Merge branch '295240-saved-scans-routes' into 'master'

Creates new on-demand scans routes See merge request gitlab-org/gitlab!50469

Merge branch '295240-saved-scans-routes' into 'master'
Creates new on-demand scans routes See merge request gitlab-org/gitlab!50469
b52d983c · Sean McGivern · 51fbe028 · 2ec2e0a2 · b52d983c · b52d983c
Commit b52d983c authored Dec 29, 2020 by Sean McGivern
12 changed files
--- a/ee/app/assets/javascripts/pages/projects/on_demand_scans/edit/index.js
+++ b/ee/app/assets/javascripts/pages/projects/on_demand_scans/edit/index.js
+import initOnDemanScans from 'ee/on_demand_scans';
+
+initOnDemanScans();
--- a/ee/app/assets/javascripts/pages/projects/on_demand_scans/new/index.js
+++ b/ee/app/assets/javascripts/pages/projects/on_demand_scans/new/index.js
+import initOnDemanScans from 'ee/on_demand_scans';
+
+initOnDemanScans();
--- a/ee/app/controllers/projects/on_demand_scans_controller.rb
+++ b/ee/app/controllers/projects/on_demand_scans_controller.rb
@@ -3,14 +3,25 @@
 module Projects
  class OnDemandScansController < Projects::ApplicationController
    before_action do
-      authorize_read_on_demand_scans!
      push_frontend_feature_flag(:security_on_demand_scans_site_validation, @project)
      push_frontend_feature_flag(:security_dast_site_profiles_additional_fields, @project, default_enabled: :yaml)
+      push_frontend_feature_flag(:dast_saved_scans, @project, default_enabled: :yaml)
    end

+    before_action :authorize_read_on_demand_scans!, only: :index
+    before_action :authorize_create_on_demand_dast_scan!, only: [:new, :edit]
+
    feature_category :dynamic_application_security_testing

    def index
    end
+
+    def new
+      not_found unless Feature.enabled?(:dast_saved_scans, @project, default_enabled: :yaml)
+    end
+
+    def edit
+      not_found unless Feature.enabled?(:dast_saved_scans, @project, default_enabled: :yaml)
+    end
  end
 end
--- a/ee/app/helpers/ee/projects_helper.rb
+++ b/ee/app/helpers/ee/projects_helper.rb
@@ -166,6 +166,8 @@ module EE
        projects/security/vulnerability_report#index
        projects/security/dashboard#index
        projects/on_demand_scans#index
+        projects/on_demand_scans#new
+        projects/on_demand_scans#edit
        projects/security/dast_profiles#show
        projects/security/dast_site_profiles#new
        projects/security/dast_site_profiles#edit
@@ -189,6 +191,8 @@ module EE
    def sidebar_on_demand_scans_paths
      %w[
        projects/on_demand_scans#index
+        projects/on_demand_scans#new
+        projects/on_demand_scans#edit
      ]
    end


--- a/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
+++ b/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
+- on_demand_scans_path = Feature.enabled?(:dast_saved_scans, @project, default_enabled: :yaml) ? new_project_on_demand_scan_path(@project) : project_on_demand_scans_path(@project)
+
 - if any_project_nav_tab?([:security, :dependencies, :licenses, :audit_events])
  = nav_link(path: sidebar_security_paths) do
    = link_to top_level_link(@project), data: { qa_selector: top_level_qa_selector(@project) } do
@@ -24,7 +26,7 @@

      - if project_nav_tab?(:on_demand_scans)
        = nav_link(path: sidebar_on_demand_scans_paths) do
-          = link_to project_on_demand_scans_path(@project), title: s_('OnDemandScans|On-demand Scans'), data: { qa_selector: 'on_demand_scans_link' } do
+          = link_to on_demand_scans_path, title: s_('OnDemandScans|On-demand Scans'), data: { qa_selector: 'on_demand_scans_link' } do
            %span= s_('OnDemandScans|On-demand Scans')

      - if project_nav_tab?(:dependencies)

--- a/ee/app/views/projects/on_demand_scans/edit.html.haml
+++ b/ee/app/views/projects/on_demand_scans/edit.html.haml
+- breadcrumb_title s_('OnDemandScans|Edit on-demand DAST scan')
+- page_title s_('OnDemandScans|Edit on-demand DAST scan')
+
+#js-on-demand-scans-app{ data: on_demand_scans_data(@project) }
--- a/ee/app/views/projects/on_demand_scans/new.html.haml
+++ b/ee/app/views/projects/on_demand_scans/new.html.haml
+- breadcrumb_title s_('OnDemandScans|New on-demand DAST scan')
+- page_title s_('OnDemandScans|New on-demand DAST scan')
+
+#js-on-demand-scans-app{ data: on_demand_scans_data(@project) }
--- a/ee/config/feature_flags/development/dast_saved_scans.yml
+++ b/ee/config/feature_flags/development/dast_saved_scans.yml
+---
+name: dast_saved_scans
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50469
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/295252
+milestone: '13.8'
+type: development
+group: group::dynamic analysis
+default_enabled: false
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -105,9 +105,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
          resources :feature_flag_issues, only: [:index, :create, :destroy], as: 'issues', path: 'issues'
        end

-        scope :on_demand_scans do
-          root 'on_demand_scans#index', as: 'on_demand_scans'
-        end
+        resources :on_demand_scans, only: [:index, :new, :edit]

        namespace :integrations do
          namespace :jira do

--- a/ee/spec/helpers/projects_helper_spec.rb
+++ b/ee/spec/helpers/projects_helper_spec.rb
@@ -210,6 +210,8 @@ RSpec.describe ProjectsHelper do
        projects/security/vulnerability_report#index
        projects/security/dashboard#index
        projects/on_demand_scans#index
+        projects/on_demand_scans#new
+        projects/on_demand_scans#edit
        projects/security/dast_profiles#show
        projects/security/dast_site_profiles#new
        projects/security/dast_site_profiles#edit
@@ -233,6 +235,8 @@ RSpec.describe ProjectsHelper do
    let(:expected_on_demand_scans_paths) do
      %w[
        projects/on_demand_scans#index
+        projects/on_demand_scans#new
+        projects/on_demand_scans#edit
      ]
    end


--- a/ee/spec/requests/projects/on_demand_scans_controller_spec.rb
+++ b/ee/spec/requests/projects/on_demand_scans_controller_spec.rb
@@ -3,10 +3,10 @@
 require 'spec_helper'

 RSpec.describe Projects::OnDemandScansController, type: :request do
-  let(:project) { create(:project) }
+  let_it_be(:project) { create(:project) }
  let(:user) { create(:user) }

-  describe 'GET #index' do
+  shared_examples 'on-demand scans page' do
    context 'feature available' do
      before do
        stub_licensed_features(security_on_demand_scans: true)
@@ -20,7 +20,7 @@ RSpec.describe Projects::OnDemandScansController, type: :request do
        end

        it "can access page" do
-          get project_on_demand_scans_path(project)
+          get path

          expect(response).to have_gitlab_http_status(:ok)
        end
@@ -34,7 +34,7 @@ RSpec.describe Projects::OnDemandScansController, type: :request do
        end

        it "sees a 404 error" do
-          get project_on_demand_scans_path(project)
+          get path

          expect(response).to have_gitlab_http_status(:not_found)
        end
@@ -50,10 +50,29 @@ RSpec.describe Projects::OnDemandScansController, type: :request do

      it "sees a 404 error if the license doesn't support the feature" do
        stub_licensed_features(security_on_demand_scans: false)
-        get project_on_demand_scans_path(project)
+        get path

        expect(response).to have_gitlab_http_status(:not_found)
      end
    end
  end
+
+  describe 'GET #index' do
+    it_behaves_like 'on-demand scans page' do
+      let(:path) { project_on_demand_scans_path(project) }
+    end
+  end
+
+  describe 'GET #new' do
+    it_behaves_like 'on-demand scans page' do
+      let(:path) { new_project_on_demand_scan_path(project) }
+    end
+  end
+
+  describe 'GET #edit' do
+    it_behaves_like 'on-demand scans page' do
+      # This should be improved as part of https://gitlab.com/gitlab-org/gitlab/-/issues/295242
+      let(:path) { edit_project_on_demand_scan_path(project, id: 1) }
+    end
+  end
 end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -19556,6 +19556,9 @@ msgstr ""
 msgid "OnDemandScans|Create a new site profile"
 msgstr ""

+msgid "OnDemandScans|Edit on-demand DAST scan"
+msgstr ""
+
 msgid "OnDemandScans|Manage profiles"
 msgstr ""