Allow read_admin_monitoring access to admin/audit_logs
What does this MR do and why?
This changes allows restricted admins with the read_admin_monitoring permission to access the admin area audit logs page. The sidebar navigation will be updated in a follow-up MR. This change is also gated behind the custom_ability_read_admin_monitoring feature flag.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- Enable the feature flag via a rails console
Feature.enable(:custom_ability_read_admin_monitoring) - Visit instance level Roles and Permissions page
http://gdk.test:3000/admin/application_settings/roles_and_permissions - Create a new Role with the
read_admin_monitoringpermission enabled. - Open a separate browser and register a new account.
- Open a rails console and assign the new role to the new account
License.feature_available?(:custom_roles) user = User.find_by(username: 'read_admin_monitoring') role = MemberRole.find_by(name: 'read_admin_monitoring') Users::UserMemberRole.create!(member_role: role, user: user) user.can?(:read_admin_monitoring) - Visit the
admin/audit_logspage using the new accounthttp://gdk.test:3000/admin/audit_logs - Verify that the page loads
Edited by Ian Anderson