Merge branch 'hide-submit-vuln-button-from-guests' into 'master'

Do not display submit vulnerability to guests See merge request gitlab-org/gitlab!82577

Merge branch 'hide-submit-vuln-button-from-guests' into 'master'
Do not display submit vulnerability to guests See merge request gitlab-org/gitlab!82577
b945eefd · Andrew Fontaine · 3e7e6f99 · 03ec1af6 · b945eefd · b945eefd
Commit b945eefd authored Mar 11, 2022 by Andrew Fontaine
2 changed files
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header.vue
@@ -19,10 +19,17 @@ export default {
    newVulnerabilityPath: {
      default: '',
    },
+    canAdminVulnerability: {
+      default: false,
+    },
  },
  computed: {
    shouldShowNewVulnerabilityButton() {
-      return this.glFeatures.newVulnerabilityForm && Boolean(this.newVulnerabilityPath);
+      return (
+        this.glFeatures.newVulnerabilityForm &&
+        Boolean(this.newVulnerabilityPath) &&
+        this.canAdminVulnerability
+      );
    },
  },
  i18n: {

--- a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header_spec.js
@@ -20,6 +20,7 @@ describe('Vulnerability report header component', () => {
  it('shows the submit vulnerability button when new vulnerability path is defined', () => {
    createWrapper({
      provide: {
+        canAdminVulnerability: true,
        newVulnerabilityPath: '/vulnerabilities/new',
        glFeatures: { newVulnerabilityForm: true },
      },
@@ -33,6 +34,19 @@ describe('Vulnerability report header component', () => {
  it('does not show the submit vulnerability button when new vulnerability path is not defined', () => {
    createWrapper({
      provide: {
+        canAdminVulnerability: true,
+        glFeatures: { newVulnerabilityForm: true },
+      },
+    });
+    expect(wrapper.findByText('Submit vulnerability').exists()).toBe(false);
+  });
+  it('does not should the submit vulnerability button when user cannot admin vulnerabilities', () => {
+    createWrapper({
+      provide: {
+        canAdminVulnerability: false,
+        newVulnerabilityPath: '/vulnerabilities/new',
        glFeatures: { newVulnerabilityForm: true },
      },
    });
@@ -43,6 +57,7 @@ describe('Vulnerability report header component', () => {
  it('does not show the submit vulnerability button when the feature flag is not enabled', () => {
    createWrapper({
      provide: {
+        canAdminVulnerability: true,
        newVulnerabilityPath: '/vulnerabilities/new',
      },
    });