Skip to content

Add permissions checking to AI impact dashboard

Alex Pennells requested to merge 460830-ai-impact-permissions into master

What does this MR do and why?

For the AI impact dashboard:

  • Converts the error alerts to warning alerts, so that the user is still able to view the other metrics in the panel
  • Add permissions checking for DORA/Flow/Vulnerability metrics. This will filter out restricted metrics, show the user a warning and prevent the API request if permissions are lacking.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Permissions failure

Before After
Screenshot_2024-06-17_at_3.20.40_PM Screenshot_2024-06-17_at_3.13.46_PM

Loading failure

Before After
Screenshot_2024-06-17_at_3.17.08_PM Screenshot_2024-06-17_at_3.16.44_PM

How to set up and validate locally

Prerequisites

  1. Ensure you're using GitLab Ultimate
  2. Enable ai_impact_analytics_dashboard feature flag
  3. Setup ClickHouse for your GDK

Testing API failure

  1. Navigate to the AI impact dashboard for any group (ex. http://gdk.test:3000/groups/flightjs/-/analytics/dashboards/ai_impact)
  2. Stop clickhouse if you have it running locally: gdk stop clickhouse
  3. A warning be present due to Code suggestions usage failing to load

Testing permissions restrictions

  1. Apply some or all of this diff
diff --git a/ee/app/policies/ee/group_policy.rb b/ee/app/policies/ee/group_policy.rb
index 4e7158d3ece9..ef633db0e79d 100644
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -29,7 +29,8 @@ module GroupPolicy
       end
 
       condition(:cycle_analytics_available, scope: :subject) do
-        @subject.feature_available?(:cycle_analytics_for_groups)
+        false
+        # @subject.feature_available?(:cycle_analytics_for_groups)
       end
 
       condition(:group_ci_cd_analytics_available, scope: :subject) do
@@ -57,7 +58,8 @@ module GroupPolicy
       end
 
       condition(:dora4_analytics_available, scope: :subject) do
-        @subject.feature_available?(:dora4_analytics)
+        false
+        # @subject.feature_available?(:dora4_analytics)
       end
 
       condition(:group_membership_export_available, scope: :subject) do
@@ -77,7 +79,8 @@ module GroupPolicy
       end
 
       condition(:security_dashboard_enabled, scope: :subject) do
-        @subject.feature_available?(:security_dashboard)
+        false
+        # @subject.feature_available?(:security_dashboard)
       end
 
       condition(:prevent_group_forking_available, scope: :subject) do
  1. The metrics should be hidden from the table with a panel warning that lists the hidden metrics

Related to #460830 (closed)

Edited by Alex Pennells

Merge request reports