Commit 99f76f7c authored by Phil Hughes's avatar Phil Hughes

Merge branch '199222-standalone-vulnerability-urls_2' into 'master'

Moves the standalone vulnerabilities url to `/vulnerabilities/[id]`"

See merge request gitlab-org/gitlab!24777
parents 3aab6078 f45f6ede
...@@ -15,14 +15,6 @@ module Projects ...@@ -15,14 +15,6 @@ module Projects
@pipeline = @project.latest_pipeline_with_security_reports @pipeline = @project.latest_pipeline_with_security_reports
&.present(current_user: current_user) &.present(current_user: current_user)
end end
def show
return render_404 unless Feature.enabled?(:first_class_vulnerabilities, project)
@vulnerability = project.vulnerabilities.find(params[:id])
pipeline = @vulnerability.finding.pipelines.first
@pipeline = pipeline if Ability.allowed?(current_user, :read_pipeline, pipeline)
end
end end
end end
end end
...@@ -12,6 +12,14 @@ module Projects ...@@ -12,6 +12,14 @@ module Projects
@vulnerabilities = project.vulnerabilities.page(params[:page]) @vulnerabilities = project.vulnerabilities.page(params[:page])
end end
def show
return render_404 unless Feature.enabled?(:first_class_vulnerabilities, project)
@vulnerability = project.vulnerabilities.find(params[:id])
pipeline = @vulnerability.finding.pipelines.first
@pipeline = pipeline if Ability.allowed?(current_user, :read_pipeline, pipeline)
end
end end
end end
end end
...@@ -40,7 +40,7 @@ module EE ...@@ -40,7 +40,7 @@ module EE
end end
def vulnerability_path(entity, *args) def vulnerability_path(entity, *args)
project_security_dashboard_path(entity.project, entity, *args) project_security_vulnerability_path(entity.project, entity, *args)
end end
def self.url_helper(route_name) def self.url_helper(route_name)
......
- @content_class = "limit-container-width" unless fluid_layout - @content_class = "limit-container-width" unless fluid_layout
- add_to_breadcrumbs _("Security Dashboard"), project_security_dashboard_index_path(@project) - add_to_breadcrumbs _("Vulnerability List"), project_security_vulnerabilities_path(@project)
- breadcrumb_title @vulnerability.id - breadcrumb_title @vulnerability.id
- page_title @vulnerability.title - page_title @vulnerability.title
- page_description @vulnerability.description - page_description @vulnerability.description
......
---
title: Changes the standalone vulnerabilty endpoint
merge_request: 24777
author:
type: changed
...@@ -78,7 +78,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -78,7 +78,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
get :summary, on: :collection get :summary, on: :collection
end end
resources :dashboard, only: [:show, :index], controller: :dashboard resources :dashboard, only: [:index], controller: :dashboard
resource :configuration, only: [:show], controller: :configuration resource :configuration, only: [:show], controller: :configuration
resource :discover, only: [:show], controller: :discover resource :discover, only: [:show], controller: :discover
...@@ -88,7 +88,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -88,7 +88,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
end end
end end
resources :vulnerabilities, only: [:index] resources :vulnerabilities, only: [:show, :index]
end end
namespace :analytics do namespace :analytics do
......
...@@ -68,56 +68,4 @@ describe Projects::Security::DashboardController do ...@@ -68,56 +68,4 @@ describe Projects::Security::DashboardController do
end end
end end
end end
describe 'GET #show' do
let_it_be(:pipeline) { create(:ci_pipeline, sha: project.commit.id, project: project, user: user) }
let_it_be(:vulnerability) { create(:vulnerability, project: project) }
render_views
def show_vulnerability
sign_in(user)
get :show, params: { namespace_id: project.namespace, project_id: project, id: vulnerability.id }
end
context "when there's an attached pipeline" do
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline]) }
it 'renders the vulnerability page' do
show_vulnerability
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:show)
expect(response.body).to have_text(vulnerability.title)
end
it 'renders the time pipeline ran' do
show_vulnerability
expect(response.body).to have_css("#js-pipeline-created")
end
end
context "when there's no attached pipeline" do
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
it 'renders the time the vulnerability was created' do
show_vulnerability
expect(response.body).to have_css("#js-vulnerability-created")
end
end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(first_class_vulnerabilities: false)
end
it 'renders the 404 page' do
show_vulnerability
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end end
...@@ -77,4 +77,56 @@ describe Projects::Security::VulnerabilitiesController do ...@@ -77,4 +77,56 @@ describe Projects::Security::VulnerabilitiesController do
end end
end end
end end
describe 'GET #show' do
let_it_be(:pipeline) { create(:ci_pipeline, sha: project.commit.id, project: project, user: user) }
let_it_be(:vulnerability) { create(:vulnerability, project: project) }
render_views
def show_vulnerability
sign_in(user)
get :show, params: { namespace_id: project.namespace, project_id: project, id: vulnerability.id }
end
context "when there's an attached pipeline" do
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline]) }
it 'renders the vulnerability page' do
show_vulnerability
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:show)
expect(response.body).to have_text(vulnerability.title)
end
it 'renders the time pipeline ran' do
show_vulnerability
expect(response.body).to have_css("#js-pipeline-created")
end
end
context "when there's no attached pipeline" do
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
it 'renders the time the vulnerability was created' do
show_vulnerability
expect(response.body).to have_css("#js-vulnerability-created")
end
end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(first_class_vulnerabilities: false)
end
it 'renders the 404 page' do
show_vulnerability
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment