Merge branch 'tt_842-security-newsletter-prompt' into 'master'

Admin Dash - Security Newsletter Callout

See merge request gitlab-org/gitlab!71317

app/assets/javascripts/persistent_user_callouts.js

@@ -9,6 +9,7 @@ const PERSISTENT_USER_CALLOUTS = [
   '.js-registration-enabled-callout',
   '.js-new-user-signups-cap-reached',
   '.js-eoa-bronze-plan-banner',
+  '.js-security-newsletter-callout',
 ];
 
 const initCallouts = () => {

app/helpers/user_callouts_helper.rb

@@ -10,6 +10,7 @@ module UserCalloutsHelper
   REGISTRATION_ENABLED_CALLOUT = 'registration_enabled_callout'
   UNFINISHED_TAG_CLEANUP_CALLOUT = 'unfinished_tag_cleanup_callout'
   INVITE_MEMBERS_BANNER = 'invite_members_banner'
+  SECURITY_NEWSLETTER_CALLOUT = 'security_newsletter_callout'
 
   def show_gke_cluster_integration_callout?(project)
     active_nav_link?(controller: sidebar_operations_paths) &&
@@ -64,6 +65,11 @@ module UserCalloutsHelper
       !multiple_members?(group)
   end
 
+  def show_security_newsletter_user_callout?
+    current_user&.admin? &&
+    !user_dismissed?(SECURITY_NEWSLETTER_CALLOUT)
+  end
+
   private
 
   def user_dismissed?(feature_name, ignore_dismissal_earlier_than = nil)

app/models/user_callout.rb

@@ -36,7 +36,8 @@ class UserCallout < ApplicationRecord
     trial_status_reminder_d3: 35,              # EE-only
     security_configuration_devops_alert: 36,   # EE-only
     profile_personal_access_token_expiry: 37,  # EE-only
-    terraform_notification_dismissed: 38
+    terraform_notification_dismissed: 38,
+    security_newsletter_callout: 39
   }
 
   validates :feature_name,

app/views/admin/dashboard/_security_newsletter_callout.html.haml

+- return unless show_security_newsletter_user_callout?
+
+= render 'shared/global_alert',
+  title: s_('AdminArea|Get security updates from GitLab and stay up to date'),
+  variant: :tip,
+  alert_class: 'js-security-newsletter-callout',
+  is_contained: true,
+  alert_data: { feature_id: UserCalloutsHelper::SECURITY_NEWSLETTER_CALLOUT, dismiss_endpoint: user_callouts_path, defer_links: 'true' },
+  close_button_data: { testid: 'close-security-newsletter-callout' } do
+  .gl-alert-body
+    = s_('AdminArea|Sign up for the GitLab Security Newsletter to get notified for security updates.')
+  .gl-alert-actions
+    = link_to 'https://about.gitlab.com/company/preference-center/', target: '_blank', rel: 'noreferrer noopener', class: 'deferred-link gl-alert-action btn-confirm btn-md gl-button' do
+      = s_('AdminArea|Sign up for the GitLab newsletter')

app/views/admin/dashboard/index.html.haml

@@ -4,6 +4,7 @@
 - billable_users_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer nofollow">'.html_safe % { url: billable_users_url }
 
 = render_if_exists 'shared/qrtly_reconciliation_alert'
+= render 'admin/dashboard/security_newsletter_callout'
 
 - if @notices
   - @notices.each do |notice|

doc/api/graphql/reference/index.md

@@ -16493,6 +16493,7 @@ Name of the feature that the callout is for.
 | <a id="usercalloutfeaturenameenumregistration_enabled_callout"></a>`REGISTRATION_ENABLED_CALLOUT` | Callout feature name for registration_enabled_callout. |
 | <a id="usercalloutfeaturenameenumsecurity_configuration_devops_alert"></a>`SECURITY_CONFIGURATION_DEVOPS_ALERT` | Callout feature name for security_configuration_devops_alert. |
 | <a id="usercalloutfeaturenameenumsecurity_configuration_upgrade_banner"></a>`SECURITY_CONFIGURATION_UPGRADE_BANNER` | Callout feature name for security_configuration_upgrade_banner. |
+| <a id="usercalloutfeaturenameenumsecurity_newsletter_callout"></a>`SECURITY_NEWSLETTER_CALLOUT` | Callout feature name for security_newsletter_callout. |
 | <a id="usercalloutfeaturenameenumsuggest_pipeline"></a>`SUGGEST_PIPELINE` | Callout feature name for suggest_pipeline. |
 | <a id="usercalloutfeaturenameenumsuggest_popover_dismissed"></a>`SUGGEST_POPOVER_DISMISSED` | Callout feature name for suggest_popover_dismissed. |
 | <a id="usercalloutfeaturenameenumtabs_position_highlight"></a>`TABS_POSITION_HIGHLIGHT` | Callout feature name for tabs_position_highlight. |

locale/gitlab.pot

@@ -2285,6 +2285,9 @@ msgstr ""
 msgid "AdminArea|Features"
 msgstr ""
 
+msgid "AdminArea|Get security updates from GitLab and stay up to date"
+msgstr ""
+
 msgid "AdminArea|Groups"
 msgstr ""
 
@@ -2324,6 +2327,12 @@ msgstr ""
 msgid "AdminArea|Reporter"
 msgstr ""
 
+msgid "AdminArea|Sign up for the GitLab Security Newsletter to get notified for security updates."
+msgstr ""
+
+msgid "AdminArea|Sign up for the GitLab newsletter"
+msgstr ""
+
 msgid "AdminArea|Stop all jobs"
 msgstr ""
 

spec/features/callouts/security_newsletter_callout_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Security newsletter callout', :js do
+  let_it_be(:admin) { create(:admin) }
+  let_it_be(:non_admin) { create(:user) }
+
+  shared_examples 'hidden callout' do
+    it 'does not display callout' do
+      expect(page).not_to have_content 'Sign up for the GitLab Security Newsletter to get notified for security updates.'
+    end
+  end
+
+  context 'when an admin is logged in' do
+    before do
+      sign_in(admin)
+      gitlab_enable_admin_mode_sign_in(admin)
+
+      visit admin_root_path
+    end
+
+    it 'displays callout' do
+      expect(page).to have_content 'Sign up for the GitLab Security Newsletter to get notified for security updates.'
+      expect(page).to have_link 'Sign up for the GitLab newsletter', href: 'https://about.gitlab.com/company/preference-center/'
+    end
+
+    context 'when link is clicked' do
+      before do
+        find_link('Sign up for the GitLab newsletter').click
+
+        visit admin_root_path
+      end
+
+      it_behaves_like 'hidden callout'
+    end
+
+    context 'when callout is dismissed' do
+      before do
+        find('[data-testid="close-security-newsletter-callout"]').click
+
+        visit admin_root_path
+      end
+
+      it_behaves_like 'hidden callout'
+    end
+  end
+
+  context 'when a non-admin is logged in' do
+    before do
+      sign_in(non_admin)
+      visit admin_root_path
+    end
+
+    it_behaves_like 'hidden callout'
+  end
+end

spec/helpers/user_callouts_helper_spec.rb

@@ -293,4 +293,37 @@ RSpec.describe UserCalloutsHelper do
       it { is_expected.to eq(false) }
     end
   end
+
+  describe '.show_security_newsletter_user_callout?' do
+    let_it_be(:admin) { create(:user, :admin) }
+
+    subject { helper.show_security_newsletter_user_callout? }
+
+    context 'when `current_user` is not an admin' do
+      before do
+        allow(helper).to receive(:current_user).and_return(user)
+        allow(helper).to receive(:user_dismissed?).with(described_class::SECURITY_NEWSLETTER_CALLOUT) { false }
+      end
+
+      it { is_expected.to be false }
+    end
+
+    context 'when user has dismissed callout' do
+      before do
+        allow(helper).to receive(:current_user).and_return(admin)
+        allow(helper).to receive(:user_dismissed?).with(described_class::SECURITY_NEWSLETTER_CALLOUT) { true }
+      end
+
+      it { is_expected.to be false }
+    end
+
+    context 'when `current_user` is an admin and user has not dismissed callout' do
+      before do
+        allow(helper).to receive(:current_user).and_return(admin)
+        allow(helper).to receive(:user_dismissed?).with(described_class::SECURITY_NEWSLETTER_CALLOUT) { false }
+      end
+
+      it { is_expected.to be true }
+    end
+  end
 end