Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce

7 files changed, 44 insertions, 7 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 04625b01d61..154f498efcb 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -25,6 +25,7 @@ v 7.13.0 (unreleased)
   - Explicit error when commit not found in the CI
   - Improve performance for issue and merge request pages 
   - Users with guest access level can not set assignee, labels or milestones for issue and merge request
+  - Reporter role can manage issue tracker now: edit any issue, set assignee or milestone and manage labels
 
 v 7.12.0
   - Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu)
diff --git a/Gemfile b/Gemfile
index eb3917872f5..ec63c7eef84 100644
--- a/Gemfile
+++ b/Gemfile
@@ -9,7 +9,7 @@ gem "default_value_for", "~> 3.0.0"
 gem "mysql2", group: :mysql
 gem "pg", group: :postgres
 
-# Auth
+# Authentication libraries
 gem "devise", '3.2.4'
 gem "devise-async", '0.9.0'
 gem 'omniauth', "~> 1.2.2"
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 3ee3a7857ee..d3631d49ec6 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -155,7 +155,10 @@ class Ability
       project_guest_rules + [
         :download_code,
         :fork_project,
-        :create_project_snippet
+        :create_project_snippet,
+        :update_issue,
+        :admin_issue,
+        :admin_label,
       ]
     end
 
@@ -163,9 +166,6 @@ class Ability
       project_report_rules + [
         :create_merge_request,
         :create_wiki,
-        :update_issue,
-        :admin_issue,
-        :admin_label,
         :push_code
       ]
     end
diff --git a/doc/permissions/permissions.md b/doc/permissions/permissions.md
index 8cfa7f9c876..70b7e17795d 100644
--- a/doc/permissions/permissions.md
+++ b/doc/permissions/permissions.md
@@ -15,6 +15,8 @@ If a user is a GitLab administrator they receive all permissions.
 | Pull project code                     |         | ✓          | ✓           | ✓        | ✓      |
 | Download project                      |         | ✓          | ✓           | ✓        | ✓      |
 | Create code snippets                  |         | ✓          | ✓           | ✓        | ✓      |
+| Manage issue tracker                  |         | ✓          | ✓           | ✓        | ✓      |
+| Manage labels                         |         | ✓          | ✓           | ✓        | ✓      |
 | Create new merge request              |         |            | ✓           | ✓        | ✓      |
 | Create new branches                   |         |            | ✓           | ✓        | ✓      |
 | Push to non-protected branches        |         |            | ✓           | ✓        | ✓      |
@@ -22,8 +24,6 @@ If a user is a GitLab administrator they receive all permissions.
 | Remove non-protected branches         |         |            | ✓           | ✓        | ✓      |
 | Add tags                              |         |            | ✓           | ✓        | ✓      |
 | Write a wiki                          |         |            | ✓           | ✓        | ✓      |
-| Manage issue tracker                  |         |            | ✓           | ✓        | ✓      |
-| Manage labels                         |         |            | ✓           | ✓        | ✓      |
 | Create new milestones                 |         |            |             | ✓        | ✓      |
 | Add new team members                  |         |            |             | ✓        | ✓      |
 | Push to protected branches            |         |            |             | ✓        | ✓      |
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb
index 8d1bfd25223..4649e58cb1a 100644
--- a/spec/features/security/project/internal_access_spec.rb
+++ b/spec/features/security/project/internal_access_spec.rb
@@ -138,6 +138,18 @@ describe "Internal Project Access", feature: true  do
     it { is_expected.to be_denied_for :visitor }
   end
 
+  describe "GET /:project_path/issues/:id/edit" do
+    let(:issue) { create(:issue, project: project) }
+    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
+
+    it { is_expected.to be_allowed_for master }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_denied_for :user }
+    it { is_expected.to be_denied_for :visitor }
+  end
+
   describe "GET /:project_path/snippets" do
     subject { namespace_project_snippets_path(project.namespace, project) }
 
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb
index 9021ff33186..2866bf0355b 100644
--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
@@ -138,6 +138,18 @@ describe "Private Project Access", feature: true  do
     it { is_expected.to be_denied_for :visitor }
   end
 
+  describe "GET /:project_path/issues/:id/edit" do
+    let(:issue) { create(:issue, project: project) }
+    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
+
+    it { is_expected.to be_allowed_for master }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_denied_for :user }
+    it { is_expected.to be_denied_for :visitor }
+  end
+
   describe "GET /:project_path/snippets" do
     subject { namespace_project_snippets_path(project.namespace, project) }
 
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
index 6ec190ed777..554c96bcdc5 100644
--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -143,6 +143,18 @@ describe "Public Project Access", feature: true  do
     it { is_expected.to be_allowed_for :visitor }
   end
 
+  describe "GET /:project_path/issues/:id/edit" do
+    let(:issue) { create(:issue, project: project) }
+    subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
+
+    it { is_expected.to be_allowed_for master }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_allowed_for :admin }
+    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_denied_for :user }
+    it { is_expected.to be_denied_for :visitor }
+  end
+
   describe "GET /:project_path/snippets" do
     subject { namespace_project_snippets_path(project.namespace, project) }