Adding usage_quotas policy to Groups
What does this MR do and why?
Closes: 357000
Using admin_group for usage quota is not accurate, it makes more sense to have a unique policy for that.
Same as we did for read_usage_quotas ability to ProjectPolicy
This MR is covering the following up issue created before, which,
- Adds a new ability,
read_usage_quotas
, to theGroupPolicy
- Modify the
Groups::UsageQuotasController
before action to use the new ability - Adds a definition to authorize policies in the EE::Groups::ApplicationController controller instead of the main
- Adds test coverage
Screenshots or screen recordings
How to set up and validate locally
- Create or visit a group(you are an owner of or Admin)
- From the bottom left menu, click
settings -> Usage Quotas
- You will be able to view the Usage Quotas(
owner or admin
) - Pick a group member(not an owner or admin) and log in using their credentials
- Visit the same group, change the URL to
[http://gdk.test:3000 || YOUR LOCAL ENV]/groups/gnuwget/-/usage_quotas#seats-quota-tab
- You will be not able to view the Usage Quotas, getting 404
- From another tab, as an admin, change the group member to an owner
- From the new group member account, refresh the group, and from the bottom left menu, click
settings -> Usage Quotas
- You will now be able to view the Usage Quotas(
as an owner
)
Conclusion: Only admins or owners can view Usage Quotas
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Mohamed Hamda