Skip to content

G
gitlab-ce
Commit df6bd040 authored by Tetiana Chupryna's avatar Tetiana Chupryna Committed by Douwe Maan
Browse files
Options

Add licenses to the response 

Also added granular permission to this info
parent e32aab74
Show whitespace changes
Inline Side-by-side
Showing with 62 additions and 12 deletions
ee/app/serializers/dependency_entity.rb
View file @ df6bd040
...@@ -11,13 +11,22 @@ class DependencyEntity < Grape::Entity ...@@ -11,13 +11,22 @@ class DependencyEntity < Grape::Entity
expose :name, :severity expose :name, :severity
end end
class LicenseEntity < Grape::Entity
expose :name, :url
end
expose :name, :packager, :version expose :name, :packager, :version
expose :location, using: LocationEntity expose :location, using: LocationEntity
expose :vulnerabilities, using: VulnerabilityEntity, if: ->(_) { can_read_vulnerabilities? } expose :vulnerabilities, using: VulnerabilityEntity, if: ->(_) { can_read_vulnerabilities? }
expose :licenses, using: LicenseEntity, if: ->(_) { can_read_licenses? }
private private
def can_read_vulnerabilities? def can_read_vulnerabilities?
can?(request.user, :read_project_security_dashboard, request.project) can?(request.user, :read_project_security_dashboard, request.project)
end end
def can_read_licenses?
can?(request.user, :read_software_license_policy, request.project)
end
end end
ee/changelogs/unreleased/13084-add-licenses-to-dl-response.yml 0 → 100644
View file @ df6bd040
---
title: Add Licenses info into Dependencies response
merge_request: 15160
author:
type: added
ee/spec/factories/dependencies.rb
View file @ df6bd040
...@@ -26,6 +26,15 @@ FactoryBot.define do ...@@ -26,6 +26,15 @@ FactoryBot.define do
end end
end end
trait :with_licenses do
licenses do
[{
name: 'MIT',
url: 'http://opensource.org/licenses/mit-license'
}]
end
end
initialize_with { attributes } initialize_with { attributes }
end end
end end
ee/spec/fixtures/api/schemas/dependency.json
View file @ df6bd040
...@@ -5,7 +5,8 @@ ...@@ -5,7 +5,8 @@
"packager", "packager",
"version", "version",
"location", "location",
"vulnerabilities" "vulnerabilities",
"licenses"
], ],
"properties": { "properties": {
"name": { "name": {
...@@ -35,6 +36,17 @@ ...@@ -35,6 +36,17 @@
"type": "string" "type": "string"
} }
} }
},
"licenses": {
"type": "array",
"properties": {
"name": {
"type": "string"
},
"url": {
"type": "string"
}
}
} }
}, },
"additionalProperties": false "additionalProperties": false
......
ee/spec/serializers/dependency_entity_spec.rb
View file @ df6bd040
...@@ -6,13 +6,19 @@ describe DependencyEntity do ...@@ -6,13 +6,19 @@ describe DependencyEntity do
describe '#as_json' do describe '#as_json' do
subject { described_class.represent(dependency, request: request).as_json } subject { described_class.represent(dependency, request: request).as_json }
set(:project) { create(:project, :repository, :private) }
set(:user) { create(:user) } set(:user) { create(:user) }
let(:project) { create(:project, :repository, :private) }
let(:request) { double('request') } let(:request) { double('request') }
let(:dependency) { build(:dependency, :with_vulnerabilities) } let(:dependency) { build(:dependency, :with_vulnerabilities, :with_licenses) }
before do before do
stub_licensed_features(security_dashboard: true) allow(request).to receive(:project).and_return(project)
allow(request).to receive(:user).and_return(user)
end
context 'when all required features available' do
before do
stub_licensed_features(security_dashboard: true, license_management: true)
allow(request).to receive(:project).and_return(project) allow(request).to receive(:project).and_return(project)
allow(request).to receive(:user).and_return(user) allow(request).to receive(:user).and_return(user)
end end
...@@ -22,13 +28,11 @@ describe DependencyEntity do ...@@ -22,13 +28,11 @@ describe DependencyEntity do
project.add_developer(user) project.add_developer(user)
end end
it do it { is_expected.to eq(dependency) }
is_expected.to eq(dependency.except(:licenses))
end
end end
context 'with reporter' do context 'with reporter' do
let(:dependency_info) { build(:dependency).except(:licenses) } let(:dependency_info) { build(:dependency, :with_licenses) }
before do before do
project.add_reporter(user) project.add_reporter(user)
...@@ -37,4 +41,15 @@ describe DependencyEntity do ...@@ -37,4 +41,15 @@ describe DependencyEntity do
it { is_expected.to eq(dependency_info) } it { is_expected.to eq(dependency_info) }
end end
end end
context 'when all required features are unavailable' do
let(:dependency_info) { build(:dependency).except(:licenses) }
before do
project.add_developer(user)
end
it { is_expected.to eq(dependency_info) }
end
end
end end
ee/spec/serializers/dependency_list_serializer_spec.rb
View file @ df6bd040
...@@ -6,14 +6,14 @@ describe DependencyListSerializer do ...@@ -6,14 +6,14 @@ describe DependencyListSerializer do
set(:project) { create(:project, :repository, :private) } set(:project) { create(:project, :repository, :private) }
set(:user) { create(:user) } set(:user) { create(:user) }
let(:ci_build) { create(:ee_ci_build, :success) } let(:ci_build) { create(:ee_ci_build, :success) }
let(:dependencies) { [build(:dependency, :with_vulnerabilities)] } let(:dependencies) { [build(:dependency, :with_vulnerabilities, :with_licenses)] }
let(:serializer) do let(:serializer) do
described_class.new(project: project, user: user).represent(dependencies, build: ci_build) described_class.new(project: project, user: user).represent(dependencies, build: ci_build)
end end
before do before do
stub_licensed_features(security_dashboard: true) stub_licensed_features(security_dashboard: true, license_management: true)
project.add_developer(user) project.add_developer(user)
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7