Add unit-level matrix specs for newly-introduced policies
MR: Add ability and matrix policy specs (!150190)
Description
In Add mutation APIs for group-agent authorizatio... (!145387 - merged), we forgot to add a thorough matrix-based policy unit test for the newly introduced policies.
For example, we have a thorough matrix test in ee/spec/policies/remote_development/workspace_policy_spec.rb
for all roles: https://gitlab.com/gitlab-org/gitlab/-/blob/fa08c704df0e829e3d0131725e588d07b011d9c9/ee/spec/policies/remote_development/workspace_policy_spec.rb
We should have similar policy unit specs for the following files:
ee/app/policies/remote_development/agent_policy.rb
ee/app/policies/remote_development/group_policy.rb
Also, per the discussion in this thread, we will add the following policy and related specs for ee/app/policies/remote_development/group_policy.rb
, as part of this MR:
rule { can?(:maintainer_access) | can?(:owner_access) }.enable :read_remote_development_cluster_agent_mapping
We will also clean up some of the existing Remote Development policies to switch owner
to can?(:owner_access)
and remove unnecessary admin
.
See also Discussion: modularisation in policies (#454934)
Acceptance Criteria
-
Add read_remote_development_cluster_agent_mapping
policy -
Clean up ee/spec/policies/remote_development/workspace_policy_spec.rb
-
Remove unnecessary 'admin' in ee/app/policies/remote_development/agent_policy.rb
-
Backfill matrix unit specs for ee/app/policies/remote_development/agent_policy.rb
-
Switch owner
tocan?(:owner_access)
and remove unnecessary 'admin' inee/app/policies/remote_development/group_policy.rb
-
Backfill matrix unit specs for ee/app/policies/remote_development/group_policy.rb