Merge branch '199222-standalone-vulnerability-urls_2' into 'master'

Moves the standalone vulnerabilities url to `/vulnerabilities/[id]`" See merge request gitlab-org/gitlab!24777

Merge branch '199222-standalone-vulnerability-urls_2' into 'master'
Moves the standalone vulnerabilities url to `/vulnerabilities/[id]`" See merge request gitlab-org/gitlab!24777
99f76f7c · Phil Hughes · 3aab6078 · f45f6ede · 99f76f7c · 99f76f7c
Commit 99f76f7c authored Feb 14, 2020 by Phil Hughes
8 changed files
--- a/ee/app/controllers/projects/security/dashboard_controller.rb
+++ b/ee/app/controllers/projects/security/dashboard_controller.rb
@@ -15,14 +15,6 @@ module Projects
        @pipeline = @project.latest_pipeline_with_security_reports
          &.present(current_user: current_user)
      end
-
-      def show
-        return render_404 unless Feature.enabled?(:first_class_vulnerabilities, project)
-
-        @vulnerability = project.vulnerabilities.find(params[:id])
-        pipeline = @vulnerability.finding.pipelines.first
-        @pipeline = pipeline if Ability.allowed?(current_user, :read_pipeline, pipeline)
-      end
    end
  end
 end
--- a/ee/app/controllers/projects/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/projects/security/vulnerabilities_controller.rb
@@ -12,6 +12,14 @@ module Projects

        @vulnerabilities = project.vulnerabilities.page(params[:page])
      end
+
+      def show
+        return render_404 unless Feature.enabled?(:first_class_vulnerabilities, project)
+
+        @vulnerability = project.vulnerabilities.find(params[:id])
+        pipeline = @vulnerability.finding.pipelines.first
+        @pipeline = pipeline if Ability.allowed?(current_user, :read_pipeline, pipeline)
+      end
    end
  end
 end
--- a/ee/app/helpers/ee/gitlab_routing_helper.rb
+++ b/ee/app/helpers/ee/gitlab_routing_helper.rb
@@ -40,7 +40,7 @@ module EE
    end

    def vulnerability_path(entity, *args)
-      project_security_dashboard_path(entity.project, entity, *args)
+      project_security_vulnerability_path(entity.project, entity, *args)
    end

    def self.url_helper(route_name)

--- a/ee/app/views/projects/security/dashboard/show.html.haml
+++ b/ee/app/views/projects/security/dashboard/show.html.haml
 - @content_class = "limit-container-width" unless fluid_layout
- add_to_breadcrumbs _("Security Dashboard"), project_security_dashboard_index_path(@project)
+- add_to_breadcrumbs _("Vulnerability List"), project_security_vulnerabilities_path(@project)
 - breadcrumb_title @vulnerability.id
 - page_title @vulnerability.title
 - page_description @vulnerability.description

--- a/ee/changelogs/unreleased/199222-standalone-vulnerability-urls_2.yml
+++ b/ee/changelogs/unreleased/199222-standalone-vulnerability-urls_2.yml
+---
+title: Changes the standalone vulnerabilty endpoint
+merge_request: 24777
+author:
+type: changed
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -78,7 +78,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
            get :summary, on: :collection
          end

-          resources :dashboard, only: [:show, :index], controller: :dashboard
+          resources :dashboard, only: [:index], controller: :dashboard
          resource :configuration, only: [:show], controller: :configuration
          resource :discover, only: [:show], controller: :discover

@@ -88,7 +88,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
            end
          end

-          resources :vulnerabilities, only: [:index]
+          resources :vulnerabilities, only: [:show, :index]
        end

        namespace :analytics do

--- a/ee/spec/controllers/projects/security/dashboard_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/dashboard_controller_spec.rb
@@ -68,56 +68,4 @@ describe Projects::Security::DashboardController do
      end
    end
  end
-
-  describe 'GET #show' do
-    let_it_be(:pipeline) { create(:ci_pipeline, sha: project.commit.id, project: project, user: user) }
-    let_it_be(:vulnerability) { create(:vulnerability, project: project) }
-
-    render_views
-
-    def show_vulnerability
-      sign_in(user)
-      get :show, params: { namespace_id: project.namespace, project_id: project, id: vulnerability.id }
-    end
-
-    context "when there's an attached pipeline" do
-      let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline]) }
-
-      it 'renders the vulnerability page' do
-        show_vulnerability
-
-        expect(response).to have_gitlab_http_status(:ok)
-        expect(response).to render_template(:show)
-        expect(response.body).to have_text(vulnerability.title)
-      end
-
-      it 'renders the time pipeline ran' do
-        show_vulnerability
-
-        expect(response.body).to have_css("#js-pipeline-created")
-      end
-    end
-
-    context "when there's no attached pipeline" do
-      let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
-
-      it 'renders the time the vulnerability was created' do
-        show_vulnerability
-
-        expect(response.body).to have_css("#js-vulnerability-created")
-      end
-    end
-
-    context 'when the feature flag is disabled' do
-      before do
-        stub_feature_flags(first_class_vulnerabilities: false)
-      end
-
-      it 'renders the 404 page' do
-        show_vulnerability
-
-        expect(response).to have_gitlab_http_status(:not_found)
-      end
-    end
-  end
 end
--- a/ee/spec/controllers/projects/security/vulnerabilities_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/vulnerabilities_controller_spec.rb
@@ -77,4 +77,56 @@ describe Projects::Security::VulnerabilitiesController do
      end
    end
  end
+
+  describe 'GET #show' do
+    let_it_be(:pipeline) { create(:ci_pipeline, sha: project.commit.id, project: project, user: user) }
+    let_it_be(:vulnerability) { create(:vulnerability, project: project) }
+
+    render_views
+
+    def show_vulnerability
+      sign_in(user)
+      get :show, params: { namespace_id: project.namespace, project_id: project, id: vulnerability.id }
+    end
+
+    context "when there's an attached pipeline" do
+      let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline]) }
+
+      it 'renders the vulnerability page' do
+        show_vulnerability
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to render_template(:show)
+        expect(response.body).to have_text(vulnerability.title)
+      end
+
+      it 'renders the time pipeline ran' do
+        show_vulnerability
+
+        expect(response.body).to have_css("#js-pipeline-created")
+      end
+    end
+
+    context "when there's no attached pipeline" do
+      let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
+
+      it 'renders the time the vulnerability was created' do
+        show_vulnerability
+
+        expect(response.body).to have_css("#js-vulnerability-created")
+      end
+    end
+
+    context 'when the feature flag is disabled' do
+      before do
+        stub_feature_flags(first_class_vulnerabilities: false)
+      end
+
+      it 'renders the 404 page' do
+        show_vulnerability
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+  end
 end