Fix authorizations for epic boards
What does this MR do?
- in specs for
EpicBoardsController
we didn't stub epics licensed feature. Therefore the tested behaviour was not correct (see inline comments). This MR fixes that - as a result we missed that the permissions are checked to late for
index
action. This MR extracts the authorization to the existing concern.
What was happening before this MR
The user enters the index
and the code processes before
from the BoardsActions concern. The first is boards
method where a new board is created.
After that the code goes for the authorization in the EpicBoardsController. A new board was created already (if needed) even in case a user can't access the page (this includes epics not enabled). Additionally, the check in the controller is only for index
not for show
action.
After the MR
The authorization check is done as the first thing in the BoardsActions
concern.
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because _____.
-
- [-] Documentation (if required)
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Edited by Jarka Košanová