Display dimissal author and associated pipeline. refs #5953

610e8da0 · Olivier Gonzalez · dd83d193 · 610e8da0 · 610e8da0 · 610e8da0
Commit 610e8da0 authored May 22, 2018 by Olivier Gonzalez
6 changed files
--- a/ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue
@@ -20,6 +20,11 @@ export default {
        ? s__('ciReport|Revert dismissal')
        : s__('ciReport|Dismiss vulnerability');
    },
+    hasDismissedBy() {
+      return this.modal.vulnerability.dismissalFeedback &&
+        this.modal.vulnerability.dismissalFeedback.pipeline &&
+        this.modal.vulnerability.dismissalFeedback.author;
+    },
  },
  methods: {
    ...mapActions(['dismissIssue', 'revertDismissIssue', 'createNewIssue']),
@@ -112,6 +117,20 @@ export default {

      <div class="row prepend-top-20 append-bottom-10">
        <div class="col-sm-10 col-sm-offset-2 text-secondary">
+          <template v-if="hasDismissedBy">
+            {{ s__('ciReport|Dismissed by') }}
+            <a
+              :href="modal.vulnerability.dismissalFeedback.author.web_url"
+              class="pipeline-id"
+            >
+              @{{ modal.vulnerability.dismissalFeedback.author.username }}
+            </a>
+            {{ s__('ciReport|on pipeline') }}
+            <a
+              :href="modal.vulnerability.dismissalFeedback.pipeline.path"
+              class="pipeline-id"
+            >#{{ modal.vulnerability.dismissalFeedback.pipeline.id }}</a>.
+          </template>
          <a
            class="js-link-vulnerabilityFeedbackHelpPath"
            :href="vulnerabilityFeedbackHelpPath"

--- a/ee/app/models/vulnerability_feedback.rb
+++ b/ee/app/models/vulnerability_feedback.rb
@@ -17,5 +17,5 @@ class VulnerabilityFeedback < ActiveRecord::Base
  validates :category, presence: true
  validates :project_fingerprint, presence: true, uniqueness: { scope: [:project_id, :category, :feedback_type] }

-  scope :with_associations, -> { includes(:pipeline, :issue) }
+  scope :with_associations, -> { includes(:pipeline, :issue, :author) }
 end
--- a/ee/app/serializers/vulnerability_feedback_entity.rb
+++ b/ee/app/serializers/vulnerability_feedback_entity.rb
@@ -4,9 +4,17 @@ class VulnerabilityFeedbackEntity < Grape::Entity

  expose :id
  expose :project_id
-  expose :author_id
+  expose :author, using: UserEntity
  expose :issue_id
-  expose :pipeline_id
+  expose :pipeline, if: -> (feedback, _) { feedback.pipeline.present? } do
+    expose :id do |feedback|
+      feedback.pipeline.id
+    end
+
+    expose :path do |feedback|
+      project_pipeline_path(feedback.pipeline.project, feedback.pipeline)
+    end
+  end

  expose :issue_url, if: -> (feedback, _) { feedback.issue? } do |feedback|
    project_issue_url(feedback.project, feedback.issue)

--- a/ee/spec/fixtures/api/schemas/vulnerability_feedback.json
+++ b/ee/spec/fixtures/api/schemas/vulnerability_feedback.json
@@ -3,7 +3,7 @@
  "required" : [
    "id",
    "project_id",
-    "author_id",
+    "author",
    "feedback_type",
    "category",
    "project_fingerprint"
@@ -11,8 +11,11 @@
  "properties" : {
    "id": { "type": "integer" },
    "project_id": { "type": "integer" },
-    "author_id": { "type": "integer" },
-    "pipeline_id": { "type": ["integer", "null"] },
+    "author": { "$ref": "../../../../../spec/fixtures/api/schemas/entities/user.json" },
+    "pipeline": {
+      "id": { "type": ["integer", "null"] },
+      "path": { "type": ["string", "null"] }
+    },
    "issue_id": { "type": ["integer", "null"] },
    "issue_url": { "type": ["string", "null"] },
    "feedback_type": {

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gitlab 1.0.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-05-29 11:32+0200\n"
-"PO-Revision-Date: 2018-05-29 11:32+0200\n"
+"POT-Creation-Date: 2018-05-30 10:16-0400\n"
+"PO-Revision-Date: 2018-05-30 10:16-0400\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
@@ -5889,6 +5889,9 @@ msgstr ""
 msgid "ciReport|Dismiss vulnerability"
 msgstr ""

+msgid "ciReport|Dismissed by"
+msgstr ""
+
 msgid "ciReport|Dynamic Application Security Testing (DAST) detects known vulnerabilities in your web application."
 msgstr ""

@@ -5982,6 +5985,9 @@ msgstr ""
 msgid "ciReport|no vulnerabilities"
 msgstr ""

+msgid "ciReport|on pipeline"
+msgstr ""
+
 msgid "command line instructions"
 msgstr ""


--- a/spec/javascripts/vue_shared/security_reports/components/modal_spec.js
+++ b/spec/javascripts/vue_shared/security_reports/components/modal_spec.js
@@ -31,14 +31,19 @@ describe('Security Reports modal', () => {
        path: 'Gemfile.lock',
        urlPath: 'path/Gemfile.lock',
        isDismissed: true,
-        vulnerability_feedback: {
-          vulnerability_data: {
-            tool: 'bundler_audit',
-            message: 'Arbitrary file existence disclosure in Action Pack',
-            url: 'https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk',
-            cve: 'CVE-2016-9999',
-            file: 'Gemfile.lock',
-            solution: 'upgrade to ~> 3.2.21, ~> 4.0.11.1, ~> 4.0.12, ~> 4.1.7.1, >= 4.1.8',
+        dismissalFeedback: {
+          id: 1,
+          category: 'sast',
+          feedback_type: 'dismissal',
+          issue_id: null,
+          author: {
+            name: 'John Smith',
+            username: 'jsmith',
+            web_url: 'https;//gitlab.com/user1',
+          },
+          pipeline: {
+            id: 123,
+            path: '/jsmith/awesome-project/pipelines/123',
          },
        },
      });
@@ -48,6 +53,11 @@ describe('Security Reports modal', () => {
      });
    });

+    it('renders dismissal author and associated pipeline', () => {
+      expect(vm.$el.textContent.trim()).toContain('@jsmith');
+      expect(vm.$el.textContent.trim()).toContain('#123');
+    });
+
    it('renders button to revert dismissal', () => {
      expect(vm.$el.querySelector('.js-dismiss-btn').textContent.trim()).toEqual(
        'Revert dismissal',