From 0fd397bba1a36136c3737165c9057bc59dcbca77 Mon Sep 17 00:00:00 2001
From: James Lopez <james@jameslopez.es>
Date: Mon, 21 Nov 2016 10:48:07 +0100
Subject: Added permissions per stage to cycle analytics endpoint

---
 lib/gitlab/cycle_analytics/permissions.rb | 49 +++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 lib/gitlab/cycle_analytics/permissions.rb

(limited to 'lib')

diff --git a/lib/gitlab/cycle_analytics/permissions.rb b/lib/gitlab/cycle_analytics/permissions.rb
new file mode 100644
index 00000000000..121b723f7be
--- /dev/null
+++ b/lib/gitlab/cycle_analytics/permissions.rb
@@ -0,0 +1,49 @@
+module Gitlab
+  module CycleAnalytics
+    class Permissions
+      STAGE_PERMISSIONS = {
+        read_build: [:test, :staging],
+        read_issue: [:issue, :production],
+        read_merge_request: [:code, :review]
+      }.freeze
+
+      def self.get(*args)
+        new(*args).get
+      end
+
+      def initialize(user:, project:)
+        @user = user
+        @project = project
+        @stage_permission_hash = {}
+      end
+
+      def get
+        ::CycleAnalytics::STAGES.each do |stage|
+          @stage_permission_hash[stage] = authorized_stage?(stage)
+        end
+
+        @stage_permission_hash
+      end
+
+      private
+
+      def authorized_stage?(stage)
+        return false unless authorize_project(:read_cycle_analytics)
+
+        permissions_for_stage(stage).keys.each do |permission|
+          return false unless authorize_project(permission)
+        end
+
+        true
+      end
+
+      def permissions_for_stage(stage)
+        STAGE_PERMISSIONS.select { |_permission, stages| stages.include?(stage) }
+      end
+
+      def authorize_project(permission)
+        Ability.allowed?(@user, permission, @project)
+      end
+    end
+  end
+end
-- 
cgit v1.2.1


From 9b691688583ad46d5608320ec64873dd2eb9a647 Mon Sep 17 00:00:00 2001
From: James Lopez <james@jameslopez.es>
Date: Mon, 21 Nov 2016 14:09:26 +0100
Subject: refactored a couple of things based on feedback

---
 lib/gitlab/cycle_analytics/permissions.rb | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

(limited to 'lib')

diff --git a/lib/gitlab/cycle_analytics/permissions.rb b/lib/gitlab/cycle_analytics/permissions.rb
index 121b723f7be..bef3b95ff1b 100644
--- a/lib/gitlab/cycle_analytics/permissions.rb
+++ b/lib/gitlab/cycle_analytics/permissions.rb
@@ -2,9 +2,12 @@ module Gitlab
   module CycleAnalytics
     class Permissions
       STAGE_PERMISSIONS = {
-        read_build: [:test, :staging],
-        read_issue: [:issue, :production],
-        read_merge_request: [:code, :review]
+        issue: :read_issue,
+        code: :read_merge_request,
+        test: :read_build,
+        review: :read_merge_request,
+        staging: :read_build,
+        production: :read_issue,
       }.freeze
 
       def self.get(*args)
@@ -30,15 +33,7 @@ module Gitlab
       def authorized_stage?(stage)
         return false unless authorize_project(:read_cycle_analytics)
 
-        permissions_for_stage(stage).keys.each do |permission|
-          return false unless authorize_project(permission)
-        end
-
-        true
-      end
-
-      def permissions_for_stage(stage)
-        STAGE_PERMISSIONS.select { |_permission, stages| stages.include?(stage) }
+        STAGE_PERMISSIONS[stage] ? authorize_project(STAGE_PERMISSIONS[stage]) : true
       end
 
       def authorize_project(permission)
-- 
cgit v1.2.1