Include subgroups for group security dashboard

We need to include subgroups when determining which projects to show on the group security dashboard

Include subgroups for group security dashboard
We need to include subgroups when determining which projects to show on the group security dashboard
86fa6dcd · rossfuhrman · Heinrich Lee Yu · a6f2c19c · 86fa6dcd · 86fa6dcd
Commit 86fa6dcd authored Mar 31, 2020 by rossfuhrman Committed by Heinrich Lee Yu Mar 31, 2020
3 changed files
--- a/ee/app/controllers/concerns/project_vulnerability_findings_actions.rb
+++ b/ee/app/controllers/concerns/project_vulnerability_findings_actions.rb
@@ -49,7 +49,7 @@ module ProjectVulnerabilityFindingsActions
        # https://gitlab.com/gitlab-org/gitlab/-/issues/13561
        # For Groups, supply all the project ids to force usage of the SQL index
        # as when we have no project ids supplied, we want all projects.
-        vulnerability_params.merge!(project_id: vulnerable.projects.pluck_primary_key)
+        vulnerability_params.merge!(project_id: Project.for_group_and_its_subgroups(vulnerable).pluck_primary_key)
      end
    end
  end

--- a/ee/changelogs/unreleased/rf-group-dashboard-subprojects.yml
+++ b/ee/changelogs/unreleased/rf-group-dashboard-subprojects.yml
+---
+title: Include subgroups when populating group security dashboard
+merge_request: 28154
+author:
+type: fixed
--- a/ee/spec/controllers/groups/security/vulnerability_findings_controller_spec.rb
+++ b/ee/spec/controllers/groups/security/vulnerability_findings_controller_spec.rb
@@ -4,6 +4,7 @@ require 'spec_helper'

 describe Groups::Security::VulnerabilityFindingsController do
  let(:group) { create(:group) }
+  let(:sub_group) { create(:group, parent: group) }
  let(:params) { { group_id: group } }
  let(:user) { create(:user) }

@@ -33,6 +34,11 @@ describe Groups::Security::VulnerabilityFindingsController do
        create(:vulnerabilities_occurrence, pipelines: [pipeline], project: project, severity: :high)
      end

+      # create a sub group project to ensure we include it
+      sub_group_project = create(:project, namespace: sub_group)
+      pipeline = create(:ci_pipeline, :success, project: sub_group_project)
+      create(:vulnerabilities_occurrence, pipelines: [pipeline], project: sub_group_project, severity: :high)
+
      # create an ungrouped project to ensure we don't include it
      project = create(:project)
      pipeline = create(:ci_pipeline, :success, project: project)
@@ -40,7 +46,7 @@ describe Groups::Security::VulnerabilityFindingsController do

      get :index, params: { group_id: group }, format: :json

-      expect(json_response.count).to be(2)
+      expect(json_response.count).to be(3)
    end
  end