Add method to authorize reading from prometheus proxy

author: Ryan Cobb <rcobb@gitlab.com> 2019-09-07 08:24:33 +0000
committer: Kamil Trzciński <ayufan@ayufan.eu> 2019-09-07 08:24:33 +0000
commit: 935ecf5c91683d7eb742099c4b26bb00c1fe95d0 (patch)
tree: 1a0f754b071484cd96dfebcc8b9472272eb539ca
parent: 093858adc76f893c35b0bcf25127c3f229a7bcb6 (diff)
download: gitlab-ce-935ecf5c91683d7eb742099c4b26bb00c1fe95d0.tar.gz
2 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/clusters/base_controller.rb b/app/controllers/clusters/base_controller.rb
index ef42f7c4074..188805c6106 100644
--- a/app/controllers/clusters/base_controller.rb
+++ b/app/controllers/clusters/base_controller.rb
@@ -31,6 +31,10 @@ class Clusters::BaseController < ApplicationController
     access_denied! unless can?(current_user, :create_cluster, clusterable)
   end
 
+  def authorize_read_prometheus!
+    access_denied! unless can?(current_user, :read_prometheus, clusterable)
+  end
+
   def clusterable
     raise NotImplementedError
   end
diff --git a/app/policies/clusters/instance_policy.rb b/app/policies/clusters/instance_policy.rb
index bd7ff413afe..c8e6c973bf5 100644
--- a/app/policies/clusters/instance_policy.rb
+++ b/app/policies/clusters/instance_policy.rb
@@ -8,6 +8,7 @@ module Clusters
       enable :create_cluster
       enable :update_cluster
       enable :admin_cluster
+      enable :read_prometheus
     end
   end
 end
author	Ryan Cobb <rcobb@gitlab.com>	2019-09-07 08:24:33 +0000
committer	Kamil Trzciński <ayufan@ayufan.eu>	2019-09-07 08:24:33 +0000
commit	935ecf5c91683d7eb742099c4b26bb00c1fe95d0 (patch)
tree	1a0f754b071484cd96dfebcc8b9472272eb539ca
parent	093858adc76f893c35b0bcf25127c3f229a7bcb6 (diff)
download	gitlab-ce-935ecf5c91683d7eb742099c4b26bb00c1fe95d0.tar.gz