Commit bcf855b2 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch 'dz-scope-security-routes' into 'master'

Move security routes under - scope

See merge request gitlab-org/gitlab!24287
parents 6341e336 72ff2e93
---
title: Move security routes under - scope
merge_request: 24287
author:
type: changed
......@@ -468,7 +468,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
:forks, :group_links, :import, :avatar, :mirror,
:cycle_analytics, :mattermost, :variables, :triggers,
:environments, :protected_environments, :error_tracking,
:serverless, :clusters, :audit_events, :wikis, :merge_requests)
:serverless, :clusters, :audit_events, :wikis, :merge_requests,
:vulnerability_feedback, :security, :dependencies)
end
# rubocop: disable Cop/PutProjectRoutesUnderScope
......
......@@ -56,8 +56,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :subscriptions, only: [:create, :destroy]
resources :licenses, only: [:index, :create, :update]
resource :threat_monitoring, only: [:show], controller: :threat_monitoring
resources :logs, only: [:index] do
......@@ -79,6 +77,16 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :waf_anomalies, only: [] do
get :summary, on: :collection
end
resources :dashboard, only: [:show, :index], controller: :dashboard
resource :configuration, only: [:show], controller: :configuration
resource :discover, only: [:show], controller: :discover
resources :vulnerability_findings, only: [:index] do
collection do
get :summary
end
end
end
namespace :analytics do
......@@ -88,6 +96,9 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :approvers, only: :destroy
resources :approver_groups, only: :destroy
resources :push_rules, constraints: { id: /\d+/ }, only: [:update]
resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
resources :dependencies, only: [:index]
resources :licenses, only: [:index, :create, :update]
end
# End of the /-/ scope.
......@@ -146,22 +157,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
post :query
end
end
namespace :security do
resources :dashboard, only: [:show, :index], controller: :dashboard
resource :configuration, only: [:show], controller: :configuration
resource :discover, only: [:show], controller: :discover
resources :vulnerability_findings, only: [:index] do
collection do
get :summary
end
end
end
resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
resources :dependencies, only: [:index]
# All new routes should go under /-/ scope.
# Look for scope '-' at the top of the file.
# rubocop: enable Cop/PutProjectRoutesUnderScope
......
......@@ -105,7 +105,7 @@ describe MergeRequestPresenter do
with_them do
subject { described_class.new(merge_request, current_user: user).public_send(create_feedback_path, merge_request.project) }
it { is_expected.to eq("/#{merge_request.project.full_path}/vulnerability_feedback") }
it { is_expected.to eq("/#{merge_request.project.full_path}/-/vulnerability_feedback") }
context 'when not allowed to create vulnerability feedback' do
let(:unauthorized_user) { create(:user) }
......
......@@ -12,15 +12,19 @@ describe 'EE-specific project routing' do
# project_vulnerability_feedback DELETE /:project_id/vulnerability_feedback/:id(.:format) projects/vulnerability_feedback#destroy
describe Projects::VulnerabilityFeedbackController, 'routing', type: :routing do
it "to #index" do
expect(get("/gitlab/gitlabhq/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#index', namespace_id: 'gitlab', project_id: 'gitlabhq')
expect(get("/gitlab/gitlabhq/-/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#index', namespace_id: 'gitlab', project_id: 'gitlabhq')
end
it "to #create" do
expect(post("/gitlab/gitlabhq/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#create', namespace_id: 'gitlab', project_id: 'gitlabhq')
expect(post("/gitlab/gitlabhq/-/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#create', namespace_id: 'gitlab', project_id: 'gitlabhq')
end
it "to #destroy" do
expect(delete("/gitlab/gitlabhq/vulnerability_feedback/1")).to route_to('projects/vulnerability_feedback#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1')
expect(delete("/gitlab/gitlabhq/-/vulnerability_feedback/1")).to route_to('projects/vulnerability_feedback#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1')
end
describe 'legacy routing' do
it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/vulnerability_feedback", "/gitlab/gitlabhq/-/vulnerability_feedback"
end
end
......
......@@ -208,7 +208,7 @@ describe MergeRequestWidgetEntity do
it 'has vulnerability feedback paths' do
expect(subject.as_json[:vulnerability_feedback_path]).to eq(
"/#{merge_request.project.full_path}/vulnerability_feedback"
"/#{merge_request.project.full_path}/-/vulnerability_feedback"
)
expect(subject.as_json).to include(:create_vulnerability_feedback_issue_path)
expect(subject.as_json).to include(:create_vulnerability_feedback_merge_request_path)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment