Commit bcf855b2 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch 'dz-scope-security-routes' into 'master'

Move security routes under - scope

See merge request gitlab-org/gitlab!24287
parents 6341e336 72ff2e93
---
title: Move security routes under - scope
merge_request: 24287
author:
type: changed
...@@ -468,7 +468,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -468,7 +468,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
:forks, :group_links, :import, :avatar, :mirror, :forks, :group_links, :import, :avatar, :mirror,
:cycle_analytics, :mattermost, :variables, :triggers, :cycle_analytics, :mattermost, :variables, :triggers,
:environments, :protected_environments, :error_tracking, :environments, :protected_environments, :error_tracking,
:serverless, :clusters, :audit_events, :wikis, :merge_requests) :serverless, :clusters, :audit_events, :wikis, :merge_requests,
:vulnerability_feedback, :security, :dependencies)
end end
# rubocop: disable Cop/PutProjectRoutesUnderScope # rubocop: disable Cop/PutProjectRoutesUnderScope
......
...@@ -56,8 +56,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -56,8 +56,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :subscriptions, only: [:create, :destroy] resources :subscriptions, only: [:create, :destroy]
resources :licenses, only: [:index, :create, :update]
resource :threat_monitoring, only: [:show], controller: :threat_monitoring resource :threat_monitoring, only: [:show], controller: :threat_monitoring
resources :logs, only: [:index] do resources :logs, only: [:index] do
...@@ -79,6 +77,16 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -79,6 +77,16 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :waf_anomalies, only: [] do resources :waf_anomalies, only: [] do
get :summary, on: :collection get :summary, on: :collection
end end
resources :dashboard, only: [:show, :index], controller: :dashboard
resource :configuration, only: [:show], controller: :configuration
resource :discover, only: [:show], controller: :discover
resources :vulnerability_findings, only: [:index] do
collection do
get :summary
end
end
end end
namespace :analytics do namespace :analytics do
...@@ -88,6 +96,9 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -88,6 +96,9 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :approvers, only: :destroy resources :approvers, only: :destroy
resources :approver_groups, only: :destroy resources :approver_groups, only: :destroy
resources :push_rules, constraints: { id: /\d+/ }, only: [:update] resources :push_rules, constraints: { id: /\d+/ }, only: [:update]
resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
resources :dependencies, only: [:index]
resources :licenses, only: [:index, :create, :update]
end end
# End of the /-/ scope. # End of the /-/ scope.
...@@ -146,22 +157,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -146,22 +157,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
post :query post :query
end end
end end
namespace :security do
resources :dashboard, only: [:show, :index], controller: :dashboard
resource :configuration, only: [:show], controller: :configuration
resource :discover, only: [:show], controller: :discover
resources :vulnerability_findings, only: [:index] do
collection do
get :summary
end
end
end
resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
resources :dependencies, only: [:index]
# All new routes should go under /-/ scope. # All new routes should go under /-/ scope.
# Look for scope '-' at the top of the file. # Look for scope '-' at the top of the file.
# rubocop: enable Cop/PutProjectRoutesUnderScope # rubocop: enable Cop/PutProjectRoutesUnderScope
......
...@@ -105,7 +105,7 @@ describe MergeRequestPresenter do ...@@ -105,7 +105,7 @@ describe MergeRequestPresenter do
with_them do with_them do
subject { described_class.new(merge_request, current_user: user).public_send(create_feedback_path, merge_request.project) } subject { described_class.new(merge_request, current_user: user).public_send(create_feedback_path, merge_request.project) }
it { is_expected.to eq("/#{merge_request.project.full_path}/vulnerability_feedback") } it { is_expected.to eq("/#{merge_request.project.full_path}/-/vulnerability_feedback") }
context 'when not allowed to create vulnerability feedback' do context 'when not allowed to create vulnerability feedback' do
let(:unauthorized_user) { create(:user) } let(:unauthorized_user) { create(:user) }
......
...@@ -12,15 +12,19 @@ describe 'EE-specific project routing' do ...@@ -12,15 +12,19 @@ describe 'EE-specific project routing' do
# project_vulnerability_feedback DELETE /:project_id/vulnerability_feedback/:id(.:format) projects/vulnerability_feedback#destroy # project_vulnerability_feedback DELETE /:project_id/vulnerability_feedback/:id(.:format) projects/vulnerability_feedback#destroy
describe Projects::VulnerabilityFeedbackController, 'routing', type: :routing do describe Projects::VulnerabilityFeedbackController, 'routing', type: :routing do
it "to #index" do it "to #index" do
expect(get("/gitlab/gitlabhq/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#index', namespace_id: 'gitlab', project_id: 'gitlabhq') expect(get("/gitlab/gitlabhq/-/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#index', namespace_id: 'gitlab', project_id: 'gitlabhq')
end end
it "to #create" do it "to #create" do
expect(post("/gitlab/gitlabhq/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#create', namespace_id: 'gitlab', project_id: 'gitlabhq') expect(post("/gitlab/gitlabhq/-/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#create', namespace_id: 'gitlab', project_id: 'gitlabhq')
end end
it "to #destroy" do it "to #destroy" do
expect(delete("/gitlab/gitlabhq/vulnerability_feedback/1")).to route_to('projects/vulnerability_feedback#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1') expect(delete("/gitlab/gitlabhq/-/vulnerability_feedback/1")).to route_to('projects/vulnerability_feedback#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1')
end
describe 'legacy routing' do
it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/vulnerability_feedback", "/gitlab/gitlabhq/-/vulnerability_feedback"
end end
end end
......
...@@ -208,7 +208,7 @@ describe MergeRequestWidgetEntity do ...@@ -208,7 +208,7 @@ describe MergeRequestWidgetEntity do
it 'has vulnerability feedback paths' do it 'has vulnerability feedback paths' do
expect(subject.as_json[:vulnerability_feedback_path]).to eq( expect(subject.as_json[:vulnerability_feedback_path]).to eq(
"/#{merge_request.project.full_path}/vulnerability_feedback" "/#{merge_request.project.full_path}/-/vulnerability_feedback"
) )
expect(subject.as_json).to include(:create_vulnerability_feedback_issue_path) expect(subject.as_json).to include(:create_vulnerability_feedback_issue_path)
expect(subject.as_json).to include(:create_vulnerability_feedback_merge_request_path) expect(subject.as_json).to include(:create_vulnerability_feedback_merge_request_path)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment