Update DAST profiles routes

- Updated the routing to create the following paths:
  - /:namespace/:project/-/on_demand_scans/profiles
  - /:namespace/:project/-/on_demand_scans/profiles/dast_site_profiles/new
- Protected the pages with the read_on_demand_scans policy
- Set breadcrumbs in the new views
- Added controller specs
parent 6f1bdc53
# frozen_string_literal: true
module Projects
class DastProfilesController < Projects::ApplicationController
before_action :authorize_read_on_demand_scans!
def index
end
private
def authorize_read_on_demand_scans!
access_denied! unless can?(current_user, :read_on_demand_scans, project)
end
end
end
# frozen_string_literal: true
module Projects
class DastSiteProfilesController < Projects::ApplicationController
before_action :authorize_read_on_demand_scans!
def new
end
private
def authorize_read_on_demand_scans!
access_denied! unless can?(current_user, :read_on_demand_scans, project)
end
end
end
# frozen_string_literal: true
module Projects
module Profiles
class SiteProfilesController < Projects::ApplicationController
def index
end
end
end
end
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
%span= _('Security Dashboard') %span= _('Security Dashboard')
- if project_nav_tab?(:on_demand_scans) - if project_nav_tab?(:on_demand_scans)
= nav_link(path: 'projects/on_demand_scans#index') do = nav_link(path: ['projects/on_demand_scans#index']) do
= link_to project_on_demand_scans_path(@project), title: s_('OnDemandScans|On-demand Scans'), data: { qa_selector: 'on_demand_scans_link' } do = link_to project_on_demand_scans_path(@project), title: s_('OnDemandScans|On-demand Scans'), data: { qa_selector: 'on_demand_scans_link' } do
%span= s_('OnDemandScans|On-demand Scans') %span= s_('OnDemandScans|On-demand Scans')
......
- add_to_breadcrumbs s_('OnDemandScans|On-demand Scans'), namespace_project_on_demand_scans_path(@project.group, @project)
- breadcrumb_title s_('DastProfiles|Manage profiles')
- page_title s_('DastProfiles|Manage profiles')
%h1= s_('DastProfiles|Manage profiles')
- add_to_breadcrumbs s_('OnDemandScans|On-demand Scans'), namespace_project_on_demand_scans_path(@project.group, @project)
- add_to_breadcrumbs s_('DastProfiles|Manage profiles'), namespace_project_profiles_path(@project.group, @project)
- breadcrumb_title s_('DastProfiles|New site profile')
- page_title s_('DastProfiles|New site profile')
%h1= s_('DastProfiles|New Site Profile')
...@@ -101,11 +101,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -101,11 +101,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :dependencies, only: [:index] resources :dependencies, only: [:index]
resources :licenses, only: [:index, :create, :update] resources :licenses, only: [:index, :create, :update]
# resources :on_demand_scans, only: [:index], controller: :on_demand_scans
scope :on_demand_scans do scope :on_demand_scans do
root 'on_demand_scans#index', as: 'on_demand_scans' root 'on_demand_scans#index', as: 'on_demand_scans'
namespace :profiles do scope :profiles do
resources :site_profiles #, only: [:create, :edit] root 'dast_profiles#index', as: 'profiles'
resources :dast_site_profiles, only: [:new]
end end
end end
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::DastProfilesController, type: :request do
let(:group) { create(:group) }
let(:project) { create(:project, namespace: group) }
let(:user) { create(:user) }
describe 'GET #index' do
context 'feature available' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: true)
end
context 'user authorized' do
before do
project.add_developer(user)
login_as(user)
end
it 'can access page' do
get namespace_project_profiles_path(project.group, project)
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'user not authorized' do
before do
project.add_guest(user)
login_as(user)
end
it 'sees a 404 error' do
get namespace_project_profiles_path(project.group, project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'feature not available' do
before do
project.add_developer(user)
login_as(user)
end
context 'feature flag is disabled' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
stub_licensed_features(security_on_demand_scans: true)
get namespace_project_profiles_path(project.group, project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'license doesnt\'t support the feature' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: false)
get namespace_project_profiles_path(project.group, project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::DastSiteProfilesController, type: :request do
let(:group) { create(:group) }
let(:project) { create(:project, namespace: group) }
let(:user) { create(:user) }
describe 'GET #new' do
context 'feature available' do
before do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: true)
end
context 'user authorized' do
before do
project.add_developer(user)
login_as(user)
end
it 'can access page' do
get namespace_project_profiles_path(project.group, project)
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'user not authorized' do
before do
project.add_guest(user)
login_as(user)
end
it 'sees a 404 error' do
get namespace_project_profiles_path(project.group, project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
context 'feature not available' do
before do
project.add_developer(user)
login_as(user)
end
context 'feature flag is disabled' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: false)
stub_licensed_features(security_on_demand_scans: true)
get namespace_project_profiles_path(project.group, project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'license doesnt\'t support the feature' do
it 'sees a 404 error' do
stub_feature_flags(security_on_demand_scans_feature_flag: true)
stub_licensed_features(security_on_demand_scans: false)
get namespace_project_profiles_path(project.group, project)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
end
...@@ -7297,6 +7297,15 @@ msgstr "" ...@@ -7297,6 +7297,15 @@ msgstr ""
msgid "Dashboard|Unable to add %{invalidProjects}. This dashboard is available for public projects, and private projects in groups with a Silver plan." msgid "Dashboard|Unable to add %{invalidProjects}. This dashboard is available for public projects, and private projects in groups with a Silver plan."
msgstr "" msgstr ""
msgid "DastProfiles|Manage profiles"
msgstr ""
msgid "DastProfiles|New Site Profile"
msgstr ""
msgid "DastProfiles|New site profile"
msgstr ""
msgid "Data is still calculating..." msgid "Data is still calculating..."
msgstr "" msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment