Commit 94d35ba2 authored by James Fargher's avatar James Fargher

Merge branch 'dpisek-on-demand-scan-routes-test' into 'master'

Add on_demand_scan routes

See merge request gitlab-org/gitlab!36020
parents fbac9974 eb815926
# frozen_string_literal: true
module Projects
class DastProfilesController < Projects::ApplicationController
before_action :authorize_read_on_demand_scans!
def index
end
private
def authorize_read_on_demand_scans!
access_denied! unless can?(current_user, :read_on_demand_scans, project)
end
end
end
# frozen_string_literal: true
module Projects
class DastSiteProfilesController < Projects::ApplicationController
before_action :authorize_read_on_demand_scans!
def new
end
private
def authorize_read_on_demand_scans!
access_denied! unless can?(current_user, :read_on_demand_scans, project)
end
end
end
...@@ -149,6 +149,8 @@ module EE ...@@ -149,6 +149,8 @@ module EE
projects/security/vulnerabilities#show projects/security/vulnerabilities#show
projects/security/dashboard#index projects/security/dashboard#index
projects/on_demand_scans#index projects/on_demand_scans#index
projects/dast_profiles#index
projects/dast_site_profiles#new
projects/dependencies#index projects/dependencies#index
projects/licenses#index projects/licenses#index
projects/threat_monitoring#show projects/threat_monitoring#show
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
%span= _('Security Dashboard') %span= _('Security Dashboard')
- if project_nav_tab?(:on_demand_scans) - if project_nav_tab?(:on_demand_scans)
= nav_link(path: 'projects/on_demand_scans#index') do = nav_link(path: ['projects/on_demand_scans#index', 'projects/dast_profiles#index', 'projects/dast_site_profiles#new']) do
= link_to project_on_demand_scans_path(@project), title: s_('OnDemandScans|On-demand Scans'), data: { qa_selector: 'on_demand_scans_link' } do = link_to project_on_demand_scans_path(@project), title: s_('OnDemandScans|On-demand Scans'), data: { qa_selector: 'on_demand_scans_link' } do
%span= s_('OnDemandScans|On-demand Scans') %span= s_('OnDemandScans|On-demand Scans')
......
- add_to_breadcrumbs s_('OnDemandScans|On-demand Scans'), project_on_demand_scans_path(@project)
- breadcrumb_title s_('DastProfiles|Manage profiles')
- page_title s_('DastProfiles|Manage profiles')
%h1= s_('DastProfiles|Manage profiles')
- add_to_breadcrumbs s_('OnDemandScans|On-demand Scans'), project_on_demand_scans_path(@project)
- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), project_profiles_path(@project)
- breadcrumb_title s_('DastProfiles|New site profile')
- page_title s_('DastProfiles|New site profile')
%h1= s_('DastProfiles|New Site Profile')
...@@ -100,7 +100,14 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -100,7 +100,14 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ } resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
resources :dependencies, only: [:index] resources :dependencies, only: [:index]
resources :licenses, only: [:index, :create, :update] resources :licenses, only: [:index, :create, :update]
resources :on_demand_scans, only: [:index], controller: :on_demand_scans
scope :on_demand_scans do
root 'on_demand_scans#index', as: 'on_demand_scans'
scope :profiles do
root 'dast_profiles#index', as: 'profiles'
resources :dast_site_profiles, only: [:new]
end
end
namespace :integrations do namespace :integrations do
namespace :jira do namespace :jira do
......
...@@ -146,6 +146,8 @@ RSpec.describe ProjectsHelper do ...@@ -146,6 +146,8 @@ RSpec.describe ProjectsHelper do
projects/security/vulnerabilities#show projects/security/vulnerabilities#show
projects/security/dashboard#index projects/security/dashboard#index
projects/on_demand_scans#index projects/on_demand_scans#index
projects/dast_profiles#index
projects/dast_site_profiles#new
projects/dependencies#index projects/dependencies#index
projects/licenses#index projects/licenses#index
projects/threat_monitoring#show projects/threat_monitoring#show
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::DastProfilesController, type: :request do
let(:project) { create(:project) }
let(:user) { create(:user) }
describe 'GET #index' do
context 'feature available' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: true)
end
context 'user authorized' do
before do
project.add_developer(user)
login_as(user)
end
it 'can access page' do
get project_profiles_path(project)
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'user not authorized' do
before do
project.add_guest(user)
login_as(user)
end
it 'sees a 404 error' do
get project_profiles_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'feature not available' do
before do
project.add_developer(user)
login_as(user)
end
context 'feature flag is disabled' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
stub_licensed_features(security_on_demand_scans: true)
get project_profiles_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'license doesnt\'t support the feature' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: false)
get project_profiles_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::DastSiteProfilesController, type: :request do
let(:project) { create(:project) }
let(:user) { create(:user) }
describe 'GET #new' do
context 'feature available' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: true)
end
context 'user authorized' do
before do
project.add_developer(user)
login_as(user)
end
it 'can access page' do
get project_profiles_path(project)
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'user not authorized' do
before do
project.add_guest(user)
login_as(user)
end
it 'sees a 404 error' do
get project_profiles_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'feature not available' do
before do
project.add_developer(user)
login_as(user)
end
context 'feature flag is disabled' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
stub_licensed_features(security_on_demand_scans: true)
get project_profiles_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'license doesnt\'t support the feature' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: false)
get project_profiles_path(project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe "projects/dast_profiles/index", type: :view do
before do
@project = create(:project)
render
end
it 'renders a placeholder title' do
expect(rendered).to have_content('Manage profiles')
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe "projects/dast_site_profiles/new", type: :view do
before do
@project = create(:project)
render
end
it 'renders a placeholder title' do
expect(rendered).to have_content('New Site Profile')
end
end
...@@ -7318,6 +7318,15 @@ msgstr "" ...@@ -7318,6 +7318,15 @@ msgstr ""
msgid "Dashboard|Unable to add %{invalidProjects}. This dashboard is available for public projects, and private projects in groups with a Silver plan." msgid "Dashboard|Unable to add %{invalidProjects}. This dashboard is available for public projects, and private projects in groups with a Silver plan."
msgstr "" msgstr ""
msgid "DastProfiles|Manage profiles"
msgstr ""
msgid "DastProfiles|New Site Profile"
msgstr ""
msgid "DastProfiles|New site profile"
msgstr ""
msgid "Data is still calculating..." msgid "Data is still calculating..."
msgstr "" msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment