restrict wp_graph widget to be ee only

pull/7680/head
ulferts 5 years ago
parent 26c3443a6b
commit fdbcdc45bf
No known key found for this signature in database
GPG Key ID: A205708DE1284017
  1. 2
      app/models/enterprise_token.rb
  2. 3
      app/services/authorization/enterprise_service.rb
  3. 13
      modules/dashboards/spec/features/work_package_graph_spec.rb
  4. 7
      modules/grids/lib/grids/configuration/in_project_base_registration.rb
  5. 3
      spec/services/authorization/enterprise_service_spec.rb

@ -48,7 +48,7 @@ class EnterpriseToken < ActiveRecord::Base
def set_current_token def set_current_token
token = EnterpriseToken.order(Arel.sql('created_at DESC')).first token = EnterpriseToken.order(Arel.sql('created_at DESC')).first
if token && token.token_object if token&.token_object
token token
end end
end end

@ -43,7 +43,8 @@ class Authorization::EnterpriseService
conditional_highlighting conditional_highlighting
readonly_work_packages readonly_work_packages
attachment_filters attachment_filters
board_view).freeze board_view
grid_widget_wp_graph).freeze
def initialize(token) def initialize(token)
self.token = token self.token = token

@ -85,12 +85,15 @@ describe 'Arbitrary WorkPackage query graph widget dashboard', type: :feature, j
let(:dashboard_page) do let(:dashboard_page) do
Pages::Dashboard.new(project) Pages::Dashboard.new(project)
end end
let(:enterprise_edition) { true }
let(:modal) { ::Components::WorkPackages::TableConfigurationModal.new } let(:modal) { ::Components::WorkPackages::TableConfigurationModal.new }
let(:filters) { ::Components::WorkPackages::TableConfiguration::Filters.new } let(:filters) { ::Components::WorkPackages::TableConfiguration::Filters.new }
let(:general) { ::Components::WorkPackages::TableConfiguration::GraphGeneral.new } let(:general) { ::Components::WorkPackages::TableConfiguration::GraphGeneral.new }
before do before do
with_enterprise_token(enterprise_edition ? :grid_widget_wp_graph : nil)
login_as user login_as user
dashboard_page.visit! dashboard_page.visit!
@ -106,7 +109,7 @@ describe 'Arbitrary WorkPackage query graph widget dashboard', type: :feature, j
filter_area.expect_to_span(1, 1, 2, 2) filter_area.expect_to_span(1, 1, 2, 2)
sleep(0.1) sleep(0.5)
# User has the ability to modify the query # User has the ability to modify the query
@ -149,4 +152,12 @@ describe 'Arbitrary WorkPackage query graph widget dashboard', type: :feature, j
dashboard_page.expect_unable_to_add_widget(1, 1, :within, "Work packages graph") dashboard_page.expect_unable_to_add_widget(1, 1, :within, "Work packages graph")
end end
end end
context 'without an enterprise edition' do
let(:enterprise_edition) { false }
it 'cannot add the widget' do
dashboard_page.expect_unable_to_add_widget(1, 2, :within, "Work packages graph")
end
end
end end

@ -22,6 +22,11 @@ module Grids::Configuration
user.allowed_to?(:manage_public_queries, project) user.allowed_to?(:manage_public_queries, project)
} }
queries_permission_and_ee_lambda = ->(user, project) {
save_or_manage_queries_lambda.call(user, project) &&
EnterpriseToken.allows_to?(:grid_widget_wp_graph)
}
view_work_packages_lambda = ->(user, project) { view_work_packages_lambda = ->(user, project) {
user.allowed_to?(:view_work_packages, project) user.allowed_to?(:view_work_packages, project)
} }
@ -37,7 +42,7 @@ module Grids::Configuration
widget_strategy 'work_packages_graph' do widget_strategy 'work_packages_graph' do
after_destroy remove_query_lambda after_destroy remove_query_lambda
allowed save_or_manage_queries_lambda allowed queries_permission_and_ee_lambda
options_representer '::API::V3::Grids::Widgets::ChartOptionsRepresenter' options_representer '::API::V3::Grids::Widgets::ChartOptionsRepresenter'
end end

@ -77,7 +77,8 @@ describe Authorization::EnterpriseService do
multiselect_custom_fields multiselect_custom_fields
edit_attribute_groups edit_attribute_groups
work_package_query_relation_columns work_package_query_relation_columns
attribute_help_texts).each do |guarded_action| attribute_help_texts
grid_widget_wp_graph).each do |guarded_action|
context "guarded action #{guarded_action}" do context "guarded action #{guarded_action}" do
let(:action) { guarded_action } let(:action) { guarded_action }

Loading…
Cancel
Save