Merge branch '6786-add-security-dashboard-to-project-quick-links' into 'master'

Resolve "Add Security Dashboard to project quick links" Closes #6786 See merge request gitlab-org/gitlab-ee!6652

Merge branch '6786-add-security-dashboard-to-project-quick-links' into 'master'
Resolve "Add Security Dashboard to project quick links" Closes #6786 See merge request gitlab-org/gitlab-ee!6652
cab3c51f · Grzegorz Bizon · 811b3068 · cafc53ce · cab3c51f · cab3c51f
Commit cab3c51f authored Jul 31, 2018 by Grzegorz Bizon
7 changed files
--- a/app/presenters/project_presenter.rb
+++ b/app/presenters/project_presenter.rb
 # frozen_string_literal: true

 class ProjectPresenter < Gitlab::View::Presenter::Delegated
+  prepend EE::ProjectPresenter
+
  include ActionView::Helpers::NumberHelper
  include ActionView::Helpers::UrlHelper
  include GitlabRoutingHelper

--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -50,6 +50,9 @@ module EE
        @subject.feature_available?(:pod_logs, @user)
      end

+      with_scope :subject
+      condition(:security_reports_feature_available) { @subject.security_reports_feature_available? }
+
      condition(:prometheus_alerts_enabled) do
        @subject.feature_available?(:prometheus_alerts, @user)
      end
@@ -91,9 +94,10 @@ module EE
      rule { can?(:developer_access) }.policy do
        enable :admin_board
        enable :admin_vulnerability_feedback
-        enable :read_project_security_dashboard
      end

+      rule { can?(:developer_access) & security_reports_feature_available }.enable :read_project_security_dashboard
+
      rule { can?(:read_project) }.enable :read_vulnerability_feedback

      rule { license_management_enabled & can?(:read_project) }.enable :read_software_license_policy

--- a/ee/app/presenters/ee/project_presenter.rb
+++ b/ee/app/presenters/ee/project_presenter.rb
+# frozen_string_literal: true
+
+module EE
+  module ProjectPresenter
+    extend ::Gitlab::Utils::Override
+
+    override :statistics_anchors
+    def statistics_anchors(show_auto_devops_callout:)
+      super + extra_statistics_anchors
+    end
+
+    def extra_statistics_anchors
+      anchors = []
+
+      if can?(current_user, :read_project_security_dashboard, project) &&
+          project.latest_pipeline_with_security_reports
+        anchors << security_dashboard_data
+      end
+
+      anchors
+    end
+
+    private
+
+    def security_dashboard_data
+      OpenStruct.new(enabled: true,
+                     label: _('Security Dashboard'),
+                     link: project_security_dashboard_path(project))
+    end
+  end
+end
--- a/ee/app/views/projects/sidebar/_security_dashboard.html.haml
+++ b/ee/app/views/projects/sidebar/_security_dashboard.html.haml
- return unless @project.security_reports_feature_available? && can?(current_user, :read_project_security_dashboard, @project)
+- return unless can?(current_user, :read_project_security_dashboard, @project)

 = nav_link(path: 'projects/security/dashboard#show') do
  = link_to project_security_dashboard_path(@project), title: _('Security Dashboard'), class: 'shortcuts-project-security-dashboard' do

--- a/ee/changelogs/unreleased/6786-add-security-dashboard-to-project-quick-links.yml
+++ b/ee/changelogs/unreleased/6786-add-security-dashboard-to-project-quick-links.yml
+---
+title: Add Security Dashboard to project quick links
+merge_request: 6652
+author:
+type: added
--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -305,6 +305,10 @@ describe ProjectPolicy do
  end

  describe 'read_project_security_dashboard' do
+    before do
+      allow(project).to receive(:security_reports_feature_available?).and_return(true)
+    end
+
    subject { described_class.new(current_user, project) }

    context 'with admin' do
@@ -329,6 +333,14 @@ describe ProjectPolicy do
      let(:current_user) { developer }

      it { is_expected.to be_allowed(:read_project_security_dashboard) }
+
+      context 'when security reports features are not available' do
+        before do
+          allow(project).to receive(:security_reports_feature_available?).and_return(false)
+        end
+
+        it { is_expected.to be_disallowed(:read_project_security_dashboard) }
+      end
    end

    context 'with reporter' do

--- a/ee/spec/presenters/project_presenter_spec.rb
+++ b/ee/spec/presenters/project_presenter_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe ProjectPresenter do
+  include Gitlab::Routing.url_helpers
+
+  let(:user) { create(:user) }
+
+  describe '#extra_statistics_anchors' do
+    let(:project) { create(:project) }
+    let(:pipeline) { create(:ci_pipeline, project: project) }
+    let(:presenter) { described_class.new(project, current_user: user) }
+
+    let(:security_dashboard_data) do
+      OpenStruct.new(enabled: true,
+                     label: _('Security Dashboard'),
+                     link: project_security_dashboard_path(project))
+    end
+
+    before do
+      allow(Ability).to receive(:allowed?).with(user, :read_project_security_dashboard, project).and_return(true)
+      allow(project).to receive(:latest_pipeline_with_security_reports).and_return(pipeline)
+    end
+
+    it 'has security dashboard link' do
+      expect(presenter.extra_statistics_anchors).to include(security_dashboard_data)
+    end
+
+    shared_examples 'has no security dashboard link' do
+      it do
+        expect(presenter.extra_statistics_anchors).not_to include(security_dashboard_data)
+      end
+    end
+
+    context 'user is not allowed to read security dashboard' do
+      before do
+        allow(Ability).to receive(:allowed?).with(user, :read_project_security_dashboard, project).and_return(false)
+      end
+
+      it_behaves_like 'has no security dashboard link'
+    end
+
+    context 'no pipeline having security reports' do
+      before do
+        allow(project).to receive(:latest_pipeline_with_security_reports).and_return(nil)
+      end
+
+      it_behaves_like 'has no security dashboard link'
+    end
+  end
+end