From 935ecf5c91683d7eb742099c4b26bb00c1fe95d0 Mon Sep 17 00:00:00 2001
From: Ryan Cobb <rcobb@gitlab.com>
Date: Sat, 7 Sep 2019 08:24:33 +0000
Subject: Add method to authorize reading from prometheus proxy

---
 app/controllers/clusters/base_controller.rb | 4 ++++
 app/policies/clusters/instance_policy.rb    | 1 +
 2 files changed, 5 insertions(+)

diff --git a/app/controllers/clusters/base_controller.rb b/app/controllers/clusters/base_controller.rb
index ef42f7c4074..188805c6106 100644
--- a/app/controllers/clusters/base_controller.rb
+++ b/app/controllers/clusters/base_controller.rb
@@ -31,6 +31,10 @@ class Clusters::BaseController < ApplicationController
     access_denied! unless can?(current_user, :create_cluster, clusterable)
   end
 
+  def authorize_read_prometheus!
+    access_denied! unless can?(current_user, :read_prometheus, clusterable)
+  end
+
   def clusterable
     raise NotImplementedError
   end
diff --git a/app/policies/clusters/instance_policy.rb b/app/policies/clusters/instance_policy.rb
index bd7ff413afe..c8e6c973bf5 100644
--- a/app/policies/clusters/instance_policy.rb
+++ b/app/policies/clusters/instance_policy.rb
@@ -8,6 +8,7 @@ module Clusters
       enable :create_cluster
       enable :update_cluster
       enable :admin_cluster
+      enable :read_prometheus
     end
   end
 end
-- 
cgit v1.2.1