Auditor cannot see project Policies
Problem to solve
Auditor cannot see Security & Compliance > Policies in left nav in projects.
Per our docs
Auditor users are able to have ... read-only access to all other resources, except the Admin Area [and Settings].
See &7469 for more details.
Expected behaviour
Auditor has access to read-only access to project Policies.
Implementation Plan
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
@@ -744,6 +744,11 @@ class ProjectPolicy < BasePolicy
enable :access_security_and_compliance
end
+ rule { auditor }.policy do
+ enable :read_security_orchestration_policies
+ end
+
rule { ~admin & ~project_runner_registration_allowed }.policy do
prevent :register_project_runners
end
diff --git a/ee/spec/policies/project_policy_spec.rb b/ee/spec/policies/project_policy_spec.rb
@@ -794,6 +794,17 @@
it { is_expected.to be_allowed(:update_security_orchestration_policy_project) }
end
end
+
+ context 'with auditor role' do
+ where(role: %w[auditor])
+
+ with_them do
+ let(:current_user) { public_send(role) }
+
+ it { is_expected.to be_allowed(:read_security_orchestration_policies) }
+ it { is_expected.to be_disallowed(:update_security_orchestration_policy_project) }
+ end
+ end
end
describe 'coverage_fuzzing' do
Edited by Dominic Bauer