Add check for licensed feature in ability
What does this MR do and why?
In this MR, we add license checking before enabling the create_container_registry_protection_immutable_tag_rule ability. Previously, only owner permissions are checked but now we also verify that the correct license (Ultimate) is also available
How to set up and validate locally
EE:
FOSS_ONLY=0 bundle exec rails console
🍏 With an Ultimate license available
# Verify that you have EE enabled.
pry(main)> Gitlab.ee?
=> true
# Verify that you have an Ultimate license
pry(main)> License.feature_available?(:container_registry_immutable_tag_rules)
=> true
# An admin or owner is allowed to `create_container_registry_protection_immutable_tag_rule`
pry(main)> admin = User.first # feel free to update to the admin or an owner in your local db
pry(main)> project = Project.last
pry(main)> admin.can? :create_container_registry_protection_immutable_tag_rule, project
=> true
🍎 Without an Ultimate license
# Verify that you have EE enabled.
pry(main)> Gitlab.ee?
=> true
# Verify that you DON'T have an Ultimate license
pry(main)> License.feature_available?(:container_registry_immutable_tag_rules)
=> false
# With the licensed feature not available, you are also not allowed for the ability
pry(main)> admin = User.first # feel free to update to the admin or an owner in your local db
pry(main)> project = Project.last
pry(main)> admin.can? :create_container_registry_protection_immutable_tag_rule, project
=> false
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #554485 (closed)
Edited by Adie (she/her)