Merge branch 'add_dast_scanner_profile_finder_241120' into 'master'

Add standard way to find DastScannerProfiles See merge request gitlab-org/gitlab!41633

Merge branch 'add_dast_scanner_profile_finder_241120' into 'master'
Add standard way to find DastScannerProfiles See merge request gitlab-org/gitlab!41633
c358e500 · Sean McGivern · c4753eaa · e2503f5a · c358e500 · c358e500
Commit c358e500 authored Sep 24, 2020 by Sean McGivern
8 changed files
--- a/ee/app/finders/dast_scanner_profiles_finder.rb
+++ b/ee/app/finders/dast_scanner_profiles_finder.rb
+# frozen_string_literal: true
+
+class DastScannerProfilesFinder
+  def initialize(params = {})
+    @params = params
+  end
+
+  def execute
+    relation = DastScannerProfile.all
+    relation = by_id(relation)
+    relation = by_project(relation)
+    relation
+  end
+
+  private
+
+  attr_reader :params
+
+  def by_id(relation)
+    return relation unless params[:ids]
+
+    relation.id_in(params[:ids])
+  end
+
+  def by_project(relation)
+    return relation unless params[:project_ids]
+
+    relation.project_id_in(params[:project_ids])
+  end
+end
--- a/ee/app/graphql/ee/types/project_type.rb
+++ b/ee/app/graphql/ee/types/project_type.rb
@@ -19,7 +19,7 @@ module EE
            resolve: -> (project, _args, _ctx) do
              return DastScannerProfile.none unless ::Feature.enabled?(:security_on_demand_scans_feature_flag, project, default_enabled: true)

-              project.dast_scanner_profiles
+              DastScannerProfilesFinder.new(project_ids: [project.id]).execute
            end

        field :sast_ci_configuration, ::Types::CiConfiguration::Sast::Type, null: true,

--- a/ee/app/models/dast_scanner_profile.rb
+++ b/ee/app/models/dast_scanner_profile.rb
@@ -5,4 +5,6 @@ class DastScannerProfile < ApplicationRecord

  validates :project_id, presence: true
  validates :name, length: { maximum: 255 }, uniqueness: { scope: :project_id }
+
+  scope :project_id_in, -> (project_ids) { where(project_id: project_ids) }
 end
--- a/ee/app/services/dast_scanner_profiles/update_service.rb
+++ b/ee/app/services/dast_scanner_profiles/update_service.rb
@@ -28,7 +28,7 @@ module DastScannerProfiles
    end

    def find_dast_scanner_profile(id)
-      project.dast_scanner_profiles.id_in(id).first
+      DastScannerProfilesFinder.new(project_ids: [project.id], ids: [id]).execute.first
    end
  end
 end
--- a/ee/spec/finders/dast_scanner_profiles_finder_spec.rb
+++ b/ee/spec/finders/dast_scanner_profiles_finder_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe DastScannerProfilesFinder do
+  let_it_be(:current_user) { create(:user) }
+  let_it_be(:dast_scanner_profile1) { create(:dast_scanner_profile) }
+  let_it_be(:dast_scanner_profile2) { create(:dast_scanner_profile) }
+  let_it_be(:dast_scanner_profile3) { create(:dast_scanner_profile) }
+
+  let(:params) { {} }
+
+  subject do
+    described_class.new(params).execute
+  end
+
+  describe '#execute' do
+    it 'returns all dast_scanner_profiles' do
+      expect(subject).to contain_exactly(dast_scanner_profile1, dast_scanner_profile2, dast_scanner_profile3)
+    end
+
+    context 'filtering by ids' do
+      let(:params) { { ids: [dast_scanner_profile1.id, dast_scanner_profile3.id] } }
+
+      it 'returns the dast_scanner_profile' do
+        expect(subject).to contain_exactly(dast_scanner_profile1, dast_scanner_profile3)
+      end
+    end
+
+    context 'filter by project' do
+      let(:params) { { project_ids: [dast_scanner_profile1.project.id, dast_scanner_profile2.project.id] } }
+
+      it 'returns the matching dast_scanner_profiles' do
+        expect(subject).to contain_exactly(dast_scanner_profile1, dast_scanner_profile2)
+      end
+    end
+
+    context 'when DastScannerProfile id is for a different project' do
+      let(:params) { { ids: [dast_scanner_profile1.id], project_ids: [dast_scanner_profile2.project.id] } }
+
+      it 'returns an empty relation' do
+        expect(subject).to be_empty
+      end
+    end
+
+    context 'when the dast_scanner_profile1 does not exist' do
+      let(:params) { { ids: [0] } }
+
+      it 'returns an empty relation' do
+        expect(subject).to be_empty
+      end
+    end
+  end
+end
--- a/ee/spec/models/dast_scanner_profile_spec.rb
+++ b/ee/spec/models/dast_scanner_profile_spec.rb
@@ -15,4 +15,13 @@ RSpec.describe DastScannerProfile, type: :model do
    it { is_expected.to validate_uniqueness_of(:name).scoped_to(:project_id) }
    it { is_expected.to validate_presence_of(:project_id) }
  end
+
+  describe 'scopes' do
+    describe '.project_id_in' do
+      it 'returns the dast_scanner_profiles for given projects' do
+        result = DastScannerProfile.project_id_in([subject.project.id])
+        expect(result).to eq([subject])
+      end
+    end
+  end
 end
--- a/ee/spec/requests/api/graphql/project/dast_scanner_profiles_spec.rb
+++ b/ee/spec/requests/api/graphql/project/dast_scanner_profiles_spec.rb
@@ -7,6 +7,8 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do

  let_it_be(:dast_scanner_profile) { create(:dast_scanner_profile) }
  let_it_be(:project) { dast_scanner_profile.project }
+  let_it_be(:dast_scanner_profile_different_project) { create(:dast_scanner_profile) }
+  let_it_be(:project_2) { dast_scanner_profile_different_project.project }
  let_it_be(:current_user) { create(:user) }

  let(:query) do
@@ -43,6 +45,7 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do
  context 'when the user can run a dast scan' do
    before do
      project.add_guest(current_user)
+      project_2.add_guest(current_user)
    end

    describe 'dast scanner profiles' do
@@ -52,6 +55,22 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do
    end
  end

+  context 'when a user has access to multiple projects' do
+    before do
+      project.add_developer(current_user)
+      project_2.add_developer(current_user)
+    end
+
+    describe 'dast scanner profiles' do
+      subject { response_data.dig('project', 'dastScannerProfiles', 'nodes') }
+
+      it 'returns only the dast_scanner_profile for the requested project' do
+        expect(subject.length).to eq(1)
+        expect(subject.first['id']).to eq(Gitlab::GlobalId.build(dast_scanner_profile).to_s)
+      end
+    end
+  end
+
  context 'when a user has access dast_scanner_profiles' do
    before do
      project.add_developer(current_user)

--- a/ee/spec/services/dast_scanner_profiles/update_service_spec.rb
+++ b/ee/spec/services/dast_scanner_profiles/update_service_spec.rb
@@ -5,7 +5,9 @@ require 'spec_helper'
 RSpec.describe DastScannerProfiles::UpdateService do
  let_it_be(:user) { create(:user) }
  let_it_be(:dast_scanner_profile, reload: true) { create(:dast_scanner_profile, target_timeout: 200, spider_timeout: 5000) }
+  let_it_be(:dast_scanner_profile_2, reload: true) { create(:dast_scanner_profile, target_timeout: 200, spider_timeout: 5000) }
  let(:project) { dast_scanner_profile.project }
+  let(:project_2) { dast_scanner_profile_2.project }

  let_it_be(:new_profile_name) { SecureRandom.hex }
  let_it_be(:new_target_timeout) { dast_scanner_profile.target_timeout + 1 }
@@ -40,6 +42,26 @@ RSpec.describe DastScannerProfiles::UpdateService do
      end
    end

+    context 'when the dast_scanner_profile exists on a different project' do
+      before do
+        project.add_developer(user)
+        project_2.add_developer(user)
+      end
+
+      subject do
+        described_class.new(project_2, user).execute(
+          id: dast_scanner_profile.id,
+          profile_name: new_profile_name,
+          target_timeout: new_target_timeout,
+          spider_timeout: new_spider_timeout
+        )
+      end
+
+      it 'returns an error status' do
+        expect(status).to eq(:error)
+      end
+    end
+
    context 'when the user can run a dast scan' do
      before do
        project.add_developer(user)