From fd2b750075c79a99b54e83be3efba20e1067adae Mon Sep 17 00:00:00 2001 From: Matthew MacRae-Bovell Date: Wed, 1 Oct 2025 15:28:07 -0400 Subject: [PATCH 1/2] Rename destroy_feature_flag to delete --- app/policies/project_policy.rb | 6 +++--- app/serializers/feature_flag_entity.rb | 2 +- app/services/feature_flags/destroy_service.rb | 2 +- config/authz/permissions/definitions_todo.txt | 1 - lib/api/feature_flags.rb | 2 +- spec/policies/project_policy_spec.rb | 2 +- 6 files changed, 7 insertions(+), 8 deletions(-) diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 7ae973727f773c..ff45b9db1995f9 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -529,7 +529,7 @@ class ProjectPolicy < BasePolicy prevent :create_feature_flag prevent :update_feature_flag prevent :admin_feature_flag - prevent :destroy_feature_flag + prevent :delete_feature_flag prevent(:admin_feature_flags_user_lists) prevent(:admin_feature_flags_client) @@ -636,7 +636,7 @@ class ProjectPolicy < BasePolicy enable :read_feature_flag enable :create_feature_flag enable :update_feature_flag - enable :destroy_feature_flag + enable :delete_feature_flag enable :admin_feature_flag enable :admin_feature_flags_user_lists enable :update_escalation_status @@ -910,7 +910,7 @@ class ProjectPolicy < BasePolicy prevent :create_feature_flag prevent :update_feature_flag prevent :admin_feature_flag - prevent :destroy_feature_flag + prevent :delete_feature_flag prevent :admin_feature_flags_user_lists prevent :read_cluster diff --git a/app/serializers/feature_flag_entity.rb b/app/serializers/feature_flag_entity.rb index d3ad2a9f81f063..7c9193453bf87e 100644 --- a/app/serializers/feature_flag_entity.rb +++ b/app/serializers/feature_flag_entity.rb @@ -39,7 +39,7 @@ def can_update?(feature_flag) end def can_destroy?(feature_flag) - can?(current_user, :destroy_feature_flag, feature_flag) + can?(current_user, :delete_feature_flag, feature_flag) end def current_user diff --git a/app/services/feature_flags/destroy_service.rb b/app/services/feature_flags/destroy_service.rb index fdcbb802b162e7..5c6020f5cc0fd9 100644 --- a/app/services/feature_flags/destroy_service.rb +++ b/app/services/feature_flags/destroy_service.rb @@ -37,7 +37,7 @@ def audit_message(feature_flag) end def can_destroy?(feature_flag) - Ability.allowed?(current_user, :destroy_feature_flag, feature_flag) + Ability.allowed?(current_user, :delete_feature_flag, feature_flag) end end end diff --git a/config/authz/permissions/definitions_todo.txt b/config/authz/permissions/definitions_todo.txt index 5081bbef1d35d2..103b9376d25e53 100644 --- a/config/authz/permissions/definitions_todo.txt +++ b/config/authz/permissions/definitions_todo.txt @@ -300,7 +300,6 @@ destroy_deployment destroy_design destroy_environment destroy_epic -destroy_feature_flag destroy_feature_flags_client destroy_group_member destroy_issue diff --git a/lib/api/feature_flags.rb b/lib/api/feature_flags.rb index ffcea2cfd48e99..7370c4bfbfd418 100644 --- a/lib/api/feature_flags.rb +++ b/lib/api/feature_flags.rb @@ -208,7 +208,7 @@ def authorize_update_feature_flag! end def authorize_destroy_feature_flag! - authorize! :destroy_feature_flag, feature_flag + authorize! :delete_feature_flag, feature_flag end def present_entity(result) diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 70075e7e801714..cc82dcce805786 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -2553,7 +2553,7 @@ def set_access_level(access_level) let(:developer_permissions) do guest_permissions + [ - :read_feature_flag, :create_feature_flag, :update_feature_flag, :destroy_feature_flag, :admin_feature_flag, + :read_feature_flag, :create_feature_flag, :update_feature_flag, :delete_feature_flag, :admin_feature_flag, :admin_feature_flags_user_lists ] end -- GitLab From 391b518baa0c310e96ef88c91ce96d3bab3c5a49 Mon Sep 17 00:00:00 2001 From: Matthew MacRae-Bovell Date: Thu, 2 Oct 2025 13:34:42 -0400 Subject: [PATCH 2/2] Add yml schema for permission --- config/authz/permissions/feature_flag/delete.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 config/authz/permissions/feature_flag/delete.yml diff --git a/config/authz/permissions/feature_flag/delete.yml b/config/authz/permissions/feature_flag/delete.yml new file mode 100644 index 00000000000000..5d3a1ba3b3884e --- /dev/null +++ b/config/authz/permissions/feature_flag/delete.yml @@ -0,0 +1,4 @@ +--- +name: delete_feature_flag +description: Allows a user to delete a feature flag +feature_category: system_access -- GitLab