role-Based Access Control (RBAC)
RBAC restricts access based on a person's role. Should any Role-Based Access Controls be reviewed or added based on this issue? Yes/No
Permission Based Access Control
Permission Based Access Control determines the type of access allowed (e.g: Read, Write, Delete, etc). Should any Permission Based Access Controls be reviewed or added based on this issue? Yes/No
More Authentication and Authorization
Documentation (remove if not applicable)
This issue does require the creation of documentation.
- Although there are no additional permissions, it will be necessary to update the Permissions Doc to represent Group Level Wikis.
Testing
Testing Approach
By taking just a little extra time in our test approach to think about testing in general, we can save hours of work rolling back a release or producing hotfixes. A few areas to consider are boundaries, configuration settings, counts, CRUD,Depth,Soap Operas and Extreme Personalities. More can be found here.
We will ensure there are multiple tests with different permission configurations to make sure the Web UI, the REST API and GraphQL return the same level of data and avoid data leaks.
-
Analyze the existing project wiki specific tests. Is it covered at the appropriate level? -
Adapt existing tests for project wikis to group wikis.`
Success Criteria
-
Our existing wiki abilities can be used with either projects or groups.