Add Security dashboard to project quick links

Closes #6786

app/presenters/project_presenter.rb

 # frozen_string_literal: true
 
 class ProjectPresenter < Gitlab::View::Presenter::Delegated
+  prepend EE::ProjectPresenter
+
   include ActionView::Helpers::NumberHelper
   include ActionView::Helpers::UrlHelper
   include GitlabRoutingHelper

ee/app/policies/ee/project_policy.rb

@@ -49,6 +49,9 @@ module EE
         @subject.feature_available?(:pod_logs, @user)
       end
 
+      with_scope :subject
+      condition(:security_reports_feature_available) { @subject.security_reports_feature_available? }
+
       condition(:prometheus_alerts_enabled) do
         @subject.feature_available?(:prometheus_alerts, @user)
       end
@@ -85,9 +88,10 @@ module EE
       rule { can?(:developer_access) }.policy do
         enable :admin_board
         enable :admin_vulnerability_feedback
-        enable :read_project_security_dashboard
       end
 
+      rule { can?(:developer_access) & security_reports_feature_available }.enable :read_project_security_dashboard
+
       rule { can?(:read_project) }.enable :read_vulnerability_feedback
 
       rule { repository_mirrors_enabled & ((mirror_available & can?(:admin_project)) | admin) }.enable :admin_mirror

ee/app/presenters/ee/project_presenter.rb

+# frozen_string_literal: true
+
+module EE
+  module ProjectPresenter
+    extend ::Gitlab::Utils::Override
+
+    override :statistics_anchors
+    def statistics_anchors(show_auto_devops_callout:)
+      super + extra_statistics_anchors
+    end
+
+    def extra_statistics_anchors
+      anchors = []
+
+      if can?(current_user, :read_project_security_dashboard, project) &&
+          project.latest_pipeline_with_security_reports
+        anchors << security_dashboard_data
+      end
+
+      anchors
+    end
+
+    private
+
+    def security_dashboard_data
+      OpenStruct.new(enabled: true,
+                     label: _('Security Dashboard'),
+                     link: project_security_dashboard_path(project))
+    end
+  end
+end

ee/app/views/projects/sidebar/_security_dashboard.html.haml

-- return unless @project.security_reports_feature_available? && can?(current_user, :read_project_security_dashboard, @project)
+- return unless can?(current_user, :read_project_security_dashboard, @project)
 
 = nav_link(path: 'projects/security/dashboard#show') do
   = link_to project_security_dashboard_path(@project), title: _('Security Dashboard'), class: 'shortcuts-project-security-dashboard' do

ee/changelogs/unreleased/6786-add-security-dashboard-to-project-quick-links.yml

+---
+title: Add Security Dashboard to project quick links
+merge_request: 6652
+author:
+type: added

ee/spec/policies/project_policy_spec.rb

@@ -305,6 +305,10 @@ describe ProjectPolicy do
   end
 
   describe 'read_project_security_dashboard' do
+    before do
+      allow(project).to receive(:security_reports_feature_available?).and_return(true)
+    end
+
     subject { described_class.new(current_user, project) }
 
     context 'with admin' do
@@ -329,6 +333,14 @@ describe ProjectPolicy do
       let(:current_user) { developer }
 
       it { is_expected.to be_allowed(:read_project_security_dashboard) }
+
+      context 'when security reports features are not available' do
+        before do
+          allow(project).to receive(:security_reports_feature_available?).and_return(false)
+        end
+
+        it { is_expected.to be_disallowed(:read_project_security_dashboard) }
+      end
     end
 
     context 'with reporter' do

ee/spec/presenters/project_presenter_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe ProjectPresenter do
+  let(:user) { create(:user) }
+
+  describe '#extra_statistics_anchors' do
+    let(:project) { create(:project) }
+    let(:pipeline) { create(:ci_pipeline, project: project) }
+    let(:presenter) { described_class.new(project, current_user: user) }
+
+    let(:security_dashboard_data) do
+      OpenStruct.new(enabled: true,
+                     label: _('Security Dashboard'),
+                     link: presenter.project_security_dashboard_path(project))
+    end
+
+    before do
+      allow(Ability).to receive(:allowed?).with(user, :read_project_security_dashboard, project).and_return(true)
+      allow(project).to receive(:latest_pipeline_with_security_reports).and_return(pipeline)
+    end
+
+    it 'contains security dasbhoard link' do
+      expect(presenter.extra_statistics_anchors).to include(security_dashboard_data)
+    end
+
+    context 'user not signed in' do
+      let(:user) { nil }
+
+      before do
+        allow(Ability).to receive(:allowed?).with(nil, :read_project_security_dashboard, project).and_return(false)
+      end
+
+      it 'has no security dasbhoard link' do
+        expect(presenter.extra_statistics_anchors).not_to include(security_dashboard_data)
+      end
+    end
+
+    context 'user is not allowed to read security dashboard' do
+      before do
+        allow(Ability).to receive(:allowed?).with(user, :read_project_security_dashboard, project).and_return(false)
+      end
+
+      it 'has no security dasbhoard link' do
+        expect(presenter.extra_statistics_anchors).not_to include(security_dashboard_data)
+      end
+    end
+
+    context 'no pipeline having security reports' do
+      before do
+        allow(project).to receive(:latest_pipeline_with_security_reports).and_return(nil)
+      end
+
+      it 'has no security dasbhoard link' do
+        expect(presenter.extra_statistics_anchors).not_to include(security_dashboard_data)
+      end
+    end
+  end
+end