Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b8366bd3
Commit
b8366bd3
authored
Jun 15, 2020
by
Philip Cunningham
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add new ondemand scan ability to project policy
parent
cebdd221
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
26 additions
and
6 deletions
+26
-6
ee/app/graphql/mutations/pipelines/run_dast_scan.rb
ee/app/graphql/mutations/pipelines/run_dast_scan.rb
+1
-1
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+1
-0
ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
+24
-5
No files found.
ee/app/graphql/mutations/pipelines/run_dast_scan.rb
View file @
b8366bd3
...
@@ -27,7 +27,7 @@ module Mutations
...
@@ -27,7 +27,7 @@ module Mutations
required:
true
,
required:
true
,
description:
'The type of scan to be run.'
description:
'The type of scan to be run.'
authorize
:
create_pipeline
authorize
:
run_ondemand_dast_scan
def
resolve
(
project_path
:,
target_url
:,
branch
:,
scan_type
:)
def
resolve
(
project_path
:,
target_url
:,
branch
:,
scan_type
:)
project
=
authorized_find!
(
full_path:
project_path
)
project
=
authorized_find!
(
full_path:
project_path
)
...
...
ee/app/policies/ee/project_policy.rb
View file @
b8366bd3
...
@@ -229,6 +229,7 @@ module EE
...
@@ -229,6 +229,7 @@ module EE
enable
:admin_feature_flag
enable
:admin_feature_flag
enable
:admin_feature_flags_user_lists
enable
:admin_feature_flags_user_lists
enable
:read_ci_minutes_quota
enable
:read_ci_minutes_quota
enable
:run_ondemand_dast_scan
end
end
rule
{
can?
(
:developer_access
)
&
iterations_available
}.
policy
do
rule
{
can?
(
:developer_access
)
&
iterations_available
}.
policy
do
...
...
ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
View file @
b8366bd3
...
@@ -3,7 +3,8 @@
...
@@ -3,7 +3,8 @@
require
'spec_helper'
require
'spec_helper'
describe
Mutations
::
Pipelines
::
RunDastScan
do
describe
Mutations
::
Pipelines
::
RunDastScan
do
let
(
:project
)
{
create
(
:project
)
}
let
(
:group
)
{
create
(
:group
)
}
let
(
:project
)
{
create
(
:project
,
group:
group
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:project_path
)
{
project
.
full_path
}
let
(
:project_path
)
{
project
.
full_path
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
...
@@ -41,22 +42,40 @@ describe Mutations::Pipelines::RunDastScan do
...
@@ -41,22 +42,40 @@ describe Mutations::Pipelines::RunDastScan do
end
end
end
end
context
'when the user
does not have permission to run a dast scan
'
do
context
'when the user
is not associated with the project
'
do
it
'raises an exception'
do
it
'raises an exception'
do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
context
'when the user can run a dast scan'
do
context
'when the user is an owner'
do
before
do
it
'has no errors'
do
project
.
add_developer
(
user
)
group
.
add_owner
(
user
)
expect
(
subject
[
:errors
]).
to
be_empty
end
end
context
'when the user is a maintainer'
do
it
'has no errors'
do
project
.
add_maintainer
(
user
)
expect
(
subject
[
:errors
]).
to
be_empty
end
end
end
context
'when the user is a developer'
do
it
'has no errors'
do
it
'has no errors'
do
project
.
add_developer
(
user
)
expect
(
subject
[
:errors
]).
to
be_empty
expect
(
subject
[
:errors
]).
to
be_empty
end
end
end
context
'when the user can run a dast scan'
do
it
'returns a pipeline_url containing the correct path'
do
it
'returns a pipeline_url containing the correct path'
do
project
.
add_developer
(
user
)
actual_url
=
subject
[
:pipeline_url
]
actual_url
=
subject
[
:pipeline_url
]
pipeline
=
Ci
::
Pipeline
.
last
pipeline
=
Ci
::
Pipeline
.
last
expected_url
=
Rails
.
application
.
routes
.
url_helpers
.
project_pipeline_url
(
expected_url
=
Rails
.
application
.
routes
.
url_helpers
.
project_pipeline_url
(
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment