Show policies edit button only when access is available
What does this MR do and why?
Shows edit button for security policies only when the logged in user has modify policies access.
Supports the backend changes done in !118511 (merged) for issue #400202 (closed)
Screenshots or screen recordings
Owner user of policy project | Developer who do not have access to policy project (read privilege alone) |
---|---|
![]() |
![]() |
How to set up and validate locally
- Apply the BE changes done in !118511 (merged)
diff --git a/ee/app/finders/security/scan_policy_base_finder.rb b/ee/app/finders/security/scan_policy_base_finder.rb
index 563419ccb98e..1b8cf81a4602 100644
--- a/ee/app/finders/security/scan_policy_base_finder.rb
+++ b/ee/app/finders/security/scan_policy_base_finder.rb
@@ -28,7 +28,7 @@ def policy_configuration
end
def authorized_to_read_policy_configuration?(config)
- Ability.allowed?(actor, :read_security_orchestration_policies, config.security_policy_management_project)
+ Ability.allowed?(actor, :read_security_orchestration_policies, config.source)
end
def fetch_policy_configurations
diff --git a/ee/app/policies/ee/project_policy.rb b/ee/app/policies/ee/project_policy.rb
index 4bb6d7e614e3..4cfdc37b6c38 100644
--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -281,7 +281,6 @@ module ProjectPolicy
end
rule { security_orchestration_policies_enabled & can?(:owner_access) }.policy do
- enable :modify_security_policy
enable :update_security_orchestration_policy_project
end
@@ -289,6 +288,10 @@ module ProjectPolicy
enable :read_security_orchestration_policies
end
+ rule { security_orchestration_policies_enabled & can?(:owner_access) & ~security_policy_project_available }.policy do
+ enable :modify_security_policy
+ end
+
rule { security_orchestration_policies_enabled & security_policy_project_available & can_commit_to_security_policy_project }.policy do
- Create a policy management project for a source project.
- On the source project add a user say test with developer access.
- Login separately as the test user and visit the source project. Source project -> Security and Compliance -> Policies
- Test user with developer access should be able to view the policies configured without the edit button.
- Login as owner user of the policy project and repeat steps 4 & 5. Owner user should be able to view the edit button.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #400202 (closed)
Merge request reports
Activity
changed milestone to %16.0
assigned to @bala.kumar
mentioned in issue #400202 (closed)
removed backend label
added 462 commits
-
9ca8d5cc...d743e701 - 462 commits from branch
master
-
9ca8d5cc...d743e701 - 462 commits from branch
added docs-only label
added 1 commit
- b89bdc33 - Show policy edit button only when access is available
1 Warning Please add a merge request subtype to this merge request. Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer frontend Tomas Vik (
@viktomas
) (UTC+2, 3.5 hours behind@bala.kumar
)Lukas Eipert (
@leipert
) (UTC+2, 3.5 hours behind@bala.kumar
)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Dangerremoved docs-only label
Bundle size analysis [beta]
This compares changes in bundle size for entry points between the commits 130e4188 and 017c0ad9
Special assetsEntrypoint / Name Size before Size after Diff Diff in percent average 4.02 MB 4.02 MB - 0.0 % mainChunk 2.88 MB 2.88 MB - 0.0 %
Note: We do not have exact data for 130e4188. So we have used data from: 9908381b.
The target commit was too new, so we used the latest commit from master we have info on.
It might help to rerun thebundle-size-review
job
This might mean that you have a few false positives in this report. If something unrelated to your code changes is reported, you can check this comparison in order to see if they caused this change.Please look at the full report for more details
Read more about how this report works.
Generated by
Dangeradded 1 commit
- dedde67b - Show policy edit button only when access is available
added 1 commit
- 5eff1a53 - Show policy edit button only when access is available
mentioned in merge request !118511 (merged)
Allure report
allure-report-publisher
generated test report!e2e-review-qa:
test report for 017c0ad9expand test summary
+-----------------------------------------------------------------------+ | suites summary | +------------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +------------------+--------+--------+---------+-------+-------+--------+ | Govern | 24 | 0 | 0 | 1 | 24 | ❗ | | Create | 27 | 0 | 1 | 0 | 28 | ✅ | | Plan | 50 | 0 | 1 | 0 | 51 | ✅ | | Package | 0 | 0 | 1 | 0 | 1 | ➖ | | Data Stores | 22 | 0 | 0 | 0 | 22 | ✅ | | Manage | 8 | 0 | 3 | 0 | 11 | ✅ | | Verify | 10 | 0 | 0 | 0 | 10 | ✅ | | Monitor | 4 | 0 | 0 | 0 | 4 | ✅ | | Framework sanity | 9 | 0 | 1 | 0 | 10 | ✅ | +------------------+--------+--------+---------+-------+-------+--------+ | Total | 154 | 0 | 7 | 1 | 161 | ❗ | +------------------+--------+--------+---------+-------+-------+--------+
marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed
- Resolved by Alexander Turinske
requested review from @arfedoro
- Resolved by Alexander Turinske
- Resolved by Bala Kumar
added 1 commit
- 017c0ad9 - Show policy edit button only when access is available
@arfedoro
, thanks for approving this merge request.This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.
For more info, please refer to the following links:
added pipeline:mr-approved label
requested review from @aturinske and removed review request for @arfedoro
enabled an automatic merge when the pipeline for 55eaf3e9 succeeds
mentioned in commit f88e514a
added workflowstaging-canary label and removed workflowin dev label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added workflowpost-deploy-db-staging label and removed workflowproduction label
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label
added releasedcandidate label
mentioned in merge request kubitus-project/kubitus-installer!2224 (merged)