Commit 68da946d authored by Bob Van Landuyt's avatar Bob Van Landuyt

Merge branch 'end-point-for-policy-assignment' into 'master'

Scaffolding for security policy view [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!54220
parents 71078842 f10ef1cf
---
name: security_orchestration_policies_configuration
introduced_by_url:
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/321258
milestone: '13.9'
type: development
group: group::container security
default_enabled: false
# frozen_string_literal: true
module Projects
module Security
class PoliciesController < Projects::ApplicationController
include SecurityAndCompliancePermissions
before_action do
push_frontend_feature_flag(:security_orchestration_policies_configuration, project)
end
feature_category :security_orchestration
def show
render_404 unless Feature.enabled?(:security_orchestration_policies_configuration, project) && can?(current_user, :security_orchestration_policies, project)
end
end
end
end
......@@ -169,6 +169,7 @@ class License < ApplicationRecord
secret_detection
security_dashboard
security_on_demand_scans
security_orchestration_policies
status_page
subepics
threat_monitoring
......
......@@ -115,6 +115,11 @@ module EE
@subject.feature_available?(:reject_unsigned_commits)
end
with_scope :subject
condition(:security_orchestration_policies_enabled) do
@subject.feature_available?(:security_orchestration_policies)
end
with_scope :subject
condition(:security_dashboard_enabled) do
@subject.feature_available?(:security_dashboard)
......@@ -229,6 +234,10 @@ module EE
rule { can?(:read_project) & iterations_available }.enable :read_iteration
rule { security_orchestration_policies_enabled & can?(:developer_access) }.policy do
enable :security_orchestration_policies
end
rule { security_dashboard_enabled & can?(:developer_access) }.policy do
enable :read_vulnerability
enable :read_vulnerability_scanner
......
......@@ -64,6 +64,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :dashboard, only: [:index], controller: :dashboard
resources :vulnerability_report, only: [:index], controller: :vulnerability_report
resource :policy, only: [:show]
resource :configuration, only: [], controller: :configuration do
post :auto_fix, on: :collection
resource :corpus_management, only: [:show], controller: :corpus_management
......
......@@ -673,6 +673,22 @@ RSpec.describe ProjectPolicy do
end
end
describe 'security complience policy' do
before do
stub_licensed_features(security_orchestration_policies: true)
end
context 'with developer or higher role' do
where(role: %w[owner maintainer developer])
with_them do
let(:current_user) { public_send(role) }
it { is_expected.to be_allowed(:security_orchestration_policies) }
end
end
end
describe 'read_corpus_management' do
context 'when corpus_management feature is available' do
before do
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::Security::PoliciesController, type: :request do
let_it_be(:project, reload: true) { create(:project) }
let_it_be(:user) { create(:user) }
before do
project.add_developer(user)
login_as(user)
end
context 'displaying page' do
using RSpec::Parameterized::TableSyntax
where(:feature_flag, :license, :status) do
true | true | :ok
false | false | :not_found
false | true | :not_found
true | false | :not_found
end
subject { get project_security_policy_url(project) }
with_them do
before do
stub_feature_flags(security_orchestration_policies_configuration: feature_flag)
stub_licensed_features(security_orchestration_policies: license)
end
specify do
get project_security_policy_url(project)
expect(response).to have_gitlab_http_status(status)
end
end
end
end
......@@ -64,4 +64,10 @@ RSpec.describe 'EE-specific project routing' do
expect(get("/gitlab/gitlabhq/-/integrations/jira/issues")).to route_to('projects/integrations/jira/issues#index', namespace_id: 'gitlab', project_id: 'gitlabhq')
end
end
describe Projects::Security::PoliciesController, 'routing' do
it 'to #show' do
expect(get('/gitlab/gitlabhq/-/security/policy')).to route_to('projects/security/policies#show', namespace_id: 'gitlab', project_id: 'gitlabhq')
end
end
end
......@@ -26437,6 +26437,9 @@ msgstr ""
msgid "SecurityReports|[No reason]"
msgstr ""
msgid "Security|Policies"
msgstr ""
msgid "See GitLab's %{password_policy_guidelines}"
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment