Merge branch '5953-display_dismissal_pipeline_and_author' into 'master'

Display pipeline and author of dismissal in vulnerability modal

Closes #5953

See merge request gitlab-org/gitlab-ee!5815

ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue

@@ -20,6 +20,11 @@ export default {
         ? s__('ciReport|Revert dismissal')
         : s__('ciReport|Dismiss vulnerability');
     },
+    hasDismissedBy() {
+      return this.modal.vulnerability.dismissalFeedback &&
+        this.modal.vulnerability.dismissalFeedback.pipeline &&
+        this.modal.vulnerability.dismissalFeedback.author;
+    },
   },
   methods: {
     ...mapActions(['dismissIssue', 'revertDismissIssue', 'createNewIssue']),
@@ -112,6 +117,20 @@ export default {
 
       <div class="row prepend-top-20 append-bottom-10">
         <div class="col-sm-10 col-sm-offset-2 text-secondary">
+          <template v-if="hasDismissedBy">
+            {{ s__('ciReport|Dismissed by') }}
+            <a
+              :href="modal.vulnerability.dismissalFeedback.author.web_url"
+              class="pipeline-id"
+            >
+              @{{ modal.vulnerability.dismissalFeedback.author.username }}
+            </a>
+            {{ s__('ciReport|on pipeline') }}
+            <a
+              :href="modal.vulnerability.dismissalFeedback.pipeline.path"
+              class="pipeline-id"
+            >#{{ modal.vulnerability.dismissalFeedback.pipeline.id }}</a>.
+          </template>
           <a
             class="js-link-vulnerabilityFeedbackHelpPath"
             :href="vulnerabilityFeedbackHelpPath"

ee/app/models/vulnerability_feedback.rb

@@ -17,5 +17,5 @@ class VulnerabilityFeedback < ActiveRecord::Base
   validates :category, presence: true
   validates :project_fingerprint, presence: true, uniqueness: { scope: [:project_id, :category, :feedback_type] }
 
-  scope :with_associations, -> { includes(:pipeline, :issue) }
+  scope :with_associations, -> { includes(:pipeline, :issue, :author) }
 end

ee/app/serializers/vulnerability_feedback_entity.rb

@@ -4,9 +4,17 @@ class VulnerabilityFeedbackEntity < Grape::Entity
 
   expose :id
   expose :project_id
-  expose :author_id
+  expose :author, using: UserEntity
   expose :issue_id
-  expose :pipeline_id
+  expose :pipeline, if: -> (feedback, _) { feedback.pipeline.present? } do
+    expose :id do |feedback|
+      feedback.pipeline.id
+    end
+
+    expose :path do |feedback|
+      project_pipeline_path(feedback.pipeline.project, feedback.pipeline)
+    end
+  end
 
   expose :issue_url, if: -> (feedback, _) { feedback.issue? } do |feedback|
     project_issue_url(feedback.project, feedback.issue)

ee/spec/fixtures/api/schemas/vulnerability_feedback.json

@@ -3,7 +3,7 @@
   "required" : [
     "id",
     "project_id",
-    "author_id",
+    "author",
     "feedback_type",
     "category",
     "project_fingerprint"
@@ -11,8 +11,11 @@
   "properties" : {
     "id": { "type": "integer" },
     "project_id": { "type": "integer" },
-    "author_id": { "type": "integer" },
-    "pipeline_id": { "type": ["integer", "null"] },
+    "author": { "$ref": "../../../../../spec/fixtures/api/schemas/entities/user.json" },
+    "pipeline": {
+      "id": { "type": ["integer", "null"] },
+      "path": { "type": ["string", "null"] }
+    },
     "issue_id": { "type": ["integer", "null"] },
     "issue_url": { "type": ["string", "null"] },
     "feedback_type": {

locale/gitlab.pot

@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gitlab 1.0.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-05-29 11:32+0200\n"
-"PO-Revision-Date: 2018-05-29 11:32+0200\n"
+"POT-Creation-Date: 2018-05-30 10:16-0400\n"
+"PO-Revision-Date: 2018-05-30 10:16-0400\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
@@ -5889,6 +5889,9 @@ msgstr ""
 msgid "ciReport|Dismiss vulnerability"
 msgstr ""
 
+msgid "ciReport|Dismissed by"
+msgstr ""
+
 msgid "ciReport|Dynamic Application Security Testing (DAST) detects known vulnerabilities in your web application."
 msgstr ""
 
@@ -5982,6 +5985,9 @@ msgstr ""
 msgid "ciReport|no vulnerabilities"
 msgstr ""
 
+msgid "ciReport|on pipeline"
+msgstr ""
+
 msgid "command line instructions"
 msgstr ""
 

spec/javascripts/vue_shared/security_reports/components/modal_spec.js

@@ -31,14 +31,19 @@ describe('Security Reports modal', () => {
         path: 'Gemfile.lock',
         urlPath: 'path/Gemfile.lock',
         isDismissed: true,
-        vulnerability_feedback: {
-          vulnerability_data: {
-            tool: 'bundler_audit',
-            message: 'Arbitrary file existence disclosure in Action Pack',
-            url: 'https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk',
-            cve: 'CVE-2016-9999',
-            file: 'Gemfile.lock',
-            solution: 'upgrade to ~> 3.2.21, ~> 4.0.11.1, ~> 4.0.12, ~> 4.1.7.1, >= 4.1.8',
+        dismissalFeedback: {
+          id: 1,
+          category: 'sast',
+          feedback_type: 'dismissal',
+          issue_id: null,
+          author: {
+            name: 'John Smith',
+            username: 'jsmith',
+            web_url: 'https;//gitlab.com/user1',
+          },
+          pipeline: {
+            id: 123,
+            path: '/jsmith/awesome-project/pipelines/123',
           },
         },
       });
@@ -48,6 +53,11 @@ describe('Security Reports modal', () => {
       });
     });
 
+    it('renders dismissal author and associated pipeline', () => {
+      expect(vm.$el.textContent.trim()).toContain('@jsmith');
+      expect(vm.$el.textContent.trim()).toContain('#123');
+    });
+
     it('renders button to revert dismissal', () => {
       expect(vm.$el.querySelector('.js-dismiss-btn').textContent.trim()).toEqual(
         'Revert dismissal',