summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/projects/pipelines_controller.rb2
-rw-r--r--app/graphql/resolvers/project_pipeline_statistics_resolver.rb4
-rw-r--r--app/policies/project_policy.rb3
3 files changed, 8 insertions, 1 deletions
diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb
index 415a0d66eda..deb1500ceed 100644
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@@ -9,7 +9,7 @@ class Projects::PipelinesController < Projects::ApplicationController
before_action :set_pipeline_path, only: [:show]
before_action :authorize_read_pipeline!
before_action :authorize_read_build!, only: [:index, :show]
- before_action :authorize_read_analytics!, only: [:charts]
+ before_action :authorize_read_ci_cd_analytics!, only: [:charts]
before_action :authorize_create_pipeline!, only: [:new, :create, :config_variables]
before_action :authorize_update_pipeline!, only: [:retry, :cancel]
before_action do
diff --git a/app/graphql/resolvers/project_pipeline_statistics_resolver.rb b/app/graphql/resolvers/project_pipeline_statistics_resolver.rb
index 29ab9402f5b..79d01b9bf2e 100644
--- a/app/graphql/resolvers/project_pipeline_statistics_resolver.rb
+++ b/app/graphql/resolvers/project_pipeline_statistics_resolver.rb
@@ -2,8 +2,12 @@
module Resolvers
class ProjectPipelineStatisticsResolver < BaseResolver
+ include Gitlab::Graphql::Authorize::AuthorizeResource
type Types::Ci::AnalyticsType, null: true
+ authorizes_object!
+ authorize :read_ci_cd_analytics
+
def resolve
weekly_stats = Gitlab::Ci::Charts::WeekChart.new(object)
monthly_stats = Gitlab::Ci::Charts::MonthChart.new(object)
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 184ed44146f..a9446810e81 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -283,6 +283,7 @@ class ProjectPolicy < BasePolicy
enable :read_confidential_issues
enable :read_package
enable :read_product_analytics
+ enable :read_ci_cd_analytics
end
# We define `:public_user_access` separately because there are cases in gitlab-ee
@@ -479,6 +480,7 @@ class ProjectPolicy < BasePolicy
prevent(:read_insights)
prevent(:read_cycle_analytics)
prevent(:read_repository_graphs)
+ prevent(:read_ci_cd_analytics)
end
rule { wiki_disabled }.policy do
@@ -554,6 +556,7 @@ class ProjectPolicy < BasePolicy
enable :read_cycle_analytics
enable :read_pages_content
enable :read_analytics
+ enable :read_ci_cd_analytics
enable :read_insights
# NOTE: may be overridden by IssuePolicy
View Lorry Controller Status