Add Threat Monitoring skeleton page

Part of [WAF statistics reporting][1]. This adds: - A skeleton page and sidebar nav link for WAF statistics reporting - `threat_monitoring` GitLab Ultimate feature - `threat_monitoring` feature flag (disabled by default) - Additional unit tests for the EE projects helper [1]: https://gitlab.com/gitlab-org/gitlab/issues/14707

Add Threat Monitoring skeleton page
Part of [WAF statistics reporting][1]. This adds: - A skeleton page and sidebar nav link for WAF statistics reporting - `threat_monitoring` GitLab Ultimate feature - `threat_monitoring` feature flag (disabled by default) - Additional unit tests for the EE projects helper [1]: https://gitlab.com/gitlab-org/gitlab/issues/14707
d702f940 · Mark Florian · Dmitriy Zaporozhets · 71da2ba2 · d702f940 · d702f940
Commit d702f940 authored Dec 12, 2019 by Mark Florian Committed by Dmitriy Zaporozhets Dec 12, 2019
11 changed files
--- a/ee/app/controllers/projects/threat_monitoring_controller.rb
+++ b/ee/app/controllers/projects/threat_monitoring_controller.rb
+# frozen_string_literal: true
+module Projects
+  class ThreatMonitoringController < Projects::ApplicationController
+    before_action :authorize_read_threat_monitoring!
+    before_action only: [:show] do
+      push_frontend_feature_flag(:threat_monitoring)
+    end
+  end
+end
--- a/ee/app/helpers/ee/projects_helper.rb
+++ b/ee/app/helpers/ee/projects_helper.rb
@@ -49,6 +49,10 @@ module EE
        nav_tabs << :licenses
      end
+      if can?(current_user, :read_threat_monitoring, project)
+        nav_tabs << :threat_monitoring
+      end
      if ::Gitlab.config.packages.enabled &&
          project.feature_available?(:packages) &&
          can?(current_user, :read_package, project)
@@ -145,6 +149,7 @@ module EE
        projects/security/dashboard#show
        projects/dependencies#show
        projects/licenses#show
+        projects/threat_monitoring#show
      ]
    end

--- a/ee/app/models/license.rb
+++ b/ee/app/models/license.rb
@@ -120,6 +120,7 @@ class License < ApplicationRecord
    report_approver_rules
    sast
    security_dashboard
+    threat_monitoring
    tracing
    web_ide_terminal
  ]

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -80,6 +80,11 @@ module EE
        @subject.feature_available?(:dependency_scanning)
      end
+      with_scope :subject
+      condition(:threat_monitoring_enabled) do
+        @subject.beta_feature_available?(:threat_monitoring)
+      end
      with_scope :subject
      condition(:feature_flags_disabled) do
        !@subject.feature_available?(:feature_flags)
@@ -168,6 +173,8 @@ module EE
        enable :admin_vulnerability
      end
+      rule { threat_monitoring_enabled & (auditor | can?(:developer_access)) }.enable :read_threat_monitoring
      rule { can?(:read_project) & (can?(:read_merge_request) | can?(:read_build)) }.enable :read_vulnerability_feedback
      rule { dependency_scanning_enabled & can?(:download_code) }.enable :read_dependencies

--- a/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
+++ b/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
@@ -37,3 +37,8 @@
      = nav_link(path: 'projects/security/configuration#show') do
        = link_to project_security_configuration_path(@project), title: _('Configuration'), data: { qa_selector: 'security_configuration_link'} do
          %span= _('Configuration')
+    - if project_nav_tab?(:threat_monitoring)
+      = nav_link(path: 'projects/threat_monitoring#show') do
+        = link_to project_threat_monitoring_path(@project), title: _('Threat Monitoring') do
+          %span= _('Threat Monitoring')
--- a/ee/app/views/projects/threat_monitoring/show.html.haml
+++ b/ee/app/views/projects/threat_monitoring/show.html.haml
+- breadcrumb_title _("Threat Monitoring")
+- page_title _("Threat Monitoring")
+#js-threat-monitoring-app
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -70,6 +70,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
          resources :licenses, only: [:index, :create, :update]
        end
+        resource :threat_monitoring, only: [:show], controller: :threat_monitoring
        resources :logs, only: [:index] do
          collection do
            get :k8s

--- a/ee/spec/controllers/projects/threat_monitoring_controller_spec.rb
+++ b/ee/spec/controllers/projects/threat_monitoring_controller_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe Projects::ThreatMonitoringController do
+  set(:project) { create(:project, :repository, :private) }
+  set(:user) { create(:user) }
+  subject { get :show, params: { namespace_id: project.namespace, project_id: project } }
+  describe 'GET show' do
+    context 'with authorized user' do
+      before do
+        project.add_developer(user)
+        sign_in(user)
+      end
+      context 'when feature is available' do
+        before do
+          stub_licensed_features(threat_monitoring: true)
+        end
+        it 'renders the show template' do
+          subject
+          expect(response).to have_gitlab_http_status(200)
+          expect(response).to render_template(:show)
+        end
+      end
+      context 'when feature is not available' do
+        before do
+          stub_feature_flags(threat_monitoring: false)
+          stub_licensed_features(threat_monitoring: false)
+        end
+        it 'returns 404' do
+          subject
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+    end
+    context 'with unauthorized user' do
+      before do
+        sign_in(user)
+      end
+      context 'when feature is available' do
+        before do
+          stub_licensed_features(threat_monitoring: true)
+        end
+        it 'returns 404' do
+          subject
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+    end
+    context 'with anonymous user' do
+      it 'returns 302' do
+        subject
+        expect(response).to have_gitlab_http_status(302)
+        expect(response).to redirect_to(new_user_session_path)
+      end
+    end
+  end
+end
--- a/ee/spec/helpers/projects_helper_spec.rb
+++ b/ee/spec/helpers/projects_helper_spec.rb
@@ -155,4 +155,49 @@ describe ProjectsHelper do
      end
    end
  end
+  describe '#get_project_nav_tabs' do
+    using RSpec::Parameterized::TableSyntax
+    where(:ability, :nav_tab) do
+      :read_dependencies               | :dependencies
+      :read_feature_flag               | :operations
+      :read_licenses                   | :licenses
+      :read_project_security_dashboard | :security
+      :read_threat_monitoring          | :threat_monitoring
+    end
+    with_them do
+      let(:project) { create(:project) }
+      let(:user)    { create(:user) }
+      before do
+        allow(helper).to receive(:can?) { false }
+      end
+      subject do
+        helper.send(:get_project_nav_tabs, project, user)
+      end
+      context 'when the feature is disabled' do
+        before do
+          allow(helper).to receive(:can?).with(user, ability, project).and_return(false)
+        end
+        it 'does not include the nav tab' do
+          is_expected.not_to include(nav_tab)
+        end
+      end
+      context 'when threat monitoring is enabled' do
+        before do
+          allow(helper).to receive(:can?).with(user, ability, project).and_return(true)
+        end
+        it 'includes the nav tab' do
+          is_expected.to include(nav_tab)
+        end
+      end
+    end
+  end
 end
--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -50,6 +50,7 @@ describe ProjectPolicy do
        create_merge_request_in award_emoji
        read_project_security_dashboard read_vulnerability
        read_vulnerability_feedback read_security_findings read_software_license_policy
+        read_threat_monitoring
      ]
    end
@@ -65,7 +66,7 @@ describe ProjectPolicy do
      let(:current_user) { create(:user, :auditor) }
      before do
-        stub_licensed_features(security_dashboard: true, license_management: true)
+        stub_licensed_features(security_dashboard: true, license_management: true, threat_monitoring: true)
      end
      context 'who is not a team member' do
@@ -550,6 +551,58 @@ describe ProjectPolicy do
    end
  end
+  describe 'read_threat_monitoring' do
+    context 'when threat monitoring feature is available' do
+      before do
+        stub_feature_flags(threat_monitoring: true)
+        stub_licensed_features(threat_monitoring: true)
+      end
+      context 'with developer or higher role' do
+        where(role: %w[admin owner maintainer developer])
+        with_them do
+          let(:current_user) { public_send(role) }
+          it { is_expected.to be_allowed(:read_threat_monitoring) }
+        end
+      end
+      context 'with less than developer role' do
+        where(role: %w[reporter guest])
+        with_them do
+          let(:current_user) { public_send(role) }
+          it { is_expected.to be_disallowed(:read_threat_monitoring) }
+        end
+      end
+      context 'with not member' do
+        let(:current_user) { create(:user) }
+        it { is_expected.to be_disallowed(:read_threat_monitoring) }
+      end
+      context 'with anonymous' do
+        let(:current_user) { nil }
+        it { is_expected.to be_disallowed(:read_threat_monitoring) }
+      end
+    end
+    context 'when threat monitoring feature is not available' do
+      let(:current_user) { admin }
+      before do
+        stub_feature_flags(threat_monitoring: false)
+        stub_licensed_features(threat_monitoring: false)
+      end
+      it { is_expected.to be_disallowed(:read_threat_monitoring) }
+    end
+  end
  describe 'read_package' do
    context 'with admin' do
      let(:current_user) { admin }

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -18254,6 +18254,9 @@ msgstr ""
 msgid "Those emails automatically become issues (with the comments becoming the email conversation) listed here."
 msgstr ""
+msgid "Threat Monitoring"
+msgstr ""
 msgid "Thursday"
 msgstr ""