Commit ef8ad1e2 authored by Mayra Cabrera's avatar Mayra Cabrera

Merge branch 'jejacks0n/experiment/security_reports_mr_widget_prompt_exclusions' into 'master'

Exclude users who wouldn’t be able to take action from the `security_reports_mr_widget_prompt` experiment

See merge request gitlab-org/gitlab!71432
parents f86e00f9 96e04dad
...@@ -9,7 +9,10 @@ module EE ...@@ -9,7 +9,10 @@ module EE
include DescriptionDiffActions include DescriptionDiffActions
before_action only: [:show] do before_action only: [:show] do
if @project.licensed_feature_available?(:sast) && can?(current_user, :developer_access, @project)
experiment(:security_reports_mr_widget_prompt, namespace: @project.namespace).publish experiment(:security_reports_mr_widget_prompt, namespace: @project.namespace).publish
end
push_frontend_feature_flag(:anonymous_visual_review_feedback) push_frontend_feature_flag(:anonymous_visual_review_feedback)
push_frontend_feature_flag(:missing_mr_security_scan_types, @project) push_frontend_feature_flag(:missing_mr_security_scan_types, @project)
push_frontend_feature_flag(:refactor_mr_widgets_extensions, @project, default_enabled: :yaml) push_frontend_feature_flag(:refactor_mr_widgets_extensions, @project, default_enabled: :yaml)
......
...@@ -11,6 +11,54 @@ RSpec.describe Projects::MergeRequestsController do ...@@ -11,6 +11,54 @@ RSpec.describe Projects::MergeRequestsController do
login_as(user) login_as(user)
end end
describe 'GET #show' do
before do
# To avoid adjusting this controller, we just want to allow these tests to pass. This action wasn't tested before
# these were added for the experiment, and already exceeded the threshold.
# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/343375
# More: https://docs.gitlab.com/ee/development/query_count_limits.html#disable-query-limiting
stub_const('Gitlab::QueryLimiting::Transaction::THRESHOLD', 103)
stub_licensed_features(sast: true)
end
def get_show
get project_merge_request_path(project, merge_request)
end
context 'when the user has developer access' do
it 'publishes the security_reports_mr_widget_prompt experiment' do
expect_next_instance_of(SecurityReportsMrWidgetPromptExperiment) do |instance|
expect(instance).to receive(:publish)
end
get_show
end
end
context 'when the user does not have developer access' do
let(:user) { create(:user) }
it 'does not publish the security_reports_mr_widget_prompt experiment' do
expect(SecurityReportsMrWidgetPromptExperiment).not_to receive(:new)
get_show
end
end
context 'when the project is not licensed for sast' do
before do
expect(License).to receive(:feature_available?).with(:sast).and_return(false)
end
it 'does not publish the security_reports_mr_widget_prompt experiment' do
expect(SecurityReportsMrWidgetPromptExperiment).not_to receive(:new)
get_show
end
end
end
describe 'GET #edit' do describe 'GET #edit' do
def get_edit def get_edit
get edit_project_merge_request_path(project, merge_request) get edit_project_merge_request_path(project, merge_request)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment