diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 7ae973727f773c297dbbb0ec84ccccbefaccf9ae..ff45b9db1995f9668cfa1baa085bfbb63cd7e144 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -529,7 +529,7 @@ class ProjectPolicy < BasePolicy prevent :create_feature_flag prevent :update_feature_flag prevent :admin_feature_flag - prevent :destroy_feature_flag + prevent :delete_feature_flag prevent(:admin_feature_flags_user_lists) prevent(:admin_feature_flags_client) @@ -636,7 +636,7 @@ class ProjectPolicy < BasePolicy enable :read_feature_flag enable :create_feature_flag enable :update_feature_flag - enable :destroy_feature_flag + enable :delete_feature_flag enable :admin_feature_flag enable :admin_feature_flags_user_lists enable :update_escalation_status @@ -910,7 +910,7 @@ class ProjectPolicy < BasePolicy prevent :create_feature_flag prevent :update_feature_flag prevent :admin_feature_flag - prevent :destroy_feature_flag + prevent :delete_feature_flag prevent :admin_feature_flags_user_lists prevent :read_cluster diff --git a/app/serializers/feature_flag_entity.rb b/app/serializers/feature_flag_entity.rb index d3ad2a9f81f063445b4ed29e882f2a13f5587af4..7c9193453bf87eceba6574d6653df83f8185bf2c 100644 --- a/app/serializers/feature_flag_entity.rb +++ b/app/serializers/feature_flag_entity.rb @@ -39,7 +39,7 @@ def can_update?(feature_flag) end def can_destroy?(feature_flag) - can?(current_user, :destroy_feature_flag, feature_flag) + can?(current_user, :delete_feature_flag, feature_flag) end def current_user diff --git a/app/services/feature_flags/destroy_service.rb b/app/services/feature_flags/destroy_service.rb index fdcbb802b162e7bf5bbcd77cb633ce5f399dde2f..5c6020f5cc0fd9f92f3ceea60b9839779b6f2fc1 100644 --- a/app/services/feature_flags/destroy_service.rb +++ b/app/services/feature_flags/destroy_service.rb @@ -37,7 +37,7 @@ def audit_message(feature_flag) end def can_destroy?(feature_flag) - Ability.allowed?(current_user, :destroy_feature_flag, feature_flag) + Ability.allowed?(current_user, :delete_feature_flag, feature_flag) end end end diff --git a/config/authz/permissions/definitions_todo.txt b/config/authz/permissions/definitions_todo.txt index 5081bbef1d35d21688ef67766e3f93d1bb294ee2..103b9376d25e5366347be52cdacc7a2f501591e8 100644 --- a/config/authz/permissions/definitions_todo.txt +++ b/config/authz/permissions/definitions_todo.txt @@ -300,7 +300,6 @@ destroy_deployment destroy_design destroy_environment destroy_epic -destroy_feature_flag destroy_feature_flags_client destroy_group_member destroy_issue diff --git a/config/authz/permissions/feature_flag/delete.yml b/config/authz/permissions/feature_flag/delete.yml new file mode 100644 index 0000000000000000000000000000000000000000..5d3a1ba3b3884eb73472068fca2b581d07069836 --- /dev/null +++ b/config/authz/permissions/feature_flag/delete.yml @@ -0,0 +1,4 @@ +--- +name: delete_feature_flag +description: Allows a user to delete a feature flag +feature_category: system_access diff --git a/lib/api/feature_flags.rb b/lib/api/feature_flags.rb index ffcea2cfd48e996f049b8f9e7c334d39056b958d..7370c4bfbfd4189bcc9da34090b5fb00e973952f 100644 --- a/lib/api/feature_flags.rb +++ b/lib/api/feature_flags.rb @@ -208,7 +208,7 @@ def authorize_update_feature_flag! end def authorize_destroy_feature_flag! - authorize! :destroy_feature_flag, feature_flag + authorize! :delete_feature_flag, feature_flag end def present_entity(result) diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 70075e7e80171425671e0137bcc1c5d0106f8acb..cc82dcce805786878da16127c729ceabe7269b4b 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -2553,7 +2553,7 @@ def set_access_level(access_level) let(:developer_permissions) do guest_permissions + [ - :read_feature_flag, :create_feature_flag, :update_feature_flag, :destroy_feature_flag, :admin_feature_flag, + :read_feature_flag, :create_feature_flag, :update_feature_flag, :delete_feature_flag, :admin_feature_flag, :admin_feature_flags_user_lists ] end