Commit fe0100c8 authored by Imre Farkas's avatar Imre Farkas

Merge branch...

Merge branch '284740-allow-issuescontroller-to-creating-an-issue-with-vulnerability-feedback' into 'master'

Add feedback creation in controller

See merge request gitlab-org/gitlab!52141
parents 0e569d16 e35cb0e5
...@@ -130,7 +130,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -130,7 +130,7 @@ class Projects::IssuesController < Projects::ApplicationController
service = ::Issues::CreateService.new(project, current_user, create_params) service = ::Issues::CreateService.new(project, current_user, create_params)
@issue = service.execute @issue = service.execute
create_vulnerability_issue_link(issue) create_vulnerability_issue_feedback(issue)
if service.discussions_to_resolve.count(&:resolved?) > 0 if service.discussions_to_resolve.count(&:resolved?) > 0
flash[:notice] = if service.discussion_to_resolve_id flash[:notice] = if service.discussion_to_resolve_id
...@@ -402,7 +402,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -402,7 +402,7 @@ class Projects::IssuesController < Projects::ApplicationController
end end
# Overridden in EE # Overridden in EE
def create_vulnerability_issue_link(issue); end def create_vulnerability_issue_feedback(issue); end
end end
Projects::IssuesController.prepend_if_ee('EE::Projects::IssuesController') Projects::IssuesController.prepend_if_ee('EE::Projects::IssuesController')
...@@ -48,17 +48,21 @@ module EE ...@@ -48,17 +48,21 @@ module EE
end end
end end
def create_vulnerability_issue_link(issue) def create_vulnerability_issue_feedback(issue)
return unless issue.persisted? && vulnerability return unless issue.persisted? && vulnerability
result = VulnerabilityIssueLinks::CreateService.new( result = VulnerabilityFeedback::CreateService.new(
issue.project,
current_user, current_user,
vulnerability, vulnerability_issue_feedback_params(issue, vulnerability)
issue,
link_type: Vulnerabilities::IssueLink.link_types[:created]
).execute ).execute
flash[:alert] = render_vulnerability_link_alert if result.status == :error errors = []
result[:message].full_messages.each do |error|
errors << render_vulnerability_link_alert(error)
end
flash[:alert] = errors.join('<br\>').html_safe
end end
def vulnerability def vulnerability
...@@ -75,6 +79,20 @@ module EE ...@@ -75,6 +79,20 @@ module EE
} }
end end
def vulnerability_issue_feedback_params(issue, vulnerability)
feedback_params = {
issue: issue,
feedback_type: 'issue',
category: vulnerability.report_type,
project_fingerprint: vulnerability.finding.project_fingerprint,
vulnerability_data: vulnerability.as_json
}
feedback_params[:vulnerability_data][:vulnerability_id] = vulnerability.id
feedback_params
end
def render_vulnerability_description def render_vulnerability_description
render_to_string( render_to_string(
template: 'vulnerabilities/issue_description.md.erb', template: 'vulnerabilities/issue_description.md.erb',
...@@ -82,10 +100,13 @@ module EE ...@@ -82,10 +100,13 @@ module EE
) )
end end
def render_vulnerability_link_alert def render_vulnerability_link_alert(error_message)
render_to_string( render_to_string(
partial: 'vulnerabilities/unable_to_link_vulnerability.html.haml', partial: 'vulnerabilities/unable_to_link_vulnerability.html.haml',
locals: { vulnerability_link: vulnerability_path(vulnerability) } locals: {
vulnerability_link: vulnerability_path(vulnerability),
error_message: error_message
}
) )
end end
......
...@@ -15,8 +15,10 @@ module VulnerabilityFeedback ...@@ -15,8 +15,10 @@ module VulnerabilityFeedback
dismiss_existing_vulnerability dismiss_existing_vulnerability
end end
errors = vulnerability_feedback.errors.dup
if vulnerability_feedback.persisted? && vulnerability_feedback.valid? if vulnerability_feedback.persisted? && vulnerability_feedback.valid?
success(vulnerability_feedback) success(vulnerability_feedback).merge(message: errors)
else else
rollback_merge_request(vulnerability_feedback.merge_request) if vulnerability_feedback.merge_request rollback_merge_request(vulnerability_feedback.merge_request) if vulnerability_feedback.merge_request
...@@ -57,6 +59,10 @@ module VulnerabilityFeedback ...@@ -57,6 +59,10 @@ module VulnerabilityFeedback
def create_issue def create_issue
# Wrap Feedback and Issue creation in the same transaction # Wrap Feedback and Issue creation in the same transaction
ActiveRecord::Base.transaction do ActiveRecord::Base.transaction do
issue = @params[:issue]
# Create a new issue if one does not exist
unless issue
result = Issues::CreateFromVulnerabilityDataService result = Issues::CreateFromVulnerabilityDataService
.new(@project, @current_user, vulnerability_feedback.vulnerability_data) .new(@project, @current_user, vulnerability_feedback.vulnerability_data)
.execute .execute
...@@ -67,6 +73,7 @@ module VulnerabilityFeedback ...@@ -67,6 +73,7 @@ module VulnerabilityFeedback
end end
issue = result[:issue] issue = result[:issue]
end
issue_link_result = create_vulnerability_issue_link(vulnerability_feedback.vulnerability_data[:vulnerability_id], issue) issue_link_result = create_vulnerability_issue_link(vulnerability_feedback.vulnerability_data[:vulnerability_id], issue)
......
%span.gl-alert-title %span.gl-alert-title
= _('Unable to create link to vulnerability') = _('Unable to create link to vulnerability')
.gl-alert-body .gl-alert-body
= error_message
%br
- originating_vulnerability_link = link_to _('originating vulnerability'), vulnerability_link - originating_vulnerability_link = link_to _('originating vulnerability'), vulnerability_link
= _('Manually link this issue by adding it to the linked issue section of the %{originating_vulnerability}.').html_safe % { originating_vulnerability: originating_vulnerability_link } = _('Manually link this issue by adding it to the linked issue section of the %{originating_vulnerability}.').html_safe % { originating_vulnerability: originating_vulnerability_link }
---
title: Add feedback creation in controller
merge_request: 52141
author:
type: changed
...@@ -112,6 +112,12 @@ RSpec.describe Projects::IssuesController do ...@@ -112,6 +112,12 @@ RSpec.describe Projects::IssuesController do
expect(project.issues.last.vulnerability_links.first.vulnerability).to eq(vulnerability) expect(project.issues.last.vulnerability_links.first.vulnerability).to eq(vulnerability)
end end
it 'creates vulnerability feedback' do
send_request
expect(project.issues.last).to eq(Vulnerabilities::Feedback.last.issue)
end
it 'overwrites the default fields' do it 'overwrites the default fields' do
send_request send_request
......
...@@ -196,7 +196,7 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do ...@@ -196,7 +196,7 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do
expect(result[:status]).to eq(:success) expect(result[:status]).to eq(:success)
end end
context 'id of vulnerability is provided in vulnerability_data params' do context 'when the id of the vulnerability is provided in vulnerability_data params' do
before do before do
stub_licensed_features(security_dashboard: true) stub_licensed_features(security_dashboard: true)
end end
...@@ -313,6 +313,24 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do ...@@ -313,6 +313,24 @@ RSpec.describe VulnerabilityFeedback::CreateService, '#execute' do
end end
end end
end end
context 'when a previously created issue is provided' do
let(:issue) { create(:issue, project: project) }
before do
feedback_params.merge!({ issue: issue })
end
it 'does not create a new issue' do
expect { result }.not_to change { Issue.count }
end
it 'sets the feedback issue to the created issue' do
feedback = result[:vulnerability_feedback]
expect(feedback.issue).to eq(issue)
end
end
end end
context 'when feedback_type is merge_request' do context 'when feedback_type is merge_request' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment