Commit 989d5661 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Merge branch 'fix_project_security_dashboard' into 'master'

Fix Project Security Dasbhoard

See merge request gitlab-org/gitlab-ee!8072
parents c5f8a7df aca3c900
......@@ -5,7 +5,8 @@ module Projects
before_action :authorize_read_project_security_dashboard!
def show
@pipeline = @project.latest_pipeline_with_security_reports
@pipeline = @project.latest_pipeline_with_legacy_security_reports
&.present(current_user: current_user)
end
private
......
......@@ -16,7 +16,7 @@ module EE
has_many :vulnerabilities, source: :occurrence, through: :vulnerabilities_occurrence_pipelines, class_name: 'Vulnerabilities::Occurrence'
# Legacy way to fetch security reports based on job name. This has been replaced by the reports feature.
scope :with_security_reports, -> {
scope :with_legacy_security_reports, -> {
joins(:artifacts).where(ci_builds: { name: %w[sast dependency_scanning sast:container container_scanning dast] })
}
......
......@@ -108,8 +108,8 @@ module EE
end
end
def latest_pipeline_with_security_reports
pipelines.newest_first(default_branch).with_security_reports.first
def latest_pipeline_with_legacy_security_reports
pipelines.newest_first(default_branch).with_legacy_security_reports.first
end
def environments_for_scope(scope)
......
require 'spec_helper'
describe Projects::Security::DashboardController do
let(:group) { create(:group) }
let(:project) { create(:project, :public, namespace: group) }
let(:user) { create(:user) }
set(:group) { create(:group) }
set(:project) { create(:project, :repository, :public, namespace: group) }
set(:user) { create(:user) }
before do
group.add_developer(user)
end
describe 'GET #show' do
let(:pipeline_1) { create(:ci_pipeline_without_jobs, project: project) }
let(:pipeline_2) { create(:ci_pipeline_without_jobs, project: project) }
let(:pipeline_3) { create(:ci_pipeline_without_jobs, project: project) }
let(:pipeline) { create(:ci_pipeline_without_jobs, sha: project.commit.id, project: project, user: user) }
before do
create(
:ci_build,
:success,
:artifacts,
name: 'sast',
pipeline: pipeline_1,
options: {
artifacts: {
paths: [Ci::JobArtifact::DEFAULT_FILE_NAMES[:sast]]
}
}
)
end
render_views
def show_security_dashboard(current_user = user)
sign_in(current_user)
......@@ -39,11 +24,42 @@ describe Projects::Security::DashboardController do
stub_licensed_features(security_dashboard: true)
end
context 'when uses legacy reports syntax' do
before do
create(:ci_build, :artifacts, pipeline: pipeline, name: 'sast')
end
it 'returns the latest pipeline with security reports for project' do
show_security_dashboard
expect(response).to have_gitlab_http_status(200)
expect(response).to render_template(:show)
expect(response.body).to have_css("div#js-security-report-app[data-has-pipeline-data=true]")
end
end
context 'when uses new reports syntax' do
before do
create(:ee_ci_build, :security_reports, pipeline: pipeline)
end
it 'renders empty state (not yet supported)' do
show_security_dashboard
expect(response).to have_gitlab_http_status(200)
expect(response).to render_template(:show)
expect(response.body).to have_css("div#js-security-report-app[data-has-pipeline-data=false]")
end
end
context 'when there is no matching pipeline' do
it 'renders empty state' do
show_security_dashboard
expect(response).to have_gitlab_http_status(200)
expect(response).to render_template(:show)
expect(response.body).to have_css("div#js-security-report-app[data-has-pipeline-data=false]")
end
end
end
......
......@@ -85,7 +85,7 @@ describe Ci::Pipeline do
end
end
describe '#with_security_reports scope' do
describe '#with_legacy_security_reports scope' do
let(:pipeline_1) { create(:ci_pipeline_without_jobs, project: project) }
let(:pipeline_2) { create(:ci_pipeline_without_jobs, project: project) }
let(:pipeline_3) { create(:ci_pipeline_without_jobs, project: project) }
......@@ -151,7 +151,7 @@ describe Ci::Pipeline do
end
it "returns pipeline with security reports" do
expect(described_class.with_security_reports).to eq([pipeline_1, pipeline_2, pipeline_3, pipeline_4])
expect(described_class.with_legacy_security_reports).to eq([pipeline_1, pipeline_2, pipeline_3, pipeline_4])
end
end
......
......@@ -1496,7 +1496,7 @@ describe Project do
end
end
describe '#latest_pipeline_with_security_reports' do
describe '#latest_pipeline_with_legacy_security_reports' do
let(:project) { create(:project) }
let(:pipeline_1) { create(:ci_pipeline_without_jobs, project: project) }
let(:pipeline_2) { create(:ci_pipeline_without_jobs, project: project) }
......@@ -1530,7 +1530,7 @@ describe Project do
end
it "returns the latest pipeline with security reports" do
expect(project.latest_pipeline_with_security_reports).to eq(pipeline_2)
expect(project.latest_pipeline_with_legacy_security_reports).to eq(pipeline_2)
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment