Add licenses to the response

Also added granular permission to this info

Add licenses to the response
Also added granular permission to this info
df6bd040 · Tetiana Chupryna · Douwe Maan · e32aab74 · df6bd040 · df6bd040
Commit df6bd040 authored Aug 20, 2019 by Tetiana Chupryna Committed by Douwe Maan Aug 20, 2019
6 changed files
--- a/ee/app/serializers/dependency_entity.rb
+++ b/ee/app/serializers/dependency_entity.rb
@@ -11,13 +11,22 @@ class DependencyEntity < Grape::Entity
    expose :name, :severity
  end

+  class LicenseEntity < Grape::Entity
+    expose :name, :url
+  end
+
  expose :name, :packager, :version
  expose :location, using: LocationEntity
  expose :vulnerabilities, using: VulnerabilityEntity, if: ->(_) { can_read_vulnerabilities? }
+  expose :licenses, using: LicenseEntity, if: ->(_) { can_read_licenses? }

  private

  def can_read_vulnerabilities?
    can?(request.user, :read_project_security_dashboard, request.project)
  end
+
+  def can_read_licenses?
+    can?(request.user, :read_software_license_policy, request.project)
+  end
 end
--- a/ee/changelogs/unreleased/13084-add-licenses-to-dl-response.yml
+++ b/ee/changelogs/unreleased/13084-add-licenses-to-dl-response.yml
+---
+title: Add Licenses info into Dependencies response
+merge_request: 15160
+author:
+type: added
--- a/ee/spec/factories/dependencies.rb
+++ b/ee/spec/factories/dependencies.rb
@@ -26,6 +26,15 @@ FactoryBot.define do
      end
    end

+    trait :with_licenses do
+      licenses do
+        [{
+           name: 'MIT',
+           url: 'http://opensource.org/licenses/mit-license'
+         }]
+      end
+    end
+
    initialize_with { attributes }
  end
 end
--- a/ee/spec/fixtures/api/schemas/dependency.json
+++ b/ee/spec/fixtures/api/schemas/dependency.json
@@ -5,7 +5,8 @@
    "packager",
    "version",
    "location",
-    "vulnerabilities"
+    "vulnerabilities",
+    "licenses"
  ],
  "properties": {
    "name": {
@@ -35,6 +36,17 @@
          "type": "string"
        }
      }
+    },
+    "licenses": {
+      "type": "array",
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "url": {
+          "type": "string"
+        }
+      }
    }
  },
  "additionalProperties": false

--- a/ee/spec/serializers/dependency_entity_spec.rb
+++ b/ee/spec/serializers/dependency_entity_spec.rb
@@ -6,32 +6,47 @@ describe DependencyEntity do
  describe '#as_json' do
    subject { described_class.represent(dependency, request: request).as_json }

-    set(:project) { create(:project, :repository, :private) }
    set(:user) { create(:user) }
+    let(:project) { create(:project, :repository, :private) }
    let(:request) { double('request') }
-    let(:dependency) { build(:dependency, :with_vulnerabilities) }
+    let(:dependency) { build(:dependency, :with_vulnerabilities, :with_licenses) }

    before do
-      stub_licensed_features(security_dashboard: true)
      allow(request).to receive(:project).and_return(project)
      allow(request).to receive(:user).and_return(user)
    end

-    context 'with developer' do
+    context 'when all required features available' do
      before do
-        project.add_developer(user)
+        stub_licensed_features(security_dashboard: true, license_management: true)
+        allow(request).to receive(:project).and_return(project)
+        allow(request).to receive(:user).and_return(user)
      end

-      it do
-        is_expected.to eq(dependency.except(:licenses))
+      context 'with developer' do
+        before do
+          project.add_developer(user)
+        end
+
+        it { is_expected.to eq(dependency) }
+      end
+
+      context 'with reporter' do
+        let(:dependency_info) { build(:dependency, :with_licenses) }
+
+        before do
+          project.add_reporter(user)
+        end
+
+        it { is_expected.to eq(dependency_info) }
      end
    end

-    context 'with reporter' do
+    context 'when all required features are unavailable' do
      let(:dependency_info) { build(:dependency).except(:licenses) }

      before do
-        project.add_reporter(user)
+        project.add_developer(user)
      end

      it { is_expected.to eq(dependency_info) }

--- a/ee/spec/serializers/dependency_list_serializer_spec.rb
+++ b/ee/spec/serializers/dependency_list_serializer_spec.rb
@@ -6,14 +6,14 @@ describe DependencyListSerializer do
  set(:project) { create(:project, :repository, :private) }
  set(:user) { create(:user) }
  let(:ci_build) { create(:ee_ci_build, :success) }
-  let(:dependencies) { [build(:dependency, :with_vulnerabilities)] }
+  let(:dependencies) { [build(:dependency, :with_vulnerabilities, :with_licenses)] }

  let(:serializer) do
    described_class.new(project: project, user: user).represent(dependencies, build: ci_build)
  end

  before do
-    stub_licensed_features(security_dashboard: true)
+    stub_licensed_features(security_dashboard: true, license_management: true)
    project.add_developer(user)
  end