Commit 96e04dad authored by Jeremy Jackson's avatar Jeremy Jackson Committed by Mayra Cabrera

Exclude users who wouldn’t be able to take action from the...

Exclude users who wouldn’t be able to take action from the `security_reports_mr_widget_prompt` experiment
parent dc1749af
...@@ -9,7 +9,10 @@ module EE ...@@ -9,7 +9,10 @@ module EE
include DescriptionDiffActions include DescriptionDiffActions
before_action only: [:show] do before_action only: [:show] do
if @project.licensed_feature_available?(:sast) && can?(current_user, :developer_access, @project)
experiment(:security_reports_mr_widget_prompt, namespace: @project.namespace).publish experiment(:security_reports_mr_widget_prompt, namespace: @project.namespace).publish
end
push_frontend_feature_flag(:anonymous_visual_review_feedback) push_frontend_feature_flag(:anonymous_visual_review_feedback)
push_frontend_feature_flag(:missing_mr_security_scan_types, @project) push_frontend_feature_flag(:missing_mr_security_scan_types, @project)
push_frontend_feature_flag(:refactor_mr_widgets_extensions, @project, default_enabled: :yaml) push_frontend_feature_flag(:refactor_mr_widgets_extensions, @project, default_enabled: :yaml)
......
...@@ -11,6 +11,54 @@ RSpec.describe Projects::MergeRequestsController do ...@@ -11,6 +11,54 @@ RSpec.describe Projects::MergeRequestsController do
login_as(user) login_as(user)
end end
describe 'GET #show' do
before do
# To avoid adjusting this controller, we just want to allow these tests to pass. This action wasn't tested before
# these were added for the experiment, and already exceeded the threshold.
# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/343375
# More: https://docs.gitlab.com/ee/development/query_count_limits.html#disable-query-limiting
stub_const('Gitlab::QueryLimiting::Transaction::THRESHOLD', 103)
stub_licensed_features(sast: true)
end
def get_show
get project_merge_request_path(project, merge_request)
end
context 'when the user has developer access' do
it 'publishes the security_reports_mr_widget_prompt experiment' do
expect_next_instance_of(SecurityReportsMrWidgetPromptExperiment) do |instance|
expect(instance).to receive(:publish)
end
get_show
end
end
context 'when the user does not have developer access' do
let(:user) { create(:user) }
it 'does not publish the security_reports_mr_widget_prompt experiment' do
expect(SecurityReportsMrWidgetPromptExperiment).not_to receive(:new)
get_show
end
end
context 'when the project is not licensed for sast' do
before do
expect(License).to receive(:feature_available?).with(:sast).and_return(false)
end
it 'does not publish the security_reports_mr_widget_prompt experiment' do
expect(SecurityReportsMrWidgetPromptExperiment).not_to receive(:new)
get_show
end
end
end
describe 'GET #edit' do describe 'GET #edit' do
def get_edit def get_edit
get edit_project_merge_request_path(project, merge_request) get edit_project_merge_request_path(project, merge_request)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment