Merge branch 'dpisek-on-demand-scan-routes-test' into 'master'

Add on_demand_scan routes See merge request gitlab-org/gitlab!36020

Merge branch 'dpisek-on-demand-scan-routes-test' into 'master'
Add on_demand_scan routes See merge request gitlab-org/gitlab!36020
94d35ba2 · James Fargher · fbac9974 · eb815926 · 94d35ba2 · 94d35ba2
Commit 94d35ba2 authored Jul 13, 2020 by James Fargher
13 changed files
--- a/ee/app/controllers/projects/dast_profiles_controller.rb
+++ b/ee/app/controllers/projects/dast_profiles_controller.rb
+# frozen_string_literal: true
+
+module Projects
+  class DastProfilesController < Projects::ApplicationController
+    before_action :authorize_read_on_demand_scans!
+
+    def index
+    end
+
+    private
+
+    def authorize_read_on_demand_scans!
+      access_denied! unless can?(current_user, :read_on_demand_scans, project)
+    end
+  end
+end
--- a/ee/app/controllers/projects/dast_site_profiles_controller.rb
+++ b/ee/app/controllers/projects/dast_site_profiles_controller.rb
+# frozen_string_literal: true
+
+module Projects
+  class DastSiteProfilesController < Projects::ApplicationController
+    before_action :authorize_read_on_demand_scans!
+
+    def new
+    end
+
+    private
+
+    def authorize_read_on_demand_scans!
+      access_denied! unless can?(current_user, :read_on_demand_scans, project)
+    end
+  end
+end
--- a/ee/app/helpers/ee/projects_helper.rb
+++ b/ee/app/helpers/ee/projects_helper.rb
@@ -149,6 +149,8 @@ module EE
        projects/security/vulnerabilities#show
        projects/security/dashboard#index
        projects/on_demand_scans#index
+        projects/dast_profiles#index
+        projects/dast_site_profiles#new
        projects/dependencies#index
        projects/licenses#index
        projects/threat_monitoring#show

--- a/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
+++ b/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
@@ -22,7 +22,7 @@
            %span= _('Security Dashboard')

      - if project_nav_tab?(:on_demand_scans)
-        = nav_link(path: 'projects/on_demand_scans#index') do
+        = nav_link(path: ['projects/on_demand_scans#index', 'projects/dast_profiles#index', 'projects/dast_site_profiles#new']) do
          = link_to project_on_demand_scans_path(@project), title: s_('OnDemandScans|On-demand Scans'), data: { qa_selector: 'on_demand_scans_link' } do
            %span= s_('OnDemandScans|On-demand Scans')


--- a/ee/app/views/projects/dast_profiles/index.html.haml
+++ b/ee/app/views/projects/dast_profiles/index.html.haml
+- add_to_breadcrumbs s_('OnDemandScans|On-demand Scans'), project_on_demand_scans_path(@project)
+- breadcrumb_title s_('DastProfiles|Manage profiles')
+- page_title s_('DastProfiles|Manage profiles')
+
+%h1= s_('DastProfiles|Manage profiles')
+
--- a/ee/app/views/projects/dast_site_profiles/new.html.haml
+++ b/ee/app/views/projects/dast_site_profiles/new.html.haml
+- add_to_breadcrumbs s_('OnDemandScans|On-demand Scans'), project_on_demand_scans_path(@project)
+- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_profiles_path(@project)
+- breadcrumb_title s_('DastProfiles|New site profile')
+- page_title s_('DastProfiles|New site profile')
+
+%h1= s_('DastProfiles|New Site Profile')
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -100,7 +100,14 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
        resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
        resources :dependencies, only: [:index]
        resources :licenses, only: [:index, :create, :update]
-        resources :on_demand_scans, only: [:index], controller: :on_demand_scans
+
+        scope :on_demand_scans do
+          root 'on_demand_scans#index', as: 'on_demand_scans'
+          scope :profiles do
+            root 'dast_profiles#index', as: 'profiles'
+            resources :dast_site_profiles, only: [:new]
+          end
+        end

        namespace :integrations do
          namespace :jira do

--- a/ee/spec/helpers/projects_helper_spec.rb
+++ b/ee/spec/helpers/projects_helper_spec.rb
@@ -146,6 +146,8 @@ RSpec.describe ProjectsHelper do
        projects/security/vulnerabilities#show
        projects/security/dashboard#index
        projects/on_demand_scans#index
+        projects/dast_profiles#index
+        projects/dast_site_profiles#new
        projects/dependencies#index
        projects/licenses#index
        projects/threat_monitoring#show

--- a/ee/spec/requests/projects/dast_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/dast_profiles_controller_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::DastProfilesController, type: :request do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+
+  describe 'GET #index' do
+    context 'feature available' do
+      before do
+        stub_feature_flags(security_on_demand_scans_feature_flag: true)
+        stub_licensed_features(security_on_demand_scans: true)
+      end
+
+      context 'user authorized' do
+        before do
+          project.add_developer(user)
+
+          login_as(user)
+        end
+
+        it 'can access page' do
+          get project_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+
+          login_as(user)
+        end
+
+        it 'sees a 404 error' do
+          get project_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+
+    context 'feature not available' do
+      before do
+        project.add_developer(user)
+
+        login_as(user)
+      end
+
+      context 'feature flag is disabled' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: false)
+          stub_licensed_features(security_on_demand_scans: true)
+          get project_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
+      context 'license doesnt\'t support the feature' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: true)
+          stub_licensed_features(security_on_demand_scans: false)
+          get project_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+end
--- a/ee/spec/requests/projects/dast_site_profiles_controller_spec.rb
+++ b/ee/spec/requests/projects/dast_site_profiles_controller_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::DastSiteProfilesController, type: :request do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+
+  describe 'GET #new' do
+    context 'feature available' do
+      before do
+        stub_feature_flags(security_on_demand_scans_feature_flag: true)
+        stub_licensed_features(security_on_demand_scans: true)
+      end
+
+      context 'user authorized' do
+        before do
+          project.add_developer(user)
+
+          login_as(user)
+        end
+
+        it 'can access page' do
+          get project_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'user not authorized' do
+        before do
+          project.add_guest(user)
+
+          login_as(user)
+        end
+
+        it 'sees a 404 error' do
+          get project_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+
+    context 'feature not available' do
+      before do
+        project.add_developer(user)
+
+        login_as(user)
+      end
+
+      context 'feature flag is disabled' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: false)
+          stub_licensed_features(security_on_demand_scans: true)
+          get project_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
+      context 'license doesnt\'t support the feature' do
+        it 'sees a 404 error' do
+          stub_feature_flags(security_on_demand_scans_feature_flag: true)
+          stub_licensed_features(security_on_demand_scans: false)
+          get project_profiles_path(project)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+end
--- a/ee/spec/views/projects/dast_profiles/index.html.haml_spec.rb
+++ b/ee/spec/views/projects/dast_profiles/index.html.haml_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe "projects/dast_profiles/index", type: :view do
+  before do
+    @project = create(:project)
+    render
+  end
+
+  it 'renders a placeholder title' do
+    expect(rendered).to have_content('Manage profiles')
+  end
+end
--- a/ee/spec/views/projects/dast_site_profiles/new.html.haml_spec.rb
+++ b/ee/spec/views/projects/dast_site_profiles/new.html.haml_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe "projects/dast_site_profiles/new", type: :view do
+  before do
+    @project = create(:project)
+    render
+  end
+
+  it 'renders a placeholder title' do
+    expect(rendered).to have_content('New Site Profile')
+  end
+end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -7318,6 +7318,15 @@ msgstr ""
 msgid "Dashboard|Unable to add %{invalidProjects}. This dashboard is available for public projects, and private projects in groups with a Silver plan."
 msgstr ""

+msgid "DastProfiles|Manage profiles"
+msgstr ""
+
+msgid "DastProfiles|New Site Profile"
+msgstr ""
+
+msgid "DastProfiles|New site profile"
+msgstr ""
+
 msgid "Data is still calculating..."
 msgstr ""