diff --git a/ee/app/controllers/projects/duo_agents_platform_controller.rb b/ee/app/controllers/projects/duo_agents_platform_controller.rb index 351b42ef3acbde5a6e666c771f35ef9b0914af5d..736b5629c01dfdb901dfea56b41bed26e25c9a35 100644 --- a/ee/app/controllers/projects/duo_agents_platform_controller.rb +++ b/ee/app/controllers/projects/duo_agents_platform_controller.rb @@ -15,7 +15,7 @@ def show; end private def check_access - return render_404 unless project&.duo_features_enabled && current_user.can?(:duo_workflow, project) + return render_404 unless Ability.allowed?(current_user, :duo_workflow, project) if specific_vueroute? render_404 unless authorized_for_route? diff --git a/ee/spec/features/projects/automate/sessions_spec.rb b/ee/spec/features/projects/automate/sessions_spec.rb index 1490d9ad2bd63d76a1e244903c1d75bf780f6eda..358a0b8b0a39fca769029c98fa9002e3b3add06c 100644 --- a/ee/spec/features/projects/automate/sessions_spec.rb +++ b/ee/spec/features/projects/automate/sessions_spec.rb @@ -104,14 +104,6 @@ end end - context 'when duo features are disabled' do - before do - project.project_setting.update!(duo_features_enabled: false) - end - - include_examples 'returns 404 page' - end - context 'when duo remote flows are disabled' do before do project.project_setting.update!(duo_remote_flows_enabled: false) @@ -138,8 +130,7 @@ context 'when user does not have duo_workflow permission' do before do - allow(user).to receive(:can?).and_call_original - allow(user).to receive(:can?).with(:duo_workflow, project).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :duo_workflow, anything).and_return(false) end include_examples 'returns 404 page' diff --git a/ee/spec/requests/projects/duo_agents_platform_controller_spec.rb b/ee/spec/requests/projects/duo_agents_platform_controller_spec.rb index f3083960b31132ab021f2222fcf4c9f7827a9937..6b3c41b6511a5a3830c0b09e79243852222fdcd2 100644 --- a/ee/spec/requests/projects/duo_agents_platform_controller_spec.rb +++ b/ee/spec/requests/projects/duo_agents_platform_controller_spec.rb @@ -11,8 +11,8 @@ project.project_setting.update!(duo_remote_flows_enabled: true, duo_features_enabled: true) sign_in(user) - allow(user).to receive(:can?).and_return(true) - allow(user).to receive(:can?).with(:duo_workflow, project).and_return(true) + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?).with(user, anything, anything).and_return(true) end describe 'GET /:namespace/:project/-/automate' do @@ -35,7 +35,7 @@ context 'and the user does not have access to duo_workflow' do before do - allow(user).to receive(:can?).with(:duo_workflow, project).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :duo_workflow, project).and_return(false) end it 'does not render' do @@ -84,19 +84,6 @@ end end - context 'when duo_features_enabled setting is disabled for the project' do - before do - allow(::Ai::DuoWorkflow).to receive(:enabled?).and_return(true) - project.project_setting.update!(duo_features_enabled: false) - end - - it 'returns 404' do - get project_automate_agent_sessions_path(project) - - expect(response).to have_gitlab_http_status(:not_found) - end - end - context 'when vueroute is agents' do context 'when global_ai_catalog feature is enabled' do before do @@ -108,6 +95,20 @@ expect(response).to have_gitlab_http_status(:ok) end + + context 'when the user is not signed in and the project is public' do + let_it_be(:project) { create(:project, :public) } + + before do + sign_out(user) + end + + it 'returns a 404' do + get project_automate_agents_path(project) + + expect(response).to have_gitlab_http_status(:not_found) + end + end end context 'when global_ai_catalog feature is disabled' do @@ -147,7 +148,7 @@ context 'when user cannot manage ai flow triggers' do before do - allow(user).to receive(:can?).with(:manage_ai_flow_triggers, project).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :manage_ai_flow_triggers, project).and_return(false) end it 'returns 404' do