Add comments on what controllers are used by FF

Add comments to the security dashboards' controllers that explain their behavior and usage in different states of the first_class_vulnerabilities feature flag.

Add comments on what controllers are used by FF
Add comments to the security dashboards' controllers that explain their behavior and usage in different states of the first_class_vulnerabilities feature flag.
43e07b91 · Victor Zagorodny · Dmitriy Zaporozhets · d3da41b3 · 43e07b91 · 43e07b91
Commit 43e07b91 authored Nov 14, 2019 by Victor Zagorodny Committed by Dmitriy Zaporozhets Nov 14, 2019
8 changed files
--- a/ee/app/controllers/groups/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/groups/security/vulnerabilities_controller.rb
@@ -10,7 +10,19 @@ class Groups::Security::VulnerabilitiesController < Groups::ApplicationControlle

  private

+  # See the table below to understand the relation between first_class_vulnerabilities feature state and
+  # Group Security Dashboard controller being used:
+  #
+  # | first_class_vulnerabilities | controller to use                     |
+  # |---------------------------- | ------------------------------------- |
+  # | enabled                     | groups/security/vulnerability_findings |
+  # | disabled                    | groups/security/vulnerabilities        |
+  #
+  # The reason is that when first_class_vulnerabilities is enabled, Vulnerabilities name is reserved for
+  # Standalone Vulnerabilities https://gitlab.com/gitlab-org/gitlab/issues/13561, and the entity that
+  # was previously returned by Vulnerabilities-named endpoints get the name of Vulnerability Findings.
+  # See also: https://gitlab.com/gitlab-org/gitlab/merge_requests/19029
  def vulnerabilities_action_enabled?
-    Feature.disabled?(:vulnerability_findings_api)
+    Feature.disabled?(:first_class_vulnerabilities)
  end
 end
--- a/ee/app/controllers/groups/security/vulnerability_findings_controller.rb
+++ b/ee/app/controllers/groups/security/vulnerability_findings_controller.rb
@@ -10,7 +10,19 @@ class Groups::Security::VulnerabilityFindingsController < Groups::ApplicationCon

  private

+  # See the table below to understand the relation between first_class_vulnerabilities feature state and
+  # Group Security Dashboard controller being used:
+  #
+  # | first_class_vulnerabilities | controller to use                     |
+  # |---------------------------- | ------------------------------------- |
+  # | enabled                     | groups/security/vulnerability_findings |
+  # | disabled                    | groups/security/vulnerabilities        |
+  #
+  # The reason is that when first_class_vulnerabilities is enabled, Vulnerabilities name is reserved for
+  # Standalone Vulnerabilities https://gitlab.com/gitlab-org/gitlab/issues/13561, and the entity that
+  # was previously returned by Vulnerabilities-named endpoints get the name of Vulnerability Findings.
+  # See also: https://gitlab.com/gitlab-org/gitlab/merge_requests/19029
  def vulnerabilities_action_enabled?
-    Feature.enabled?(:vulnerability_findings_api)
+    Feature.enabled?(:first_class_vulnerabilities)
  end
 end
--- a/ee/app/controllers/projects/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/projects/security/vulnerabilities_controller.rb
@@ -9,6 +9,18 @@ class Projects::Security::VulnerabilitiesController < Projects::ApplicationContr

  private

+  # See the table below to understand the relation between first_class_vulnerabilities feature state and
+  # Group Security Dashboard controller being used:
+  #
+  # | first_class_vulnerabilities | controller to use                        |
+  # |---------------------------- | ---------------------------------------- |
+  # | enabled                     | projects/security/vulnerability_findings |
+  # | disabled                    | projects/security/vulnerabilities        |
+  #
+  # The reason is that when first_class_vulnerabilities is enabled, Vulnerabilities name is reserved for
+  # Standalone Vulnerabilities https://gitlab.com/gitlab-org/gitlab/issues/13561, and the entity that
+  # was previously returned by Vulnerabilities-named endpoints get the name of Vulnerability Findings.
+  # See also: https://gitlab.com/gitlab-org/gitlab/merge_requests/19029
  def vulnerabilities_action_enabled?
    Feature.disabled?(:first_class_vulnerabilities)
  end

--- a/ee/app/controllers/projects/security/vulnerability_findings_controller.rb
+++ b/ee/app/controllers/projects/security/vulnerability_findings_controller.rb
@@ -9,6 +9,18 @@ class Projects::Security::VulnerabilityFindingsController < Projects::Applicatio

  private

+  # See the table below to understand the relation between first_class_vulnerabilities feature state and
+  # Group Security Dashboard controller being used:
+  #
+  # | first_class_vulnerabilities | controller to use                        |
+  # |---------------------------- | ---------------------------------------- |
+  # | enabled                     | projects/security/vulnerability_findings |
+  # | disabled                    | projects/security/vulnerabilities        |
+  #
+  # The reason is that when first_class_vulnerabilities is enabled, Vulnerabilities name is reserved for
+  # Standalone Vulnerabilities https://gitlab.com/gitlab-org/gitlab/issues/13561, and the entity that
+  # was previously returned by Vulnerabilities-named endpoints get the name of Vulnerability Findings.
+  # See also: https://gitlab.com/gitlab-org/gitlab/merge_requests/19029
  def vulnerabilities_action_enabled?
    Feature.enabled?(:first_class_vulnerabilities)
  end

--- a/ee/app/helpers/ee/groups_helper.rb
+++ b/ee/app/helpers/ee/groups_helper.rb
@@ -62,7 +62,7 @@ module EE

    def group_vulnerabilities_endpoint_path(group)
      params = group_path_params(group)
-      if ::Feature.enabled?(:vulnerability_findings_api)
+      if ::Feature.enabled?(:first_class_vulnerabilities)
        group_security_vulnerability_findings_path(params)
      else
        group_security_vulnerabilities_path(params)
@@ -71,7 +71,7 @@ module EE

    def group_vulnerabilities_summary_endpoint_path(group)
      params = group_path_params(group)
-      if ::Feature.enabled?(:vulnerability_findings_api)
+      if ::Feature.enabled?(:first_class_vulnerabilities)
        summary_group_security_vulnerability_findings_path(params)
      else
        summary_group_security_vulnerabilities_path(params)
@@ -80,7 +80,7 @@ module EE

    def group_vulnerabilities_history_endpoint_path(group)
      params = group_path_params(group)
-      if ::Feature.enabled?(:vulnerability_findings_api)
+      if ::Feature.enabled?(:first_class_vulnerabilities)
        history_group_security_vulnerability_findings_path(params)
      else
        history_group_security_vulnerabilities_path(params)

--- a/ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
+++ b/ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
@@ -24,7 +24,7 @@ describe Groups::Security::VulnerabilitiesController do

  context 'when new Vulnerability Findings API is disabled' do
    before do
-      stub_feature_flags(vulnerability_findings_api: false)
+      stub_feature_flags(first_class_vulnerabilities: false)
    end

    # when new Vulnerability Findings API is disabled, we fall back to this controller

--- a/ee/spec/controllers/groups/security/vulnerability_findings_controller_spec.rb
+++ b/ee/spec/controllers/groups/security/vulnerability_findings_controller_spec.rb
@@ -23,7 +23,7 @@ describe Groups::Security::VulnerabilityFindingsController do

  context 'when new Vulnerability Findings API is disabled' do
    before do
-      stub_feature_flags(vulnerability_findings_api: false)
+      stub_feature_flags(first_class_vulnerabilities: false)
    end

    # when new Vulnerability Findings API is disabled, this controller is disabled as well

--- a/ee/spec/helpers/ee/groups_helper_spec.rb
+++ b/ee/spec/helpers/ee/groups_helper_spec.rb
@@ -61,7 +61,7 @@ describe GroupsHelper do

  context 'when new Vulnerability Findings API disabled' do
    before do
-      stub_feature_flags(vulnerability_findings_api: false)
+      stub_feature_flags(first_class_vulnerabilities: false)
    end

    it 'returns legacy "vulnerabilities" endpoint paths' do