Merge branch 'fix_404_remove_ambiguity_between_id_iid' into 'master'

Fix 404 on alert details See merge request gitlab-org/gitlab!60411

Merge branch 'fix_404_remove_ambiguity_between_id_iid' into 'master'
Fix 404 on alert details See merge request gitlab-org/gitlab!60411
b84fc74a · Andrew Fontaine · 4b1d91e1 · b9cbdeaf · b84fc74a · b84fc74a
Commit b84fc74a authored Apr 30, 2021 by Andrew Fontaine
6 changed files
--- a/ee/app/controllers/projects/threat_monitoring_controller.rb
+++ b/ee/app/controllers/projects/threat_monitoring_controller.rb
@@ -14,9 +14,11 @@ module Projects

    feature_category :web_firewall

+    # rubocop: disable CodeReuse/ActiveRecord
    def alert_details
-      @alert_id = project.alert_management_alerts.find(params[:id]).id
+      @alert_iid = AlertManagement::AlertsFinder.new(current_user, project, params.merge(domain: 'threat_monitoring')).execute.first!.iid
    end
+    # rubocop: enable CodeReuse/ActiveRecord

    def edit
      @environment = project.environments.find(params[:environment_id])

--- a/ee/app/helpers/policy_helper.rb
+++ b/ee/app/helpers/policy_helper.rb
@@ -14,9 +14,9 @@ module PolicyHelper
    details.merge(edit_details)
  end

-  def threat_monitoring_alert_details_data(project, alert_id)
+  def threat_monitoring_alert_details_data(project, alert_iid)
    {
-      'alert-id' => alert_id,
+      'alert-id' => alert_iid,
      'project-path' => project.full_path,
      'project-id' => project.id,
      'project-issues-path' => project_issues_path(project),

--- a/ee/app/views/projects/threat_monitoring/alert_details.html.haml
+++ b/ee/app/views/projects/threat_monitoring/alert_details.html.haml
 - add_to_breadcrumbs s_('ThreatMonitoring|Threat Monitoring'), project_threat_monitoring_path(@project)
 - page_title s_('ThreatMonitoring|Alert Details')

-#js-alert_details{ data: threat_monitoring_alert_details_data(@project, @alert_id) }
+#js-alert_details{ data: threat_monitoring_alert_details_data(@project, @alert_iid) }

--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -40,7 +40,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
        resources :subscriptions, only: [:create, :destroy]

        resource :threat_monitoring, only: [:show], controller: :threat_monitoring do
-          get '/alerts/:id', action: 'alert_details', constraints: { id: /\d+/ }, as: :threat_monitoring_alert
+          get '/alerts/:iid', action: 'alert_details', constraints: { iid: /\d+/ }, as: :threat_monitoring_alert
          resources :policies, only: [:new, :edit], controller: :threat_monitoring
        end


--- a/ee/spec/controllers/projects/threat_monitoring_controller_spec.rb
+++ b/ee/spec/controllers/projects/threat_monitoring_controller_spec.rb
@@ -4,7 +4,7 @@ require 'spec_helper'

 RSpec.describe Projects::ThreatMonitoringController do
  let_it_be(:project) { create(:project, :repository, :private) }
-  let_it_be(:alert) { create(:alert_management_alert, :cilium, project: project) }
+  let_it_be(:alert) { create(:alert_management_alert, :threat_monitoring, project: project) }
  let_it_be(:user) { create(:user) }

  describe 'GET show' do
@@ -239,9 +239,9 @@ RSpec.describe Projects::ThreatMonitoringController do
  end

  describe 'GET threat monitoring alerts' do
-    let(:alert_id) { alert.id }
+    let(:alert_iid) { alert.iid }

-    subject { get :alert_details, params: { namespace_id: project.namespace, project_id: project, id: alert_id } }
+    subject { get :alert_details, params: { namespace_id: project.namespace, project_id: project, iid: alert_iid } }

    context 'with authorized user' do
      before do
@@ -284,7 +284,7 @@ RSpec.describe Projects::ThreatMonitoringController do
        end

        context 'when id is invalid' do
-          let(:alert_id) { nil }
+          let(:alert_iid) { nil }

          it 'raises an error' do
            expect { subject }.to raise_error(ActionController::UrlGenerationError)
@@ -292,7 +292,7 @@ RSpec.describe Projects::ThreatMonitoringController do
        end

        context 'when id is not found' do
-          let(:alert_id) { non_existing_record_id }
+          let(:alert_iid) { non_existing_record_id }

          it 'renders not found' do
            subject

--- a/ee/spec/helpers/policy_helper_spec.rb
+++ b/ee/spec/helpers/policy_helper_spec.rb
@@ -62,11 +62,11 @@ RSpec.describe PolicyHelper do
    let(:alert) { build(:alert_management_alert, project: project) }

    context 'when a new alert is created' do
-      subject { helper.threat_monitoring_alert_details_data(project, alert.id) }
+      subject { helper.threat_monitoring_alert_details_data(project, alert.iid) }

      it 'returns expected policy data' do
        expect(subject).to match({
-          'alert-id' => alert.id,
+          'alert-id' => alert.iid,
          'project-path' => project.full_path,
          'project-id' => project.id,
          'project-issues-path' => project_issues_path(project),