debian-mirror-gitlab/spec/support/ability_check_todo.yml

# This list tracks unknown abilities per policy.
#
# This file is used by `spec/support/ability_check.rb`.
#
# Each TODO entry means that an ability wasn't found in
# the particular policy class or its delegations.
#
# This could be one of the reasons:
# * The ability is misspelled.
#     - Suggested action: Fix typo.
# * The ability has been removed from a policy but is still in use.
#     - Remove production code in question.
# * The ability is defined in EE policy but is used in FOSS code.
#     - Guard the check or move it to EE folder.
#     - See https://docs.gitlab.com/ee/development/ee_features.html
# * The ability is defined in another policy but delegation is missing.
#     - Add delegation policy or guard the check with a type check.
#     - See https://docs.gitlab.com/ee/development/policies.html#delegation
# * The ability check is polymorphic (for example, Issuable) and some policies
#   do not implement this ability.
#     - Exclude TODO permanently below.
#     - Guard the check with a type check.
# * The ability check is defined on GraphQL field which does not support
#   authorization on resolved field values yet.
#   See https://gitlab.com/gitlab-org/gitlab/-/issues/300922
---
# <Policy class>:
#   - <ability name>
#   - <ability name>
#   ...

# Temporary excludes:

Ci::BridgePolicy:
- read_job_artifacts
CommitStatusPolicy:
- read_job_artifacts
EpicPolicy:
- create_timelog
- read_emoji
- set_issue_crm_contacts
GlobalPolicy:
- read_achievement
- read_on_demand_dast_scan
- update_max_pages_size
GroupPolicy:
- admin_merge_request
- change_push_rules
- manage_owners
IssuePolicy:
- create_test_case
MergeRequestPolicy:
- set_confidentiality
- set_issue_crm_contacts
Namespaces::UserNamespacePolicy:
- read_crm_contact
PersonalSnippetPolicy:
- read_internal_note
- read_project
ProjectMemberPolicy:
- override_project_member
ProjectPolicy:
- admin_feature_flags_issue_links
- admin_vulnerability
- create_requirement
- create_test_case
- read_group_saml_identity
UserPolicy:
- admin_observability
- admin_terraform_state
- read_observability

# Permanent excludes (please provide a reason):
New upstream version 15.10.7+ds1 2023-05-27 22:25:52 +05:30			`# This list tracks unknown abilities per policy.`
			`#`
			# This file is used by `spec/support/ability_check.rb`.
			`#`
			`# Each TODO entry means that an ability wasn't found in`
			`# the particular policy class or its delegations.`
			`#`
			`# This could be one of the reasons:`
			`# * The ability is misspelled.`
			`# - Suggested action: Fix typo.`
			`# * The ability has been removed from a policy but is still in use.`
			`# - Remove production code in question.`
			`# * The ability is defined in EE policy but is used in FOSS code.`
			`# - Guard the check or move it to EE folder.`
			`# - See https://docs.gitlab.com/ee/development/ee_features.html`
			`# * The ability is defined in another policy but delegation is missing.`
			`# - Add delegation policy or guard the check with a type check.`
			`# - See https://docs.gitlab.com/ee/development/policies.html#delegation`
			`# * The ability check is polymorphic (for example, Issuable) and some policies`
			`# do not implement this ability.`
			`# - Exclude TODO permanently below.`
			`# - Guard the check with a type check.`
			`# * The ability check is defined on GraphQL field which does not support`
			`# authorization on resolved field values yet.`
			`# See https://gitlab.com/gitlab-org/gitlab/-/issues/300922`
			`---`
			`# <Policy class>:`
			`# - <ability name>`
			`# - <ability name>`
			`# ...`

			`# Temporary excludes:`

			`Ci::BridgePolicy:`
			`- read_job_artifacts`
			`CommitStatusPolicy:`
			`- read_job_artifacts`
			`EpicPolicy:`
			`- create_timelog`
			`- read_emoji`
			`- set_issue_crm_contacts`
			`GlobalPolicy:`
			`- read_achievement`
			`- read_on_demand_dast_scan`
			`- update_max_pages_size`
			`GroupPolicy:`
			`- admin_merge_request`
			`- change_push_rules`
			`- manage_owners`
			`IssuePolicy:`
			`- create_test_case`
			`MergeRequestPolicy:`
			`- set_confidentiality`
			`- set_issue_crm_contacts`
			`Namespaces::UserNamespacePolicy:`
			`- read_crm_contact`
			`PersonalSnippetPolicy:`
			`- read_internal_note`
			`- read_project`
			`ProjectMemberPolicy:`
			`- override_project_member`
			`ProjectPolicy:`
			`- admin_feature_flags_issue_links`
			`- admin_vulnerability`
			`- create_requirement`
			`- create_test_case`
			`- read_group_saml_identity`
			`UserPolicy:`
			`- admin_observability`
			`- admin_terraform_state`
			`- read_observability`

			`# Permanent excludes (please provide a reason):`