Commit aa0eb491 authored by Savas Vedova's avatar Savas Vedova

Merge branch '350310-fix-auditor-user-can-bulk-select-vulnerabilities' into 'master'

Fix auditor user able to bulk select vulns on vulnerability report

See merge request gitlab-org/gitlab!78241
parents dcc24b4a 0d18a578
......@@ -19,6 +19,7 @@ import RemediatedBadge from 'ee/vulnerabilities/components/remediated_badge.vue'
import { VULNERABILITY_STATES } from 'ee/vulnerabilities/constants';
import { formatDate } from '~/lib/utils/datetime_utility';
import { convertToSnakeCase } from '~/lib/utils/text_utility';
import { FIELDS } from 'ee/security_dashboard/components/shared/vulnerability_report/constants';
import AutoFixHelpText from '../auto_fix_help_text.vue';
import IssuesBadge from '../issues_badge.vue';
import SelectionSummary from '../selection_summary.vue';
......@@ -49,6 +50,9 @@ export default {
hasVulnerabilities: {
default: false,
},
canAdminVulnerability: {
default: false,
},
hasJiraVulnerabilitiesIntegrationEnabled: {
default: false,
},
......@@ -81,6 +85,10 @@ export default {
};
},
computed: {
displayFields() {
// Add the checkbox field if the user can use the bulk select feature.
return this.canAdminVulnerability ? [FIELDS.CHECKBOX, ...this.fields] : this.fields;
},
hasAnyScannersOtherThanGitLab() {
return this.vulnerabilities.some(
(v) => v.scanner?.vendor !== 'GitLab' && v.scanner?.vendor !== '',
......@@ -176,6 +184,11 @@ export default {
}
},
toggleVulnerability(vulnerability) {
// If the user can't use the bulk select feature (like the auditor user), don't do anything.
if (!this.canAdminVulnerability) {
return;
}
if (this.selectedVulnerabilities[vulnerability.id]) {
this.$delete(this.selectedVulnerabilities, `${vulnerability.id}`);
} else {
......@@ -237,7 +250,7 @@ export default {
/>
<gl-table
:busy="isLoading"
:fields="fields"
:fields="displayFields"
:items="vulnerabilities"
:thead-class="theadClass"
:sort-desc="sortDesc"
......@@ -249,7 +262,7 @@ export default {
responsive
hover
primary-key="id"
:tbody-tr-class="{ 'gl-cursor-pointer': vulnerabilities.length }"
:tbody-tr-class="{ 'gl-cursor-pointer': canAdminVulnerability }"
head-variant="white"
@sort-changed="handleSortChange"
@row-clicked="toggleVulnerability"
......@@ -372,8 +385,8 @@ export default {
</template>
<template #empty>
<filters-produced-no-results v-if="hasVulnerabilities && !isLoading" />
<dashboard-has-no-vulnerabilities v-else-if="!isLoading" />
<filters-produced-no-results v-if="hasVulnerabilities" class="gl-cursor-default" />
<dashboard-has-no-vulnerabilities v-else class="gl-cursor-default" />
</template>
</gl-table>
</div>
......
......@@ -4,7 +4,6 @@ import VulnerabilityCounts from './vulnerability_counts.vue';
import VulnerabilityListGraphql from './vulnerability_list_graphql.vue';
import VulnerabilityFilters from './vulnerability_filters.vue';
import {
FIELDS,
FILTERS,
FIELD_PRESETS,
FILTER_PRESETS,
......@@ -18,7 +17,7 @@ export default {
VulnerabilityListGraphql,
VulnerabilityFilters,
},
inject: ['dashboardType', 'canAdminVulnerability'],
inject: ['dashboardType'],
props: {
type: {
type: String,
......@@ -53,11 +52,7 @@ export default {
return [...FILTER_PRESETS[type], ...(this.showProjectFilter ? [FILTERS.PROJECT] : [])];
},
fieldsToShow() {
return [
// Add the checkbox field if the user can use the bulk select feature.
...(this.canAdminVulnerability ? [FIELDS.CHECKBOX] : []),
...FIELD_PRESETS[this.type],
];
return FIELD_PRESETS[this.type];
},
},
methods: {
......
......@@ -14,7 +14,7 @@ import { mountExtended } from 'helpers/vue_test_utils_helper';
import { FIELDS } from 'ee/security_dashboard/components/shared/vulnerability_report/constants';
import { generateVulnerabilities, vulnerabilities } from '../../mock_data';
const { CHECKBOX, DETECTED, STATUS, SEVERITY, DESCRIPTION, IDENTIFIER, TOOL, ACTIVITY } = FIELDS;
const { DETECTED, STATUS, SEVERITY, DESCRIPTION, IDENTIFIER, TOOL, ACTIVITY } = FIELDS;
describe('Vulnerability list component', () => {
let wrapper;
......@@ -23,7 +23,7 @@ describe('Vulnerability list component', () => {
wrapper = mountExtended(VulnerabilityList, {
propsData: {
vulnerabilities: [],
fields: [CHECKBOX, DETECTED, STATUS, SEVERITY, DESCRIPTION, IDENTIFIER, TOOL, ACTIVITY],
fields: [DETECTED, STATUS, SEVERITY, DESCRIPTION, IDENTIFIER, TOOL, ACTIVITY],
...props,
},
stubs: {
......@@ -205,6 +205,30 @@ describe('Vulnerability list component', () => {
);
});
describe('when user has no permission to admin vulnerabilities', () => {
beforeEach(() => {
createWrapper({
props: { vulnerabilities },
provide: { canAdminVulnerability: false },
});
});
it('should not show the checkboxes', () => {
expect(findDataCell('vulnerability-checkbox-all').exists()).toBe(false);
expect(findDataCell('vulnerability-checkbox').exists()).toBe(false);
});
it('should not select a clicked vulnerability', async () => {
findRow(1).trigger('click');
await wrapper.vm.$nextTick();
expect(findSelectionSummary().props()).toMatchObject({
visible: false,
selectedVulnerabilities: [],
});
});
});
describe('when displayed on instance or group level dashboard', () => {
let newVulnerabilities;
......@@ -580,7 +604,10 @@ describe('Vulnerability list component', () => {
describe('fields prop', () => {
it('shows the expected columns in the table', () => {
const fields = [STATUS, SEVERITY];
createWrapper({ props: { fields, vulnerabilities } });
createWrapper({
props: { fields, vulnerabilities },
provide: { canAdminVulnerability: false },
});
// Check that there are only 2 columns.
expect(findRow().element.cells).toHaveLength(2);
......
......@@ -8,7 +8,6 @@ import projectVulnerabilitiesQuery from 'ee/security_dashboard/graphql/queries/p
import { DASHBOARD_TYPES } from 'ee/security_dashboard/store/constants';
import {
FIELD_PRESETS,
FIELDS,
FILTER_PRESETS,
REPORT_TAB,
REPORT_TYPE_PRESETS,
......@@ -107,12 +106,6 @@ describe('Vulnerability report component', () => {
expect(findVulnerabilityListGraphql().props('fields')).toEqual(expectedFields);
});
it('gets passed the checkbox field if the user can admin vulnerability', () => {
createWrapper({ canAdminVulnerability: true });
expect(findVulnerabilityListGraphql().props('fields')).toContainEqual(FIELDS.CHECKBOX);
});
it.each([true, false])(
'gets passed the expected value for the should show project namespace prop',
(showProjectFilter) => {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment