Move permissions based on paths into vuex

Currently we define permissions in the MR Widget store and in the
entrypoint for the pipelines view. This moves this definition into a
VueX getter based on the actual paths.

ee/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.vue

@@ -323,9 +323,6 @@ export default {
         :create-vulnerability-feedback-dismissal-path="mr.createVulnerabilityFeedbackDismissalPath"
         :pipeline-path="mr.pipeline.path"
         :pipeline-id="mr.securityReportsPipelineId"
-        :can-create-issue="mr.canCreateIssue"
-        :can-create-merge-request="mr.canCreateMergeRequest"
-        :can-dismiss-vulnerability="mr.canDismissVulnerability"
         :diverged-commits-count="mr.divergedCommitsCount"
         :mr-state="mr.state"
         :target-branch-tree-path="mr.targetBranchTreePath"

ee/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js

@@ -24,10 +24,6 @@ export default class MergeRequestStore extends CEMergeRequestStore {
       data.create_vulnerability_feedback_merge_request_path;
     this.createVulnerabilityFeedbackDismissalPath =
       data.create_vulnerability_feedback_dismissal_path;
-    this.canCreateIssue = Boolean(this.createVulnerabilityFeedbackIssuePath);
-    this.canCreateMergeRequest = Boolean(this.createVulnerabilityFeedbackMergeRequestPath);
-    this.canDismissVulnerability = Boolean(this.createVulnerabilityFeedbackDismissalPath);
-    this.canCreateFeedback = data.can_create_feedback || false;
     this.visualReviewAppAvailable = Boolean(data.visual_review_app_available);
     this.appUrl = gon && gon.gitlab_url;
 

ee/app/assets/javascripts/vue_shared/security_reports/grouped_security_reports_app.vue

@@ -104,18 +104,6 @@ export default {
       required: false,
       default: undefined,
     },
-    canDismissVulnerability: {
-      type: Boolean,
-      required: true,
-    },
-    canCreateMergeRequest: {
-      type: Boolean,
-      required: true,
-    },
-    canCreateIssue: {
-      type: Boolean,
-      required: true,
-    },
     divergedCommitsCount: {
       type: Number,
       required: false,
@@ -157,6 +145,9 @@ export default {
       'dastStatusIcon',
       'dependencyScanningStatusIcon',
       'isBaseSecurityReportOutOfDate',
+      'canCreateIssue',
+      'canCreateMergeRequest',
+      'canDismissVulnerability',
     ]),
     ...mapGetters('sast', ['groupedSastText', 'sastStatusIcon']),
     securityTab() {

ee/app/assets/javascripts/vue_shared/security_reports/store/getters.js

@@ -140,5 +140,13 @@ export const isBaseSecurityReportOutOfDate = state =>
   state.containerScanning.baseReportOutofDate ||
   state.dependencyScanning.baseReportOutofDate;
 
+export const canCreateIssue = state => Boolean(state.createVulnerabilityFeedbackIssuePath);
+
+export const canCreateMergeRequest = state =>
+  Boolean(state.createVulnerabilityFeedbackMergeRequestPath);
+
+export const canDismissVulnerability = state =>
+  Boolean(state.createVulnerabilityFeedbackDismissalPath);
+
 // prevent babel-plugin-rewire from generating an invalid default during karma tests
 export default () => {};

ee/spec/frontend/vue_shared/security_reports/grouped_security_reports_app_spec.js

@@ -38,9 +38,6 @@ describe('Grouped security reports app', () => {
     vulnerabilityFeedbackPath: 'vulnerability_feedback_path.json',
     vulnerabilityFeedbackHelpPath: 'path',
     pipelineId: 123,
-    canCreateIssue: true,
-    canCreateMergeRequest: true,
-    canDismissVulnerability: true,
   };
 
   const createWrapper = (propsData, provide = {}) => {
@@ -235,9 +232,6 @@ describe('Grouped security reports app', () => {
     beforeEach(() => {
       createWrapper({
         headBlobPath: 'path',
-        canCreateIssue: false,
-        canCreateMergeRequest: false,
-        canDismissVulnerability: false,
         pipelinePath,
       });
     });

ee/spec/frontend/vue_shared/security_reports/store/getters_spec.js

@@ -14,10 +14,14 @@ import {
   anyReportHasError,
   summaryCounts,
   isBaseSecurityReportOutOfDate,
+  canCreateIssue,
+  canCreateMergeRequest,
+  canDismissVulnerability,
 } from 'ee/vue_shared/security_reports/store/getters';
 
 const BASE_PATH = 'fake/base/path.json';
 const HEAD_PATH = 'fake/head/path.json';
+const MOCK_PATH = 'fake/path.json';
 
 describe('Security reports getters', () => {
   function removeBreakLine(data) {
@@ -542,4 +546,40 @@ describe('Security reports getters', () => {
       expect(isBaseSecurityReportOutOfDate(state)).toEqual(true);
     });
   });
+
+  describe('canCreateIssue', () => {
+    it('returns false if no feedback path is defined', () => {
+      expect(canCreateIssue(state)).toEqual(false);
+    });
+
+    it('returns true if a feedback path is defined', () => {
+      state.createVulnerabilityFeedbackIssuePath = MOCK_PATH;
+
+      expect(canCreateIssue(state)).toEqual(true);
+    });
+  });
+
+  describe('canCreateMergeRequest', () => {
+    it('returns false if no feedback path is defined', () => {
+      expect(canCreateMergeRequest(state)).toEqual(false);
+    });
+
+    it('returns true if a feedback path is defined', () => {
+      state.createVulnerabilityFeedbackMergeRequestPath = MOCK_PATH;
+
+      expect(canCreateMergeRequest(state)).toEqual(true);
+    });
+  });
+
+  describe('canDismissVulnerability', () => {
+    it('returns false if no feedback path is defined', () => {
+      expect(canDismissVulnerability(state)).toEqual(false);
+    });
+
+    it('returns true if a feedback path is defined', () => {
+      state.createVulnerabilityFeedbackDismissalPath = MOCK_PATH;
+
+      expect(canDismissVulnerability(state)).toEqual(true);
+    });
+  });
 });