Commit 8728de58 authored by Sam Beckham's avatar Sam Beckham Committed by Kamil Trzciński

Adds the security dashboard link

parent b8d0d450
......@@ -3,6 +3,15 @@
module GroupsHelper
prepend EE::GroupsHelper
def group_overview_nav_link_paths
%w[
groups#show
groups#activity
groups#subgroups
analytics#show
]
end
def group_nav_link_paths
%w[groups#projects groups#edit badges#index ci_cd#show ldap_group_links#index hooks#index audit_events#index pipeline_quota#index]
end
......
......@@ -12,7 +12,7 @@
= @group.name
%ul.sidebar-top-level-items.qa-group-sidebar
- if group_sidebar_link?(:overview)
= nav_link(path: ['groups#show', 'groups#activity', 'groups#subgroups', 'analytics#show'], html_options: { class: 'home' }) do
= nav_link(path: group_overview_nav_link_paths, html_options: { class: 'home' }) do
= link_to group_path(@group) do
.nav-icon-container
= sprite_icon('home')
......@@ -36,13 +36,15 @@
%span
= _('Activity')
= render_if_exists 'groups/sidebar/security_dashboard'
- if group_sidebar_link?(:contribution_analytics)
= nav_link(path: 'analytics#show') do
= link_to group_analytics_path(@group), title: 'Contribution Analytics', data: {placement: 'right'} do
%span
Contribution Analytics
= render "layouts/nav/ee/epic_link", group: @group
= render_if_exists "layouts/nav/ee/epic_link", group: @group
- if group_sidebar_link?(:issues)
= nav_link(path: issues_sub_menu_items) do
......@@ -140,6 +142,6 @@
%span
= _('CI / CD')
= render "groups/ee/settings_nav"
= render_if_exists "groups/ee/settings_nav"
= render 'shared/sidebar_toggle_button'
# frozen_string_literal: true
class Groups::Security::ApplicationController < Groups::ApplicationController
before_action :ensure_security_dashboard_feature_enabled
before_action :authorize_read_group_security_dashboard!
private
def ensure_security_dashboard_feature_enabled
render_404 unless @group.feature_available?(:security_dashboard)
end
def authorize_read_group_security_dashboard!
render_403 unless can?(current_user, :read_group_security_dashboard, group)
end
end
# frozen_string_literal: true
class Groups::Security::DashboardController < Groups::ApplicationController
before_action :group
class Groups::Security::DashboardController < Groups::Security::ApplicationController
layout 'group'
# Redirecting back to the group path till the page is ready
def show
redirect_to group_path(@group)
end
end
# frozen_string_literal: true
class Groups::Security::VulnerabilitiesController < Groups::ApplicationController
before_action :ensure_security_dashboard_feature_enabled
before_action :authorize_read_group_security_dashboard!
class Groups::Security::VulnerabilitiesController < Groups::Security::ApplicationController
def index
@vulnerabilities = group.all_vulnerabilities.ordered
.page(params[:page])
......@@ -24,14 +21,4 @@ class Groups::Security::VulnerabilitiesController < Groups::ApplicationControlle
end
end
end
private
def ensure_security_dashboard_feature_enabled
render_404 unless @group.feature_available?(:security_dashboard)
end
def authorize_read_group_security_dashboard!
render_403 unless can?(current_user, :read_group_security_dashboard, group)
end
end
......@@ -2,6 +2,11 @@ module EE
module GroupsHelper
extend ::Gitlab::Utils::Override
override :group_overview_nav_link_paths
def group_overview_nav_link_paths
super + %w(groups/security/dashboard#show)
end
override :group_nav_link_paths
def group_nav_link_paths
if ::Gitlab::CurrentSettings.should_check_namespace_plan? && can?(current_user, :admin_group, @group)
......
- if can?(current_user, :read_group_security_dashboard, @group)
= nav_link(path: 'groups/security/dashboard#show') do
= link_to group_security_dashboard_path(@group), title: _('Security Dashboard') do
%span= _('Security Dashboard')
- return unless can?(current_user, :read_project_security_dashboard, @project)
= nav_link(path: 'projects/security/dashboard#show') do
= link_to project_security_dashboard_path(@project), title: _('Security Dashboard'), class: 'shortcuts-project-security-dashboard' do
%span= _('Security Dashboard')
- if can?(current_user, :read_project_security_dashboard, @project)
= nav_link(path: 'projects/security/dashboard#show') do
= link_to project_security_dashboard_path(@project), title: _('Security Dashboard'), class: 'shortcuts-project-security-dashboard' do
%span= _('Security Dashboard')
---
title: Adds the security dashboard link
merge_request: 7974
author:
type: other
......@@ -64,4 +64,26 @@ describe 'layouts/nav/sidebar/_group' do
end
end
end
describe 'security dashboard tab' do
it 'is visible when user has enough permission' do
allow(view).to receive(:can?)
.with(anything, :read_group_security_dashboard, anything)
.and_return(true)
render
expect(rendered).to have_text 'Security Dashboard'
end
it 'is not visible when user does not have enough permission' do
allow(view).to receive(:can?)
.with(anything, :read_group_security_dashboard, anything)
.and_return(false)
render
expect(rendered).not_to have_text 'Security Dashboard'
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment