Add read_instance_statistics global policy

4 files changed, 5 insertions, 10 deletions

diff --git a/app/controllers/instance_statistics/application_controller.rb b/app/controllers/instance_statistics/application_controller.rb
index 37e4b26c5c1..85b28a6080d 100644
--- a/app/controllers/instance_statistics/application_controller.rb
+++ b/app/controllers/instance_statistics/application_controller.rb
@@ -4,11 +4,7 @@ class InstanceStatistics::ApplicationController < ApplicationController
   before_action :authenticate_user!
   layout 'instance_statistics'
 
-  def index
-    redirect_to instance_statistics_conversations_development_index_index_path
-  end
-
   def authenticate_user!
-    render_404 if ApplicationSettingsHelper.hide_instance_statistics?(current_user)
+    render_404 unless can?(current_user, :read_instance_statistics)
   end
 end
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index b355008f087..9e2346177a4 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -15,10 +15,6 @@ module ApplicationSettingsHelper
   def allowed_protocols_present?
     Gitlab::CurrentSettings.enabled_git_access_protocol.present?
   end
-  
-  def hide_instance_statistics?(user = current_user)
-    Gitlab::CurrentSettings.instance_statistics_visibility_private? && !user.admin?
-  end
 
   def enabled_protocol
     case Gitlab::CurrentSettings.enabled_git_access_protocol
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index 6e3827736b2..bf146dc375b 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -19,6 +19,9 @@ class GlobalPolicy < BasePolicy
     @user&.required_terms_not_accepted?
   end
 
+  condition(:private_instance_statistics, score: 0) { Gitlab::CurrentSettings.instance_statistics_visibility_private? }
+  rule { admin | ~private_instance_statistics }.enable :read_instance_statistics
+
   rule { anonymous }.policy do
     prevent :log_in
     prevent :receive_notifications
diff --git a/app/views/layouts/nav/_dashboard.html.haml b/app/views/layouts/nav/_dashboard.html.haml
index 356e52918d9..fb7ba1527e3 100644
--- a/app/views/layouts/nav/_dashboard.html.haml
+++ b/app/views/layouts/nav/_dashboard.html.haml
@@ -70,7 +70,7 @@
     = nav_link(controller: 'admin/dashboard') do
       = link_to admin_root_path, class: 'admin-icon qa-admin-area-link', title: _('Admin area'), aria: { label: _("Admin area") }, data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do
         = sprite_icon('admin', size: 18)
-  - unless hide_instance_statistics?
+  - if can?(current_user, :read_instance_statistics)
     = nav_link(controller: :instance_statistics) do
       = link_to instance_statistics_root_path, title: 'Instance statistics', aria: { label: 'Instance statistics' }, data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do
         = sprite_icon('chart', size: 18)