Re-organize the vulnerability export endpoints

Moved the existing endpoints under `/security` namespace and removed the project namespace from vulnerability_export lookup endpoints as we we are going to use the same for the instance level vulnerability report exports.

Re-organize the vulnerability export endpoints
Moved the existing endpoints under `/security` namespace and removed the project namespace from vulnerability_export lookup endpoints as we we are going to use the same for the instance level vulnerability report exports.
65f5c819 · Mehmet Emin INAC · 706b9e77 · 65f5c819 · 65f5c819 · 65f5c819
Commit 65f5c819 authored Apr 24, 2020 by Mehmet Emin INAC
8 changed files
--- a/ee/app/helpers/ee/projects_helper.rb
+++ b/ee/app/helpers/ee/projects_helper.rb
@@ -248,7 +248,7 @@ module EE
    def project_vulnerabilities_config(project)
      return {} unless first_class_vulnerabilities_available?(project)

-      { vulnerabilities_export_endpoint: api_v4_projects_vulnerability_exports_path(id: project.id) }
+      { vulnerabilities_export_endpoint: api_v4_security_projects_vulnerability_exports_path(id: project.id) }
    end

    def can_create_feedback?(project, feedback_type)

--- a/ee/app/views/projects/pipelines/_tabs_content.html.haml
+++ b/ee/app/views/projects/pipelines/_tabs_content.html.haml
@@ -4,7 +4,7 @@
 - license_management_settings_path = can?(current_user, :admin_software_license_policy, project) ? license_management_settings_path(project) : nil
 - licenses_api_path = licenses_project_pipeline_path(project, pipeline) if project.feature_available?(:license_management)
 - vulnerabilities_endpoint_path = expose_path(api_v4_projects_vulnerability_findings_path(id: project.id, params: { pipeline_id: pipeline.id, scope: 'dismissed' }))
- vulnerability_exports_endpoint_path = expose_path(api_v4_projects_vulnerability_exports_path(id: project.id))
+- vulnerability_exports_endpoint_path = expose_path(api_v4_security_projects_vulnerability_exports_path(id: project.id))
 - codequality_report_download_path = pipeline.downloadable_path_for_report_type(:codequality)

 - if pipeline.expose_security_dashboard?

--- a/ee/app/views/projects/security/vulnerabilities/index.html.haml
+++ b/ee/app/views/projects/security/vulnerabilities/index.html.haml
@@ -7,7 +7,7 @@

  #app{ data: { empty_state_svg_path: image_path('illustrations/security-dashboard_empty.svg'),
    vulnerabilities_endpoint: expose_path(api_v4_projects_vulnerabilities_path(id: @project.id)),
-    vulnerability_exports_endpoint: expose_path(api_v4_projects_vulnerability_exports_path(id: @project.id)),
+    vulnerability_exports_endpoint: expose_path(api_v4_security_projects_vulnerability_exports_path(id: @project.id)),
    project_full_path: @project.full_path,
    dashboard_documentation: help_page_path('user/application_security/security_dashboard/index') } }
    -# Display table loading animation while Vue app loads

--- a/ee/lib/api/vulnerability_exports.rb
+++ b/ee/lib/api/vulnerability_exports.rb
@@ -8,35 +8,11 @@ module API
    helpers do
      def vulnerability_export
        strong_memoize(:vulnerability_export) do
-          user_project.vulnerability_exports.find(params[:export_id])
+          ::Vulnerabilities::Export.find(params[:id])
        end
      end
-    end
-
-    before do
-      authenticate!
-    end
-
-    params do
-      requires :id, type: String, desc: 'The ID of a project'
-    end
-    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
-      params do
-        optional :export_format, type: String, desc: 'The format of export to be generated',
-                 default: ::Vulnerabilities::Export.formats.each_key.first,
-                 values: ::Vulnerabilities::Export.formats.keys
-      end
-      desc 'Generate an export of project vulnerability findings' do
-        success EE::API::Entities::VulnerabilityExport
-      end
-
-      before do
-        not_found! unless Feature.enabled?(:first_class_vulnerabilities, user_project)
-      end
-
-      post ':id/vulnerability_exports' do
-        authorize! :create_vulnerability_export, user_project

+      def process_create_request_for(exportable)
        vulnerability_export = ::VulnerabilityExports::CreateService.new(
          user_project, current_user, format: params[:export_format]
        ).execute
@@ -48,11 +24,39 @@ module API
          render_validation_error!(vulnerability_export)
        end
      end
+    end
+
+    before do
+      authenticate!
+    end
+
+    namespace :security do
+      resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
+        params do
+          requires :id, type: String, desc: 'The ID of a project'
+          optional :export_format, type: String, desc: 'The format of export to be generated',
+                   default: ::Vulnerabilities::Export.formats.each_key.first,
+                   values: ::Vulnerabilities::Export.formats.keys
+        end
+        desc 'Generate an export of project vulnerability findings' do
+          success EE::API::Entities::VulnerabilityExport
+        end
+
+        before do
+          not_found! unless Feature.enabled?(:first_class_vulnerabilities, user_project)
+        end
+
+        post ':id/vulnerability_exports' do
+          authorize! :create_vulnerability_export, user_project
+
+          process_create_request_for(user_project)
+        end
+      end

      desc 'Get single project vulnerability export' do
        success EE::API::Entities::VulnerabilityExport
      end
-      get ':id/vulnerability_exports/:export_id' do
+      get 'vulnerability_exports/:id' do
        authorize! :read_vulnerability_export, vulnerability_export

        unless vulnerability_export.completed?
@@ -65,7 +69,7 @@ module API
      end

      desc 'Download single project vulnerability export'
-      get ':id/vulnerability_exports/:export_id/download' do
+      get 'vulnerability_exports/:id/download' do
        authorize! :read_vulnerability_export, vulnerability_export

        if vulnerability_export.finished?

--- a/ee/lib/ee/api/entities/vulnerability_export.rb
+++ b/ee/lib/ee/api/entities/vulnerability_export.rb
@@ -16,11 +16,11 @@ module EE

        expose :_links do
          expose :self do |export|
-            expose_url api_v4_projects_vulnerability_exports_path(id: export.project_id, export_id: export.id)
+            expose_url api_v4_security_vulnerability_exports_path(id: export.id)
          end

          expose :download do |export|
-            expose_url api_v4_projects_vulnerability_exports_download_path(id: export.project_id, export_id: export.id)
+            expose_url api_v4_security_vulnerability_exports_download_path(id: export.id)
          end
        end
      end

--- a/ee/spec/helpers/projects_helper_spec.rb
+++ b/ee/spec/helpers/projects_helper_spec.rb
@@ -134,7 +134,7 @@ describe ProjectsHelper do
        it 'checks if first vulnerability class is enabled' do
          expect(subject[:vulnerabilities_export_endpoint]).to(
            eq(
-              api_v4_projects_vulnerability_exports_path(id: project.id)
+              api_v4_security_projects_vulnerability_exports_path(id: project.id)
            ))
        end
      end

--- a/ee/spec/lib/ee/api/entities/vulnerability_export_spec.rb
+++ b/ee/spec/lib/ee/api/entities/vulnerability_export_spec.rb
@@ -18,8 +18,8 @@ describe ::EE::API::Entities::VulnerabilityExport do
      expect(subject[:status]).to eq(vulnerability_export.status)
      expect(subject[:started_at]).to eq(vulnerability_export.started_at)
      expect(subject[:finished_at]).to eq(vulnerability_export.finished_at)
-      expect(subject[:_links][:self]).to end_with("api/v4/projects/#{vulnerability_export.project_id}/vulnerability_exports/#{vulnerability_export.id}")
-      expect(subject[:_links][:download]).to end_with("api/v4/projects/#{vulnerability_export.project_id}/vulnerability_exports/#{vulnerability_export.id}/download")
+      expect(subject[:_links][:self]).to end_with("api/v4/security/vulnerability_exports/#{vulnerability_export.id}")
+      expect(subject[:_links][:download]).to end_with("api/v4/security/vulnerability_exports/#{vulnerability_export.id}/download")
    end
  end
 end
--- a/ee/spec/requests/api/vulnerability_exports_spec.rb
+++ b/ee/spec/requests/api/vulnerability_exports_spec.rb
@@ -12,13 +12,11 @@ describe API::VulnerabilityExports do
  let_it_be(:user) { create(:user) }
  let_it_be(:project) { create(:project, :with_vulnerability) }

-  let(:project_vulnerability_exports_path) { "/projects/#{project.id}/vulnerability_exports" }
-  let(:project_vulnerability_export_path) { "#{project_vulnerability_exports_path}/#{vulnerability_export.id}" }
-
-  describe 'POST /projects/:id/vulnerability_exports' do
+  describe 'POST /security/projects/:id/vulnerability_exports' do
    let(:format) { 'csv' }
+    let(:request_path) { "/security/projects/#{project.id}/vulnerability_exports" }

-    subject(:create_vulnerability_export) { post api(project_vulnerability_exports_path, user), params: { export_format: format } }
+    subject(:create_vulnerability_export) { post api(request_path, user), params: { export_format: format } }

    context 'with an authorized user with proper permissions' do
      before do
@@ -73,10 +71,12 @@ describe API::VulnerabilityExports do
    end
  end

-  describe 'GET /projects/:id/vulnerability_exports/:export_id' do
+  describe 'GET /security/vulnerability_exports/:id' do
    let_it_be(:vulnerability_export) { create(:vulnerability_export, :finished, :csv, :with_csv_file, project: project, author: user) }

-    subject(:get_vulnerability_export) { get api(project_vulnerability_export_path, user) }
+    let(:request_path) { "/security/vulnerability_exports/#{vulnerability_export.id}" }
+
+    subject(:get_vulnerability_export) { get api(request_path, user) }

    context 'with an authorized user with proper permissions' do
      before do
@@ -116,8 +116,6 @@ describe API::VulnerabilityExports do
          expect(response.headers['Poll-Interval']).to eq '5000'
        end
      end
-
-      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

    describe 'permissions' do
@@ -140,10 +138,11 @@ describe API::VulnerabilityExports do
    end
  end

-  describe 'GET /projects/:id/vulnerability_exports/:export_id/download' do
+  describe 'GET /security/vulnerability_exports/:id/download' do
    let!(:vulnerability_export) { create(:vulnerability_export, :finished, :csv, :with_csv_file, project: project, author: user) }
+    let(:request_path) { "/security/vulnerability_exports/#{vulnerability_export.id}/download" }

-    subject(:download_vulnerability_export) { get api("#{project_vulnerability_export_path}/download", user) }
+    subject(:download_vulnerability_export) { get api(request_path, user) }

    context 'with an authorized user with proper permissions' do
      before do
@@ -181,8 +180,6 @@ describe API::VulnerabilityExports do
          expect(response.headers['Poll-Interval']).to be_blank
        end
      end
-
-      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

    describe 'permissions' do