Merge branch '11439-dry-vulnerability-feedback-permissions-checks' into 'master'

Reusing already defined methods See merge request gitlab-org/gitlab-ee!14748

Merge branch '11439-dry-vulnerability-feedback-permissions-checks' into 'master'
Reusing already defined methods See merge request gitlab-org/gitlab-ee!14748
0f6d6679 · Stan Hu · eef3c955 · 1b560a56 · 0f6d6679 · 0f6d6679
Commit 0f6d6679 authored Aug 06, 2019 by Stan Hu
5 changed files
--- a/ee/app/presenters/ee/merge_request_presenter.rb
+++ b/ee/app/presenters/ee/merge_request_presenter.rb
@@ -3,6 +3,7 @@
 module EE
  module MergeRequestPresenter
    include ::VisibleApprovable
+    include ::EE::ProjectsHelper # rubocop: disable Cop/InjectEnterpriseEditionModule
    def approvals_path
      if expose_mr_approval_path?
@@ -56,33 +57,10 @@ module EE
      project_vulnerability_feedback_index_path(merge_request.project)
    end
-    def create_vulnerability_feedback_issue_path
-      if expose_create_feedback_path?(:issue)
-        vulnerability_feedback_path
-      end
-    end
-    def create_vulnerability_feedback_merge_request_path
-      if expose_create_feedback_path?(:merge_request)
-        vulnerability_feedback_path
-      end
-    end
-    def create_vulnerability_feedback_dismissal_path
-      if expose_create_feedback_path?(:dismissal)
-        vulnerability_feedback_path
-      end
-    end
    private
    def expose_mr_approval_path?
      approval_feature_available? && merge_request.iid
    end
-    def expose_create_feedback_path?(feedback_type)
-      feedback = Vulnerabilities::Feedback.new(project: merge_request.project, feedback_type: feedback_type)
-      can?(current_user, :create_vulnerability_feedback, feedback)
-    end
  end
 end
--- a/ee/app/serializers/ee/merge_request_widget_entity.rb
+++ b/ee/app/serializers/ee/merge_request_widget_entity.rb
@@ -117,15 +117,15 @@ module EE
      end
      expose :create_vulnerability_feedback_issue_path do |merge_request|
-        presenter(merge_request).create_vulnerability_feedback_issue_path
+        presenter(merge_request).create_vulnerability_feedback_issue_path(merge_request.project)
      end
      expose :create_vulnerability_feedback_merge_request_path do |merge_request|
-        presenter(merge_request).create_vulnerability_feedback_merge_request_path
+        presenter(merge_request).create_vulnerability_feedback_merge_request_path(merge_request.project)
      end
      expose :create_vulnerability_feedback_dismissal_path do |merge_request|
-        presenter(merge_request).create_vulnerability_feedback_dismissal_path
+        presenter(merge_request).create_vulnerability_feedback_dismissal_path(merge_request.project)
      end
      expose :rebase_commit_sha

--- a/ee/app/serializers/vulnerabilities/occurrence_entity.rb
+++ b/ee/app/serializers/vulnerabilities/occurrence_entity.rb
 # frozen_string_literal: true
 class Vulnerabilities::OccurrenceEntity < Grape::Entity
+  include ::EE::ProjectsHelper # rubocop: disable Cop/InjectEnterpriseEditionModule
  include RequestAwareEntity
  expose :id, :report_type, :name, :severity, :confidence
  expose :scanner, using: Vulnerabilities::ScannerEntity
  expose :identifiers, using: Vulnerabilities::IdentifierEntity
  expose :project_fingerprint
-  expose :vulnerability_feedback_path, as: :create_vulnerability_feedback_issue_path, if: ->(_, _) { can_create_feedback?(:issue) }
+  expose :create_vulnerability_feedback_issue_path do |occurrence|
-  expose :vulnerability_feedback_path, as: :create_vulnerability_feedback_merge_request_path, if: ->(_, _) { can_create_feedback?(:merge_request) }
+    create_vulnerability_feedback_issue_path(occurrence.project)
-  expose :vulnerability_feedback_path, as: :create_vulnerability_feedback_dismissal_path, if: ->(_, _) { can_create_feedback?(:dismissal) }
+  end
+  expose :create_vulnerability_feedback_merge_request_path do |occurrence|
+    create_vulnerability_feedback_merge_request_path(occurrence.project)
+  end
+  expose :create_vulnerability_feedback_dismissal_path do |occurrence|
+    create_vulnerability_feedback_dismissal_path(occurrence.project)
+  end
  expose :project, using: ::ProjectEntity
  expose :dismissal_feedback, using: Vulnerabilities::FeedbackEntity
  expose :issue_feedback, using: Vulnerabilities::FeedbackEntity
@@ -28,15 +36,5 @@ class Vulnerabilities::OccurrenceEntity < Grape::Entity
  end
  alias_method :occurrence, :object
+  delegate :current_user, to: :request
-  private
-  def vulnerability_feedback_path
-    project_vulnerability_feedback_index_path(occurrence.project)
-  end
-  def can_create_feedback?(feedback_type)
-    feedback = Vulnerabilities::Feedback.new(project: occurrence.project, feedback_type: feedback_type)
-    can?(request.current_user, :create_vulnerability_feedback, feedback)
-  end
 end
--- a/ee/spec/presenters/merge_request_presenter_spec.rb
+++ b/ee/spec/presenters/merge_request_presenter_spec.rb
@@ -135,14 +135,14 @@ describe MergeRequestPresenter do
    end
    with_them do
-      subject { described_class.new(merge_request, current_user: user).public_send(create_feedback_path) }
+      subject { described_class.new(merge_request, current_user: user).public_send(create_feedback_path, merge_request.project) }
      it { is_expected.to eq("/#{merge_request.project.full_path}/vulnerability_feedback") }
      context 'when not allowed to create vulnerability feedback' do
        let(:unauthorized_user) { create(:user) }
-        subject { described_class.new(merge_request, current_user: unauthorized_user).public_send(create_feedback_path) }
+        subject { described_class.new(merge_request, current_user: unauthorized_user).public_send(create_feedback_path, merge_request.project) }
        it "does not contain #{params['create_feedback_path']}" do
          expect(subject).to be_nil

--- a/ee/spec/serializers/vulnerabilities/occurrence_entity_spec.rb
+++ b/ee/spec/serializers/vulnerabilities/occurrence_entity_spec.rb
@@ -62,9 +62,9 @@ describe Vulnerabilities::OccurrenceEntity do
      end
      it 'does not contain vulnerability feedback paths' do
-        expect(subject).not_to include(:create_vulnerability_feedback_issue_path)
+        expect(subject[:create_vulnerability_feedback_issue_path]).to be_falsey
-        expect(subject).not_to include(:create_vulnerability_feedback_merge_request_path)
+        expect(subject[:create_vulnerability_feedback_merge_request_path]).to be_falsey
-        expect(subject).not_to include(:create_vulnerability_feedback_dismissal_path)
+        expect(subject[:create_vulnerability_feedback_dismissal_path]).to be_falsey
      end
    end
@@ -89,7 +89,7 @@ describe Vulnerabilities::OccurrenceEntity do
        let(:project) { create(:project, issues_access_level: ProjectFeature::DISABLED) }
        it 'does not contain vulnerability feedback issue path' do
-          expect(subject).not_to include(:create_vulnerability_feedback_issue_path)
+          expect(subject[:create_vulnerability_feedback_issue_path]).to be_falsey
        end
        it 'contains vulnerability feedback dismissal path' do
@@ -105,7 +105,7 @@ describe Vulnerabilities::OccurrenceEntity do
        let(:project) { create(:project, merge_requests_access_level: ProjectFeature::DISABLED) }
        it 'does not contain vulnerability feedback merge_request path' do
-          expect(subject).not_to include(:create_vulnerability_feedback_merge_request_path)
+          expect(subject[:create_vulnerability_feedback_merge_request_path]).to be_falsey
        end
        it 'contains vulnerability feedback issue path' do