Skip to content

G
gitlab-ce
Commit 9cfdefdc authored by Fernando's avatar Fernando
Browse files
Options

Fix broken license policy page 

* Due to
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/22465

landing after changes in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24831

there was a mismatch in variable names being passed from
the controller.

* MR fixe the variable names and updates unit tests

Fix robot cop offenses

Add changelog
parent bb3ca457
Hide whitespace changes
Inline Side-by-side
Showing with 225 additions and 188 deletions
changelogs/unreleased/fix-broken-license-policy-page.yml 0 → 100644
View file @ 9cfdefdc
---
title: Fix broken license policy page
merge_request: 25300
author:
type: fixed
ee/app/controllers/projects/licenses_controller.rb
View file @ 9cfdefdc
......@@ -28,8 +28,8 @@ module Projects
def create
result = ::Projects::Licenses::CreatePolicyService
.new(project, current_user, software_license_policy_params)
.execute
.new(project, current_user, software_license_policy_params)
.execute
if result[:status] == :success
render json: LicenseEntity.represent(result[:software_license_policy]), status: :created
......@@ -40,8 +40,8 @@ module Projects
def update
result = ::Projects::Licenses::UpdatePolicyService
.new(project, current_user, software_license_policy_params)
.execute(params[:id])
.new(project, current_user, software_license_policy_params)
.execute(params[:id])
if result[:status] == :success
render json: LicenseEntity.represent(result[:software_license_policy]), status: :ok
......@@ -54,7 +54,7 @@ module Projects
def serializer
::LicensesListSerializer.new(project: project, user: current_user)
.with_pagination(request, response)
.with_pagination(request, response)
end
def pageable(items)
......@@ -85,11 +85,21 @@ module Projects
value.in?(%w[true 1])
end
def write_license_policies_endpoint
if can?(current_user, :admin_software_license_policy, @project)
api_v4_projects_managed_licenses_path(id: @project.id)
else
''
end
end
def licenses_app_data
{
endpoint: project_licenses_path(project, detected: true, format: :json),
documentation_path: help_page_path('user/application_security/license_compliance/index'),
empty_state_svg_path: helpers.image_path('illustrations/Dependency-list-empty-state.svg')
project_licenses_endpoint: project_licenses_path(@project, detected: true, format: :json),
read_license_policies_endpoint: api_v4_projects_managed_licenses_path(id: @project.id),
write_license_policies_endpoint: write_license_policies_endpoint,
documentation_path: help_page_path('user/application_security/license_compliance/index'),
empty_state_svg_path: helpers.image_path('illustrations/Dependency-list-empty-state.svg')
}
end
end
......
ee/app/views/projects/licenses/index.html.haml
View file @ 9cfdefdc
- breadcrumb_title _('License Compliance')
- page_title _('License Compliance')
#js-licenses-app{ data: licenses_app_data }
#js-licenses-app{ data: @licenses_app_data }
ee/spec/controllers/projects/licenses_controller_spec.rb
View file @ 9cfdefdc
......@@ -14,233 +14,255 @@ describe Projects::LicensesController do
end
context 'with authorized user' do
before do
project.add_reporter(user)
end
context 'when feature is available' do
before do
stub_licensed_features(license_management: true)
end
it 'responds to an HTML request' do
get :index, params: params
expect(response).to have_gitlab_http_status(:ok)
licenses_app_data = assigns(:licenses_app_data)
expect(licenses_app_data[:endpoint]).to eql(controller.helpers.project_licenses_path(project, detected: true, format: :json))
expect(licenses_app_data[:documentation_path]).to eql(help_page_path('user/application_security/license_compliance/index'))
expect(licenses_app_data[:empty_state_svg_path]).to eql(controller.helpers.image_path('illustrations/Dependency-list-empty-state.svg'))
end
it 'counts usage of the feature' do
expect(::Gitlab::UsageDataCounters::LicensesList).to receive(:count).with(:views)
get_licenses
end
context 'with existing report' do
let!(:pipeline) { create(:ee_ci_pipeline, :with_license_management_report, project: project) }
context 'with reporter' do
before do
get_licenses
project.add_reporter(user)
end
it 'returns success code' do
expect(response).to have_gitlab_http_status(:ok)
end
it 'returns a hash with licenses' do
expect(json_response).to be_a(Hash)
expect(json_response['licenses'].length).to eq(4)
expect(json_response['licenses'][0]).to include({
'id' => nil,
'spdx_identifier' => 'Apache-2.0',
'classification' => 'unclassified',
'name' => 'Apache 2.0',
'url' => 'http://www.apache.org/licenses/LICENSE-2.0.txt',
'components' => [{
"blob_path" => nil,
"name" => "thread_safe"
}]
})
end
it 'responds to an HTML request' do
get :index, params: params
it 'returns status ok' do
expect(json_response['report']['status']).to eq('ok')
expect(response).to have_gitlab_http_status(:ok)
licenses_app_data = assigns(:licenses_app_data)
expect(licenses_app_data[:project_licenses_endpoint]).to eql(controller.helpers.project_licenses_path(project, detected: true, format: :json))
expect(licenses_app_data[:read_license_policies_endpoint]).to eql(controller.helpers.api_v4_projects_managed_licenses_path(id: project.id))
expect(licenses_app_data[:write_license_policies_endpoint]).to eql('')
expect(licenses_app_data[:documentation_path]).to eql(help_page_path('user/application_security/license_compliance/index'))
expect(licenses_app_data[:empty_state_svg_path]).to eql(controller.helpers.image_path('illustrations/Dependency-list-empty-state.svg'))
end
context 'with pagination params' do
let(:params) { { namespace_id: project.namespace, project_id: project, per_page: 3, page: 2 } }
it 'counts usage of the feature' do
expect(::Gitlab::UsageDataCounters::LicensesList).to receive(:count).with(:views)
it 'return only 1 license' do
expect(json_response['licenses'].length).to eq(1)
end
get_licenses
end
end
context "when software policies are applied to some of the most recently detected licenses" do
let_it_be(:mit) { create(:software_license, :mit) }
let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
let_it_be(:other_license) { create(:software_license, spdx_identifier: "Other-Id") }
let_it_be(:other_license_policy) { create(:software_license_policy, :allowed, software_license: other_license, project: project) }
let_it_be(:pipeline) { create(:ee_ci_pipeline, project: project, builds: [create(:ee_ci_build, :license_scan_v2, :success)]) }
context 'with existing report' do
let!(:pipeline) { create(:ee_ci_pipeline, :with_license_management_report, project: project) }
context "when loading all policies" do
before do
get :index, params: {
namespace_id: project.namespace,
project_id: project,
detected: false
}, format: :json
get_licenses
end
it { expect(response).to have_gitlab_http_status(:ok) }
it { expect(json_response["licenses"].count).to be(4) }
it 'includes a policy for an unclassified and known license that was detected in the scan report' do
expect(json_response.dig("licenses", 0)).to include({
"id" => nil,
"spdx_identifier" => "BSD-3-Clause",
"name" => "BSD 3-Clause \"New\" or \"Revised\" License",
"url" => "http://spdx.org/licenses/BSD-3-Clause.json",
"classification" => "unclassified"
})
it 'returns success code' do
expect(response).to have_gitlab_http_status(:ok)
end
it 'includes a policy for a denied license found in the scan report' do
expect(json_response.dig("licenses", 1)).to include({
"id" => mit_policy.id,
"spdx_identifier" => "MIT",
"name" => mit.name,
"url" => "http://spdx.org/licenses/MIT.json",
"classification" => "denied"
it 'returns a hash with licenses' do
expect(json_response).to be_a(Hash)
expect(json_response['licenses'].length).to eq(4)
expect(json_response['licenses'][0]).to include({
'id' => nil,
'spdx_identifier' => 'Apache-2.0',
'classification' => 'unclassified',
'name' => 'Apache 2.0',
'url' => 'http://www.apache.org/licenses/LICENSE-2.0.txt',
'components' => [{
"blob_path" => nil,
"name" => "thread_safe"
}]
})
end
it 'includes a policy for an allowed license NOT found in the latest scan report' do
expect(json_response.dig("licenses", 2)).to include({
"id" => other_license_policy.id,
"spdx_identifier" => other_license.spdx_identifier,
"name" => other_license.name,
"url" => nil,
"classification" => "allowed"
})
it 'returns status ok' do
expect(json_response['report']['status']).to eq('ok')
end
it 'includes an entry for an unclassified and unknown license found in the scan report' do
expect(json_response.dig("licenses", 3)).to include({
"id" => nil,
"spdx_identifier" => nil,
"name" => "unknown",
"url" => nil,
"classification" => "unclassified"
})
end
end
context 'with pagination params' do
let(:params) { { namespace_id: project.namespace, project_id: project, per_page: 3, page: 2 } }
context "when loading software policies that match licenses detected in the most recent license scan report" do
before do
get :index, params: {
namespace_id: project.namespace,
project_id: project,
detected: true
}, format: :json
it 'return only 1 license' do
expect(json_response['licenses'].length).to eq(1)
end
end
end
it { expect(response).to have_gitlab_http_status(:ok) }
it 'only includes policies for licenses detected in the most recent scan report' do
expect(json_response["licenses"].count).to be(3)
context "when software policies are applied to some of the most recently detected licenses" do
let_it_be(:mit) { create(:software_license, :mit) }
let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
let_it_be(:other_license) { create(:software_license, spdx_identifier: "Other-Id") }
let_it_be(:other_license_policy) { create(:software_license_policy, :allowed, software_license: other_license, project: project) }
let_it_be(:pipeline) { create(:ee_ci_pipeline, project: project, builds: [create(:ee_ci_build, :license_scan_v2, :success)]) }
context "when loading all policies" do
before do
get :index, params: {
namespace_id: project.namespace,
project_id: project,
detected: false
}, format: :json
end
it { expect(response).to have_gitlab_http_status(:ok) }
it { expect(json_response["licenses"].count).to be(4) }
it 'includes a policy for an unclassified and known license that was detected in the scan report' do
expect(json_response.dig("licenses", 0)).to include({
"id" => nil,
"spdx_identifier" => "BSD-3-Clause",
"name" => "BSD 3-Clause \"New\" or \"Revised\" License",
"url" => "http://spdx.org/licenses/BSD-3-Clause.json",
"classification" => "unclassified"
})
end
it 'includes a policy for a denied license found in the scan report' do
expect(json_response.dig("licenses", 1)).to include({
"id" => mit_policy.id,
"spdx_identifier" => "MIT",
"name" => mit.name,
"url" => "http://spdx.org/licenses/MIT.json",
"classification" => "denied"
})
end
it 'includes a policy for an allowed license NOT found in the latest scan report' do
expect(json_response.dig("licenses", 2)).to include({
"id" => other_license_policy.id,
"spdx_identifier" => other_license.spdx_identifier,
"name" => other_license.name,
"url" => nil,
"classification" => "allowed"
})
end
it 'includes an entry for an unclassified and unknown license found in the scan report' do
expect(json_response.dig("licenses", 3)).to include({
"id" => nil,
"spdx_identifier" => nil,
"name" => "unknown",
"url" => nil,
"classification" => "unclassified"
})
end
end
it 'includes an unclassified policy for a known license detected in the scan report' do
expect(json_response.dig("licenses", 0)).to include({
"id" => nil,
"spdx_identifier" => "BSD-3-Clause",
"classification" => "unclassified"
})
context "when loading software policies that match licenses detected in the most recent license scan report" do
before do
get :index, params: {
namespace_id: project.namespace,
project_id: project,
detected: true
}, format: :json
end
it { expect(response).to have_gitlab_http_status(:ok) }
it 'only includes policies for licenses detected in the most recent scan report' do
expect(json_response["licenses"].count).to be(3)
end
it 'includes an unclassified policy for a known license detected in the scan report' do
expect(json_response.dig("licenses", 0)).to include({
"id" => nil,
"spdx_identifier" => "BSD-3-Clause",
"classification" => "unclassified"
})
end
it 'includes a classified license for a known license detected in the scan report' do
expect(json_response.dig("licenses", 1)).to include({
"id" => mit_policy.id,
"spdx_identifier" => "MIT",
"classification" => "denied"
})
end
it 'includes an unclassified and unknown license discovered in the scan report' do
expect(json_response.dig("licenses", 2)).to include({
"id" => nil,
"spdx_identifier" => nil,
"name" => "unknown",
"url" => nil,
"classification" => "unclassified"
})
end
end
it 'includes a classified license for a known license detected in the scan report' do
expect(json_response.dig("licenses", 1)).to include({
"id" => mit_policy.id,
"spdx_identifier" => "MIT",
"classification" => "denied"
})
context "when loading `allowed` software policies only" do
before do
get :index, params: {
namespace_id: project.namespace,
project_id: project,
classification: ['allowed']
}, format: :json
end
it { expect(response).to have_gitlab_http_status(:ok) }
it { expect(json_response["licenses"].count).to be(1) }
it 'includes only `allowed` policies' do
expect(json_response.dig("licenses", 0)).to include({
"id" => other_license_policy.id,
"spdx_identifier" => "Other-Id",
"classification" => "allowed"
})
end
end
it 'includes an unclassified and unknown license discovered in the scan report' do
expect(json_response.dig("licenses", 2)).to include({
"id" => nil,
"spdx_identifier" => nil,
"name" => "unknown",
"url" => nil,
"classification" => "unclassified"
})
context "when loading `allowed` and `denied` software policies" do
before do
get :index, params: {
namespace_id: project.namespace,
project_id: project,
classification: %w[allowed denied]
}, format: :json
end
it { expect(response).to have_gitlab_http_status(:ok) }
it { expect(json_response["licenses"].count).to be(2) }
it 'includes `denied` policies' do
expect(json_response.dig("licenses", 0)).to include({
"id" => mit_policy.id,
"spdx_identifier" => mit.spdx_identifier,
"classification" => mit_policy.classification
})
end
it 'includes `allowed` policies' do
expect(json_response.dig("licenses", 1)).to include({
"id" => other_license_policy.id,
"spdx_identifier" => other_license_policy.spdx_identifier,
"classification" => other_license_policy.classification
})
end
end
end
context "when loading `allowed` software policies only" do
before do
get :index, params: {
namespace_id: project.namespace,
project_id: project,
classification: ['allowed']
}, format: :json
end
it { expect(response).to have_gitlab_http_status(:ok) }
it { expect(json_response["licenses"].count).to be(1) }
it 'includes only `allowed` policies' do
expect(json_response.dig("licenses", 0)).to include({
"id" => other_license_policy.id,
"spdx_identifier" => "Other-Id",
"classification" => "allowed"
})
end
end
context 'without existing report' do
let!(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report, project: project) }
context "when loading `allowed` and `denied` software policies" do
before do
get :index, params: {
namespace_id: project.namespace,
project_id: project,
classification: %w[allowed denied]
}, format: :json
end
it { expect(response).to have_gitlab_http_status(:ok) }
it { expect(json_response["licenses"].count).to be(2) }
it 'includes `denied` policies' do
expect(json_response.dig("licenses", 0)).to include({
"id" => mit_policy.id,
"spdx_identifier" => mit.spdx_identifier,
"classification" => mit_policy.classification
})
get_licenses
end
it 'includes `allowed` policies' do
expect(json_response.dig("licenses", 1)).to include({
"id" => other_license_policy.id,
"spdx_identifier" => other_license_policy.spdx_identifier,
"classification" => other_license_policy.classification
})
it 'returns status job_not_set_up' do
expect(json_response['report']['status']).to eq('job_not_set_up')
end
end
end
context 'without existing report' do
let!(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report, project: project) }
context 'with maintainer' do
before do
get_licenses
project.add_maintainer(user)
end
it 'returns status job_not_set_up' do
expect(json_response['report']['status']).to eq('job_not_set_up')
it 'responds to an HTML request' do
get :index, params: params
expect(response).to have_gitlab_http_status(:ok)
licenses_app_data = assigns(:licenses_app_data)
expect(licenses_app_data[:project_licenses_endpoint]).to eql(controller.helpers.project_licenses_path(project, detected: true, format: :json))
expect(licenses_app_data[:read_license_policies_endpoint]).to eql(controller.helpers.api_v4_projects_managed_licenses_path(id: project.id))
expect(licenses_app_data[:write_license_policies_endpoint]).to eql(controller.helpers.api_v4_projects_managed_licenses_path(id: project.id))
expect(licenses_app_data[:documentation_path]).to eql(help_page_path('user/application_security/license_compliance/index'))
expect(licenses_app_data[:empty_state_svg_path]).to eql(controller.helpers.image_path('illustrations/Dependency-list-empty-state.svg'))
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7