Merge branch 'fix/cycle-analytics-permissions' into 'master'

Added permissions per stage to cycle analytics endpoint

See merge request !7613

1 files changed, 44 insertions, 0 deletions

diff --git a/lib/gitlab/cycle_analytics/permissions.rb b/lib/gitlab/cycle_analytics/permissions.rb
new file mode 100644
index 00000000000..bef3b95ff1b
--- /dev/null
+++ b/lib/gitlab/cycle_analytics/permissions.rb
@@ -0,0 +1,44 @@
+module Gitlab
+  module CycleAnalytics
+    class Permissions
+      STAGE_PERMISSIONS = {
+        issue: :read_issue,
+        code: :read_merge_request,
+        test: :read_build,
+        review: :read_merge_request,
+        staging: :read_build,
+        production: :read_issue,
+      }.freeze
+
+      def self.get(*args)
+        new(*args).get
+      end
+
+      def initialize(user:, project:)
+        @user = user
+        @project = project
+        @stage_permission_hash = {}
+      end
+
+      def get
+        ::CycleAnalytics::STAGES.each do |stage|
+          @stage_permission_hash[stage] = authorized_stage?(stage)
+        end
+
+        @stage_permission_hash
+      end
+
+      private
+
+      def authorized_stage?(stage)
+        return false unless authorize_project(:read_cycle_analytics)
+
+        STAGE_PERMISSIONS[stage] ? authorize_project(STAGE_PERMISSIONS[stage]) : true
+      end
+
+      def authorize_project(permission)
+        Ability.allowed?(@user, permission, @project)
+      end
+    end
+  end
+end