Commit 99f76f7c authored by Phil Hughes's avatar Phil Hughes

Merge branch '199222-standalone-vulnerability-urls_2' into 'master'

Moves the standalone vulnerabilities url to `/vulnerabilities/[id]`"

See merge request gitlab-org/gitlab!24777
parents 3aab6078 f45f6ede
......@@ -15,14 +15,6 @@ module Projects
@pipeline = @project.latest_pipeline_with_security_reports
&.present(current_user: current_user)
end
def show
return render_404 unless Feature.enabled?(:first_class_vulnerabilities, project)
@vulnerability = project.vulnerabilities.find(params[:id])
pipeline = @vulnerability.finding.pipelines.first
@pipeline = pipeline if Ability.allowed?(current_user, :read_pipeline, pipeline)
end
end
end
end
......@@ -12,6 +12,14 @@ module Projects
@vulnerabilities = project.vulnerabilities.page(params[:page])
end
def show
return render_404 unless Feature.enabled?(:first_class_vulnerabilities, project)
@vulnerability = project.vulnerabilities.find(params[:id])
pipeline = @vulnerability.finding.pipelines.first
@pipeline = pipeline if Ability.allowed?(current_user, :read_pipeline, pipeline)
end
end
end
end
......@@ -40,7 +40,7 @@ module EE
end
def vulnerability_path(entity, *args)
project_security_dashboard_path(entity.project, entity, *args)
project_security_vulnerability_path(entity.project, entity, *args)
end
def self.url_helper(route_name)
......
- @content_class = "limit-container-width" unless fluid_layout
- add_to_breadcrumbs _("Security Dashboard"), project_security_dashboard_index_path(@project)
- add_to_breadcrumbs _("Vulnerability List"), project_security_vulnerabilities_path(@project)
- breadcrumb_title @vulnerability.id
- page_title @vulnerability.title
- page_description @vulnerability.description
......
---
title: Changes the standalone vulnerabilty endpoint
merge_request: 24777
author:
type: changed
......@@ -78,7 +78,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
get :summary, on: :collection
end
resources :dashboard, only: [:show, :index], controller: :dashboard
resources :dashboard, only: [:index], controller: :dashboard
resource :configuration, only: [:show], controller: :configuration
resource :discover, only: [:show], controller: :discover
......@@ -88,7 +88,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
end
end
resources :vulnerabilities, only: [:index]
resources :vulnerabilities, only: [:show, :index]
end
namespace :analytics do
......
......@@ -68,56 +68,4 @@ describe Projects::Security::DashboardController do
end
end
end
describe 'GET #show' do
let_it_be(:pipeline) { create(:ci_pipeline, sha: project.commit.id, project: project, user: user) }
let_it_be(:vulnerability) { create(:vulnerability, project: project) }
render_views
def show_vulnerability
sign_in(user)
get :show, params: { namespace_id: project.namespace, project_id: project, id: vulnerability.id }
end
context "when there's an attached pipeline" do
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline]) }
it 'renders the vulnerability page' do
show_vulnerability
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:show)
expect(response.body).to have_text(vulnerability.title)
end
it 'renders the time pipeline ran' do
show_vulnerability
expect(response.body).to have_css("#js-pipeline-created")
end
end
context "when there's no attached pipeline" do
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
it 'renders the time the vulnerability was created' do
show_vulnerability
expect(response.body).to have_css("#js-vulnerability-created")
end
end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(first_class_vulnerabilities: false)
end
it 'renders the 404 page' do
show_vulnerability
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
......@@ -77,4 +77,56 @@ describe Projects::Security::VulnerabilitiesController do
end
end
end
describe 'GET #show' do
let_it_be(:pipeline) { create(:ci_pipeline, sha: project.commit.id, project: project, user: user) }
let_it_be(:vulnerability) { create(:vulnerability, project: project) }
render_views
def show_vulnerability
sign_in(user)
get :show, params: { namespace_id: project.namespace, project_id: project, id: vulnerability.id }
end
context "when there's an attached pipeline" do
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline]) }
it 'renders the vulnerability page' do
show_vulnerability
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:show)
expect(response.body).to have_text(vulnerability.title)
end
it 'renders the time pipeline ran' do
show_vulnerability
expect(response.body).to have_css("#js-pipeline-created")
end
end
context "when there's no attached pipeline" do
let_it_be(:finding) { create(:vulnerabilities_occurrence, vulnerability: vulnerability) }
it 'renders the time the vulnerability was created' do
show_vulnerability
expect(response.body).to have_css("#js-vulnerability-created")
end
end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(first_class_vulnerabilities: false)
end
it 'renders the 404 page' do
show_vulnerability
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment