Commit 0d18a578 authored by Daniel Tian's avatar Daniel Tian Committed by Savas Vedova

Fix auditor user able to bulk select vulns on vulnerability report

Changelog: fixed
MR:
EE: true
parent 8be1ab23
...@@ -19,6 +19,7 @@ import RemediatedBadge from 'ee/vulnerabilities/components/remediated_badge.vue' ...@@ -19,6 +19,7 @@ import RemediatedBadge from 'ee/vulnerabilities/components/remediated_badge.vue'
import { VULNERABILITY_STATES } from 'ee/vulnerabilities/constants'; import { VULNERABILITY_STATES } from 'ee/vulnerabilities/constants';
import { formatDate } from '~/lib/utils/datetime_utility'; import { formatDate } from '~/lib/utils/datetime_utility';
import { convertToSnakeCase } from '~/lib/utils/text_utility'; import { convertToSnakeCase } from '~/lib/utils/text_utility';
import { FIELDS } from 'ee/security_dashboard/components/shared/vulnerability_report/constants';
import AutoFixHelpText from '../auto_fix_help_text.vue'; import AutoFixHelpText from '../auto_fix_help_text.vue';
import IssuesBadge from '../issues_badge.vue'; import IssuesBadge from '../issues_badge.vue';
import SelectionSummary from '../selection_summary.vue'; import SelectionSummary from '../selection_summary.vue';
...@@ -49,6 +50,9 @@ export default { ...@@ -49,6 +50,9 @@ export default {
hasVulnerabilities: { hasVulnerabilities: {
default: false, default: false,
}, },
canAdminVulnerability: {
default: false,
},
hasJiraVulnerabilitiesIntegrationEnabled: { hasJiraVulnerabilitiesIntegrationEnabled: {
default: false, default: false,
}, },
...@@ -81,6 +85,10 @@ export default { ...@@ -81,6 +85,10 @@ export default {
}; };
}, },
computed: { computed: {
displayFields() {
// Add the checkbox field if the user can use the bulk select feature.
return this.canAdminVulnerability ? [FIELDS.CHECKBOX, ...this.fields] : this.fields;
},
hasAnyScannersOtherThanGitLab() { hasAnyScannersOtherThanGitLab() {
return this.vulnerabilities.some( return this.vulnerabilities.some(
(v) => v.scanner?.vendor !== 'GitLab' && v.scanner?.vendor !== '', (v) => v.scanner?.vendor !== 'GitLab' && v.scanner?.vendor !== '',
...@@ -176,6 +184,11 @@ export default { ...@@ -176,6 +184,11 @@ export default {
} }
}, },
toggleVulnerability(vulnerability) { toggleVulnerability(vulnerability) {
// If the user can't use the bulk select feature (like the auditor user), don't do anything.
if (!this.canAdminVulnerability) {
return;
}
if (this.selectedVulnerabilities[vulnerability.id]) { if (this.selectedVulnerabilities[vulnerability.id]) {
this.$delete(this.selectedVulnerabilities, `${vulnerability.id}`); this.$delete(this.selectedVulnerabilities, `${vulnerability.id}`);
} else { } else {
...@@ -237,7 +250,7 @@ export default { ...@@ -237,7 +250,7 @@ export default {
/> />
<gl-table <gl-table
:busy="isLoading" :busy="isLoading"
:fields="fields" :fields="displayFields"
:items="vulnerabilities" :items="vulnerabilities"
:thead-class="theadClass" :thead-class="theadClass"
:sort-desc="sortDesc" :sort-desc="sortDesc"
...@@ -249,7 +262,7 @@ export default { ...@@ -249,7 +262,7 @@ export default {
responsive responsive
hover hover
primary-key="id" primary-key="id"
:tbody-tr-class="{ 'gl-cursor-pointer': vulnerabilities.length }" :tbody-tr-class="{ 'gl-cursor-pointer': canAdminVulnerability }"
head-variant="white" head-variant="white"
@sort-changed="handleSortChange" @sort-changed="handleSortChange"
@row-clicked="toggleVulnerability" @row-clicked="toggleVulnerability"
...@@ -372,8 +385,8 @@ export default { ...@@ -372,8 +385,8 @@ export default {
</template> </template>
<template #empty> <template #empty>
<filters-produced-no-results v-if="hasVulnerabilities && !isLoading" /> <filters-produced-no-results v-if="hasVulnerabilities" class="gl-cursor-default" />
<dashboard-has-no-vulnerabilities v-else-if="!isLoading" /> <dashboard-has-no-vulnerabilities v-else class="gl-cursor-default" />
</template> </template>
</gl-table> </gl-table>
</div> </div>
......
...@@ -4,7 +4,6 @@ import VulnerabilityCounts from './vulnerability_counts.vue'; ...@@ -4,7 +4,6 @@ import VulnerabilityCounts from './vulnerability_counts.vue';
import VulnerabilityListGraphql from './vulnerability_list_graphql.vue'; import VulnerabilityListGraphql from './vulnerability_list_graphql.vue';
import VulnerabilityFilters from './vulnerability_filters.vue'; import VulnerabilityFilters from './vulnerability_filters.vue';
import { import {
FIELDS,
FILTERS, FILTERS,
FIELD_PRESETS, FIELD_PRESETS,
FILTER_PRESETS, FILTER_PRESETS,
...@@ -18,7 +17,7 @@ export default { ...@@ -18,7 +17,7 @@ export default {
VulnerabilityListGraphql, VulnerabilityListGraphql,
VulnerabilityFilters, VulnerabilityFilters,
}, },
inject: ['dashboardType', 'canAdminVulnerability'], inject: ['dashboardType'],
props: { props: {
type: { type: {
type: String, type: String,
...@@ -53,11 +52,7 @@ export default { ...@@ -53,11 +52,7 @@ export default {
return [...FILTER_PRESETS[type], ...(this.showProjectFilter ? [FILTERS.PROJECT] : [])]; return [...FILTER_PRESETS[type], ...(this.showProjectFilter ? [FILTERS.PROJECT] : [])];
}, },
fieldsToShow() { fieldsToShow() {
return [ return FIELD_PRESETS[this.type];
// Add the checkbox field if the user can use the bulk select feature.
...(this.canAdminVulnerability ? [FIELDS.CHECKBOX] : []),
...FIELD_PRESETS[this.type],
];
}, },
}, },
methods: { methods: {
......
...@@ -14,7 +14,7 @@ import { mountExtended } from 'helpers/vue_test_utils_helper'; ...@@ -14,7 +14,7 @@ import { mountExtended } from 'helpers/vue_test_utils_helper';
import { FIELDS } from 'ee/security_dashboard/components/shared/vulnerability_report/constants'; import { FIELDS } from 'ee/security_dashboard/components/shared/vulnerability_report/constants';
import { generateVulnerabilities, vulnerabilities } from '../../mock_data'; import { generateVulnerabilities, vulnerabilities } from '../../mock_data';
const { CHECKBOX, DETECTED, STATUS, SEVERITY, DESCRIPTION, IDENTIFIER, TOOL, ACTIVITY } = FIELDS; const { DETECTED, STATUS, SEVERITY, DESCRIPTION, IDENTIFIER, TOOL, ACTIVITY } = FIELDS;
describe('Vulnerability list component', () => { describe('Vulnerability list component', () => {
let wrapper; let wrapper;
...@@ -23,7 +23,7 @@ describe('Vulnerability list component', () => { ...@@ -23,7 +23,7 @@ describe('Vulnerability list component', () => {
wrapper = mountExtended(VulnerabilityList, { wrapper = mountExtended(VulnerabilityList, {
propsData: { propsData: {
vulnerabilities: [], vulnerabilities: [],
fields: [CHECKBOX, DETECTED, STATUS, SEVERITY, DESCRIPTION, IDENTIFIER, TOOL, ACTIVITY], fields: [DETECTED, STATUS, SEVERITY, DESCRIPTION, IDENTIFIER, TOOL, ACTIVITY],
...props, ...props,
}, },
stubs: { stubs: {
...@@ -205,6 +205,30 @@ describe('Vulnerability list component', () => { ...@@ -205,6 +205,30 @@ describe('Vulnerability list component', () => {
); );
}); });
describe('when user has no permission to admin vulnerabilities', () => {
beforeEach(() => {
createWrapper({
props: { vulnerabilities },
provide: { canAdminVulnerability: false },
});
});
it('should not show the checkboxes', () => {
expect(findDataCell('vulnerability-checkbox-all').exists()).toBe(false);
expect(findDataCell('vulnerability-checkbox').exists()).toBe(false);
});
it('should not select a clicked vulnerability', async () => {
findRow(1).trigger('click');
await wrapper.vm.$nextTick();
expect(findSelectionSummary().props()).toMatchObject({
visible: false,
selectedVulnerabilities: [],
});
});
});
describe('when displayed on instance or group level dashboard', () => { describe('when displayed on instance or group level dashboard', () => {
let newVulnerabilities; let newVulnerabilities;
...@@ -580,7 +604,10 @@ describe('Vulnerability list component', () => { ...@@ -580,7 +604,10 @@ describe('Vulnerability list component', () => {
describe('fields prop', () => { describe('fields prop', () => {
it('shows the expected columns in the table', () => { it('shows the expected columns in the table', () => {
const fields = [STATUS, SEVERITY]; const fields = [STATUS, SEVERITY];
createWrapper({ props: { fields, vulnerabilities } }); createWrapper({
props: { fields, vulnerabilities },
provide: { canAdminVulnerability: false },
});
// Check that there are only 2 columns. // Check that there are only 2 columns.
expect(findRow().element.cells).toHaveLength(2); expect(findRow().element.cells).toHaveLength(2);
......
...@@ -8,7 +8,6 @@ import projectVulnerabilitiesQuery from 'ee/security_dashboard/graphql/queries/p ...@@ -8,7 +8,6 @@ import projectVulnerabilitiesQuery from 'ee/security_dashboard/graphql/queries/p
import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants'; import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants';
import { import {
FIELD_PRESETS, FIELD_PRESETS,
FIELDS,
FILTER_PRESETS, FILTER_PRESETS,
REPORT_TAB, REPORT_TAB,
REPORT_TYPE_PRESETS, REPORT_TYPE_PRESETS,
...@@ -107,12 +106,6 @@ describe('Vulnerability report component', () => { ...@@ -107,12 +106,6 @@ describe('Vulnerability report component', () => {
expect(findVulnerabilityListGraphql().props('fields')).toEqual(expectedFields); expect(findVulnerabilityListGraphql().props('fields')).toEqual(expectedFields);
}); });
it('gets passed the checkbox field if the user can admin vulnerability', () => {
createWrapper({ canAdminVulnerability: true });
expect(findVulnerabilityListGraphql().props('fields')).toContainEqual(FIELDS.CHECKBOX);
});
it.each([true, false])( it.each([true, false])(
'gets passed the expected value for the should show project namespace prop', 'gets passed the expected value for the should show project namespace prop',
(showProjectFilter) => { (showProjectFilter) => {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment