Commit bc6c67dd authored by Dmytro Zaporozhets's avatar Dmytro Zaporozhets

Merge branch '208723-license-compliance-permissions' into 'master'

Authorize access to  view license scan reports

See merge request gitlab-org/gitlab!34324
parents b22232b4 ab7e0608
...@@ -17,6 +17,7 @@ module EE ...@@ -17,6 +17,7 @@ module EE
before_action :whitelist_query_limiting_ee_merge, only: [:merge] before_action :whitelist_query_limiting_ee_merge, only: [:merge]
before_action :whitelist_query_limiting_ee_show, only: [:show] before_action :whitelist_query_limiting_ee_show, only: [:show]
before_action :authorize_read_pipeline!, only: [:container_scanning_reports, :dependency_scanning_reports, before_action :authorize_read_pipeline!, only: [:container_scanning_reports, :dependency_scanning_reports,
:license_scanning_reports,
:sast_reports, :secret_detection_reports, :dast_reports, :metrics_reports] :sast_reports, :secret_detection_reports, :dast_reports, :metrics_reports]
end end
......
---
title: 'Authorize access to view license scan reports'
merge_request: 34324
author:
type: fixed
...@@ -784,7 +784,7 @@ RSpec.describe Projects::MergeRequestsController do ...@@ -784,7 +784,7 @@ RSpec.describe Projects::MergeRequestsController do
before do before do
allow_any_instance_of(::MergeRequest).to receive(:compare_reports) allow_any_instance_of(::MergeRequest).to receive(:compare_reports)
.with(::Ci::CompareLicenseScanningReportsService, project.users.first).and_return(comparison_status) .with(::Ci::CompareLicenseScanningReportsService, viewer).and_return(comparison_status)
end end
context 'when comparison is being processed' do context 'when comparison is being processed' do
...@@ -836,6 +836,10 @@ RSpec.describe Projects::MergeRequestsController do ...@@ -836,6 +836,10 @@ RSpec.describe Projects::MergeRequestsController do
expect(json_response).to eq({ 'status_reason' => 'Failed to parse license scanning reports' }) expect(json_response).to eq({ 'status_reason' => 'Failed to parse license scanning reports' })
end end
end end
context "when authorizing access to license scan reports" do
it_behaves_like 'authorize read pipeline'
end
end end
describe 'GET #metrics_reports' do describe 'GET #metrics_reports' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment