Skip to content

Adding usage_quotas policy to Groups

Mohamed Hamda requested to merge issue-357000-add-read_usage_quotas-to-group-policy into master

What does this MR do and why?

Closes: 357000

Using admin_group for usage quota is not accurate, it makes more sense to have a unique policy for that.

Same as we did for read_usage_quotas ability to ProjectPolicy

This MR is covering the following up issue created before, which,

  1. Adds a new ability, read_usage_quotas, to the GroupPolicy
  2. Modify the Groups::UsageQuotasController before action to use the new ability
  3. Adds a definition to authorize policies in the EE::Groups::ApplicationController controller instead of the main
  4. Adds test coverage

Screenshots or screen recordings

Group_policy

How to set up and validate locally

  1. Create or visit a group(you are an owner of or Admin)
  2. From the bottom left menu, click settings -> Usage Quotas
  3. You will be able to view the Usage Quotas(owner or admin)
  4. Pick a group member(not an owner or admin) and log in using their credentials
  5. Visit the same group, change the URL to [http://gdk.test:3000 || YOUR LOCAL ENV]/groups/gnuwget/-/usage_quotas#seats-quota-tab
  6. You will be not able to view the Usage Quotas, getting 404
  7. From another tab, as an admin, change the group member to an owner
  8. From the new group member account, refresh the group, and from the bottom left menu, click settings -> Usage Quotas
  9. You will now be able to view the Usage Quotas(as an owner)

Conclusion: Only admins or owners can view Usage Quotas

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Mohamed Hamda

Merge request reports