Fix dependency-list link visibility in side-nav

A user, having the right permissions, should see a link to the dependency-list in a project's sidebar navigation. A previous change moved that link under a new top-level navigation item, which is only rendered if the user has access to the security-dashboard. This prevents some users from seeing the link to the dependency-list, even if they have the right permissions. This commit adds extra logic to correct the behaviour.

Fix dependency-list link visibility in side-nav
A user, having the right permissions, should see a link to the dependency-list in a project's sidebar navigation. A previous change moved that link under a new top-level navigation item, which is only rendered if the user has access to the security-dashboard. This prevents some users from seeing the link to the dependency-list, even if they have the right permissions. This commit adds extra logic to correct the behaviour.
bb54ab87 · Dave Pisek · 0c28a7c8 · bb54ab87 · bb54ab87 · bb54ab87
Commit bb54ab87 authored Aug 08, 2019 by Dave Pisek
4 changed files
--- a/ee/app/helpers/ee/projects_helper.rb
+++ b/ee/app/helpers/ee/projects_helper.rb
@@ -40,6 +40,10 @@ module EE
        nav_tabs << :security
      end

+      if can?(current_user, :read_dependencies, @project)
+        nav_tabs << :dependencies
+      end
+
      if ::Gitlab.config.packages.enabled &&
          project.feature_available?(:packages) &&
          can?(current_user, :read_package, project)

--- a/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
+++ b/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
- if project_nav_tab?(:security)
-  = nav_link(path: sidebar_security_paths) do
-    = link_to project_security_dashboard_path(@project), data: { qa_selector: 'link_security_dashboard' } do
-      .nav-icon-container
-        = sprite_icon('shield')
-      %span.nav-item-name
-        = _('Security & Compliance')
+- return unless project_nav_tab?(:security) || project_nav_tab?(:dependencies)

-    %ul.sidebar-sub-level-items
-      = nav_link(path: sidebar_security_paths, html_options: { class: "fly-out-top-item" } ) do
-        = link_to project_security_dashboard_path(@project) do
-          %strong.fly-out-top-item-name
-            = _('Security & Compliance')
-      %li.divider.fly-out-top-item
+- top_level_link = project_nav_tab?(:security) ? project_security_dashboard_path(@project) : project_dependencies_path(@project)
+- top_level_qa_selector = project_nav_tab?(:security) ? 'security_dashboard_link' : 'dependency_list_link'

+= nav_link(path: sidebar_security_paths) do
+  = link_to top_level_link, data: { qa_selector: top_level_qa_selector } do
+    .nav-icon-container
+      = sprite_icon('shield')
+    %span.nav-item-name
+      = _('Security & Compliance')
+
+  %ul.sidebar-sub-level-items
+    = nav_link(path: sidebar_security_paths, html_options: { class: "fly-out-top-item" } ) do
+      = link_to top_level_link do
+        %strong.fly-out-top-item-name
+          = _('Security & Compliance')
+
+    %li.divider.fly-out-top-item
+
+    - if project_nav_tab?(:security)
      = nav_link(path: 'projects/security/dashboard#show') do
        = link_to project_security_dashboard_path(@project), title: _('Security Dashboard') do
          %span= _('Security Dashboard')

-      - if @project.feature_available?(:dependency_list)
-        = nav_link(path: 'projects/dependencies#show') do
-          = link_to project_dependencies_path(@project), title: _('Dependency List'), data: { qa_selector: 'dependency_list_link' } do
-            %span= _('Dependency List')
+    - if project_nav_tab?(:dependencies)
+      = nav_link(path: 'projects/dependencies#show') do
+        = link_to project_dependencies_path(@project), title: _('Dependency List'), data: { qa_selector: 'dependency_list_link' } do
+          %span= _('Dependency List')
+
--- a/ee/changelogs/unreleased/12250-fix-permissions-for-dependency-list-project-sidebar-visibility.yml
+++ b/ee/changelogs/unreleased/12250-fix-permissions-for-dependency-list-project-sidebar-visibility.yml
+---
+title: Fix visibility of link to dependency-list in project sidebar based on permissions
+merge_request: 15066
+author:
+type: fixed
--- a/qa/qa/ee/page/project/sub_menus/security_compliance.rb
+++ b/qa/qa/ee/page/project/sub_menus/security_compliance.rb
@@ -11,7 +11,7 @@ module QA
            def self.included(page)
              page.class_eval do
                view 'ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml' do
-                  element :link_security_dashboard
+                  element :security_dashboard_link
                  element :dependency_list_link
                end
              end
@@ -19,7 +19,7 @@ module QA

            def click_on_security_dashboard
              within_sidebar do
-                click_element :link_security_dashboard
+                click_element :security_dashboard_link
              end
            end

@@ -33,7 +33,7 @@ module QA

            def hover_security_compliance
              within_sidebar do
-                find_element(:link_security_dashboard).hover
+                find_element(:security_dashboard_link).hover

                yield
              end