# This list tracks unknown abilities per policy. # # This file is used by `spec/support/ability_check.rb`. # # Each TODO entry means that an ability wasn't found in # the particular policy class or its delegations. # # This could be one of the reasons: # * The ability is misspelled. # - Suggested action: Fix typo. # * The ability has been removed from a policy but is still in use. # - Remove production code in question. # * The ability is defined in EE policy but is used in FOSS code. # - Guard the check or move it to EE folder. # - See https://docs.gitlab.com/ee/development/ee_features.html # * The ability is defined in another policy but delegation is missing. # - Add delegation policy or guard the check with a type check. # - See https://docs.gitlab.com/ee/development/policies.html#delegation # * The ability check is polymorphic (for example, Issuable) and some policies # do not implement this ability. # - Exclude TODO permanently below. # - Guard the check with a type check. # * The ability check is defined on GraphQL field which does not support # authorization on resolved field values yet. # See https://gitlab.com/gitlab-org/gitlab/-/issues/300922 --- # : # - # - # ... # Temporary excludes: Ci::BridgePolicy: - read_job_artifacts CommitStatusPolicy: - read_job_artifacts EpicPolicy: - create_timelog - read_emoji - set_issue_crm_contacts GlobalPolicy: - read_achievement - read_on_demand_dast_scan - update_max_pages_size GroupPolicy: - admin_merge_request - change_push_rules - manage_owners IssuePolicy: - create_test_case MergeRequestPolicy: - set_confidentiality - set_issue_crm_contacts Namespaces::UserNamespacePolicy: - read_crm_contact PersonalSnippetPolicy: - read_internal_note - read_project ProjectMemberPolicy: - override_project_member ProjectPolicy: - admin_feature_flags_issue_links - admin_vulnerability - create_requirement - create_test_case - read_group_saml_identity UserPolicy: - admin_terraform_state # Permanent excludes (please provide a reason):