Merge branch 'display-security-approvals-backend' into 'master'

Extend configuration end point to return json when format is given See merge request gitlab-org/gitlab!37217

Merge branch 'display-security-approvals-backend' into 'master'
Extend configuration end point to return json when format is given See merge request gitlab-org/gitlab!37217
b6d32b0c · Michael Kozono · 58ce453f · d936f769 · b6d32b0c · b6d32b0c
Commit b6d32b0c authored Jul 21, 2020 by Michael Kozono
6 changed files
--- a/ee/app/controllers/projects/security/configuration_controller.rb
+++ b/ee/app/controllers/projects/security/configuration_controller.rb
@@ -20,6 +20,12 @@ module Projects
        @configuration = ConfigurationPresenter.new(project,
                                                    auto_fix_permission: auto_fix_authorized?,
                                                    current_user: current_user)
+        respond_to do |format|
+          format.html
+          format.json do
+            render status: :ok, json: @configuration.to_h
+          end
+        end
      end

      def auto_fix

--- a/ee/app/presenters/projects/security/configuration_presenter.rb
+++ b/ee/app/presenters/projects/security/configuration_presenter.rb
@@ -53,21 +53,33 @@ module Projects
          create_sast_merge_request_path: project_security_configuration_sast_path(project),
          auto_devops_path: auto_devops_settings_path(project),
          can_enable_auto_devops: can_enable_auto_devops?,
-          features: features.to_json,
+          features: features,
          help_page_path: help_page_path('user/application_security/index'),
          latest_pipeline_path: latest_pipeline_path,
-          auto_fix_enabled: {
-            dependency_scanning: project_settings.auto_fix_dependency_scanning,
-            container_scanning: project_settings.auto_fix_container_scanning
-          }.to_json,
+          auto_fix_enabled: autofix_enabled,
          can_toggle_auto_fix_settings: auto_fix_permission,
          gitlab_ci_present: gitlab_ci_present?,
          auto_fix_user_path: '/' # TODO: real link will be updated with https://gitlab.com/gitlab-org/gitlab/-/issues/215669
        }
      end

+      def to_html_data_attribute
+        data = to_h
+        data[:features] = data[:features].to_json
+        data[:auto_fix_enabled] = data[:auto_fix_enabled].to_json
+
+        data
+      end
+
      private

+      def autofix_enabled
+        {
+          dependency_scanning: project_settings.auto_fix_dependency_scanning,
+          container_scanning: project_settings.auto_fix_container_scanning
+        }
+      end
+
      def can_enable_auto_devops?
        feature_available?(:builds, current_user) &&
          can?(current_user, :admin_project, self) &&

--- a/ee/app/views/projects/security/configuration/show.html.haml
+++ b/ee/app/views/projects/security/configuration/show.html.haml
 - breadcrumb_title _("Security Configuration")
 - page_title _("Security Configuration")

-#js-security-configuration{ data: { **@configuration.to_h,
+#js-security-configuration{ data: { **@configuration.to_html_data_attribute,
  auto_fix_help_path: '/',
  toggle_autofix_setting_endpoint: 'configuration/auto_fix',
  container_scanning_help_path: help_page_path('user/application_security/container_scanning/index'),

--- a/ee/changelogs/unreleased/display-security-approvals-backend.yml
+++ b/ee/changelogs/unreleased/display-security-approvals-backend.yml
+---
+title: Extend configuration end point to return json when format is given
+merge_request: 37217
+author:
+type: added
--- a/ee/spec/controllers/projects/security/configuration_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/configuration_controller_spec.rb
@@ -26,6 +26,16 @@ RSpec.describe Projects::Security::ConfigurationController do
        sign_in(user)
      end

+      it 'responds in json format when requested' do
+        get :show, params: { namespace_id: project.namespace, project_id: project, format: :json }
+
+        types = %w(sast dast dependency_scanning container_scanning secret_detection coverage_fuzzing license_scanning)
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response['features'].map { |f| f['type'] }).to match_array(types)
+        expect(json_response['auto_fix_enabled']).to include({ 'dependency_scanning' => true, 'container_scanning' => true })
+      end
+
      it "renders data on the project's security configuration" do
        request

@@ -99,6 +109,13 @@ RSpec.describe Projects::Security::ConfigurationController do
        let(:user) { maintainer }
        let(:setting) { project.security_setting }

+        it 'shows auto fix disable for dependency scanning for json format' do
+          get :show, params: { namespace_id: project.namespace, project_id: project, format: :json }
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response['auto_fix_enabled']).to include({ 'dependency_scanning' => false })
+        end
+
        context 'with setup feature param' do
          let(:feature) { :dependency_scanning }


--- a/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
+++ b/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
@@ -19,7 +19,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
  end

  describe '#to_h' do
-    subject { described_class.new(project, auto_fix_permission: true, current_user: current_user).to_h }
+    subject { described_class.new(project, auto_fix_permission: true, current_user: current_user).to_html_data_attribute }

    it 'includes links to auto devops and secure product docs' do
      expect(subject[:auto_devops_help_page_path]).to eq(help_page_path('topics/autodevops/index'))