Commit 4f6c629d authored by Ash McKenzie's avatar Ash McKenzie

Merge branch 'add-new-policy-for-ondemand-scans-218685' into 'master'

Add new ondemand scan ability to project policy

See merge request gitlab-org/gitlab!34476
parents 01e3ab93 b8366bd3
...@@ -27,7 +27,7 @@ module Mutations ...@@ -27,7 +27,7 @@ module Mutations
required: true, required: true,
description: 'The type of scan to be run.' description: 'The type of scan to be run.'
authorize :create_pipeline authorize :run_ondemand_dast_scan
def resolve(project_path:, target_url:, branch:, scan_type:) def resolve(project_path:, target_url:, branch:, scan_type:)
project = authorized_find!(full_path: project_path) project = authorized_find!(full_path: project_path)
......
...@@ -259,6 +259,7 @@ module EE ...@@ -259,6 +259,7 @@ module EE
enable :admin_feature_flag enable :admin_feature_flag
enable :admin_feature_flags_user_lists enable :admin_feature_flags_user_lists
enable :read_ci_minutes_quota enable :read_ci_minutes_quota
enable :run_ondemand_dast_scan
end end
rule { can?(:developer_access) & iterations_available }.policy do rule { can?(:developer_access) & iterations_available }.policy do
......
...@@ -3,7 +3,8 @@ ...@@ -3,7 +3,8 @@
require 'spec_helper' require 'spec_helper'
describe Mutations::Pipelines::RunDastScan do describe Mutations::Pipelines::RunDastScan do
let(:project) { create(:project) } let(:group) { create(:group) }
let(:project) { create(:project, group: group) }
let(:user) { create(:user) } let(:user) { create(:user) }
let(:project_path) { project.full_path } let(:project_path) { project.full_path }
let(:target_url) { FFaker::Internet.uri(:https) } let(:target_url) { FFaker::Internet.uri(:https) }
...@@ -41,22 +42,40 @@ describe Mutations::Pipelines::RunDastScan do ...@@ -41,22 +42,40 @@ describe Mutations::Pipelines::RunDastScan do
end end
end end
context 'when the user does not have permission to run a dast scan' do context 'when the user is not associated with the project' do
it 'raises an exception' do it 'raises an exception' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end end
end end
context 'when the user can run a dast scan' do context 'when the user is an owner' do
before do it 'has no errors' do
project.add_developer(user) group.add_owner(user)
expect(subject[:errors]).to be_empty
end
end
context 'when the user is a maintainer' do
it 'has no errors' do
project.add_maintainer(user)
expect(subject[:errors]).to be_empty
end end
end
context 'when the user is a developer' do
it 'has no errors' do it 'has no errors' do
project.add_developer(user)
expect(subject[:errors]).to be_empty expect(subject[:errors]).to be_empty
end end
end
context 'when the user can run a dast scan' do
it 'returns a pipeline_url containing the correct path' do it 'returns a pipeline_url containing the correct path' do
project.add_developer(user)
actual_url = subject[:pipeline_url] actual_url = subject[:pipeline_url]
pipeline = Ci::Pipeline.last pipeline = Ci::Pipeline.last
expected_url = Rails.application.routes.url_helpers.project_pipeline_url( expected_url = Rails.application.routes.url_helpers.project_pipeline_url(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment