Commit c358e500 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'add_dast_scanner_profile_finder_241120' into 'master'

Add standard way to find DastScannerProfiles

See merge request gitlab-org/gitlab!41633
parents c4753eaa e2503f5a
# frozen_string_literal: true
class DastScannerProfilesFinder
def initialize(params = {})
@params = params
end
def execute
relation = DastScannerProfile.all
relation = by_id(relation)
relation = by_project(relation)
relation
end
private
attr_reader :params
def by_id(relation)
return relation unless params[:ids]
relation.id_in(params[:ids])
end
def by_project(relation)
return relation unless params[:project_ids]
relation.project_id_in(params[:project_ids])
end
end
...@@ -19,7 +19,7 @@ module EE ...@@ -19,7 +19,7 @@ module EE
resolve: -> (project, _args, _ctx) do resolve: -> (project, _args, _ctx) do
return DastScannerProfile.none unless ::Feature.enabled?(:security_on_demand_scans_feature_flag, project, default_enabled: true) return DastScannerProfile.none unless ::Feature.enabled?(:security_on_demand_scans_feature_flag, project, default_enabled: true)
project.dast_scanner_profiles DastScannerProfilesFinder.new(project_ids: [project.id]).execute
end end
field :sast_ci_configuration, ::Types::CiConfiguration::Sast::Type, null: true, field :sast_ci_configuration, ::Types::CiConfiguration::Sast::Type, null: true,
......
...@@ -5,4 +5,6 @@ class DastScannerProfile < ApplicationRecord ...@@ -5,4 +5,6 @@ class DastScannerProfile < ApplicationRecord
validates :project_id, presence: true validates :project_id, presence: true
validates :name, length: { maximum: 255 }, uniqueness: { scope: :project_id } validates :name, length: { maximum: 255 }, uniqueness: { scope: :project_id }
scope :project_id_in, -> (project_ids) { where(project_id: project_ids) }
end end
...@@ -28,7 +28,7 @@ module DastScannerProfiles ...@@ -28,7 +28,7 @@ module DastScannerProfiles
end end
def find_dast_scanner_profile(id) def find_dast_scanner_profile(id)
project.dast_scanner_profiles.id_in(id).first DastScannerProfilesFinder.new(project_ids: [project.id], ids: [id]).execute.first
end end
end end
end end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe DastScannerProfilesFinder do
let_it_be(:current_user) { create(:user) }
let_it_be(:dast_scanner_profile1) { create(:dast_scanner_profile) }
let_it_be(:dast_scanner_profile2) { create(:dast_scanner_profile) }
let_it_be(:dast_scanner_profile3) { create(:dast_scanner_profile) }
let(:params) { {} }
subject do
described_class.new(params).execute
end
describe '#execute' do
it 'returns all dast_scanner_profiles' do
expect(subject).to contain_exactly(dast_scanner_profile1, dast_scanner_profile2, dast_scanner_profile3)
end
context 'filtering by ids' do
let(:params) { { ids: [dast_scanner_profile1.id, dast_scanner_profile3.id] } }
it 'returns the dast_scanner_profile' do
expect(subject).to contain_exactly(dast_scanner_profile1, dast_scanner_profile3)
end
end
context 'filter by project' do
let(:params) { { project_ids: [dast_scanner_profile1.project.id, dast_scanner_profile2.project.id] } }
it 'returns the matching dast_scanner_profiles' do
expect(subject).to contain_exactly(dast_scanner_profile1, dast_scanner_profile2)
end
end
context 'when DastScannerProfile id is for a different project' do
let(:params) { { ids: [dast_scanner_profile1.id], project_ids: [dast_scanner_profile2.project.id] } }
it 'returns an empty relation' do
expect(subject).to be_empty
end
end
context 'when the dast_scanner_profile1 does not exist' do
let(:params) { { ids: [0] } }
it 'returns an empty relation' do
expect(subject).to be_empty
end
end
end
end
...@@ -15,4 +15,13 @@ RSpec.describe DastScannerProfile, type: :model do ...@@ -15,4 +15,13 @@ RSpec.describe DastScannerProfile, type: :model do
it { is_expected.to validate_uniqueness_of(:name).scoped_to(:project_id) } it { is_expected.to validate_uniqueness_of(:name).scoped_to(:project_id) }
it { is_expected.to validate_presence_of(:project_id) } it { is_expected.to validate_presence_of(:project_id) }
end end
describe 'scopes' do
describe '.project_id_in' do
it 'returns the dast_scanner_profiles for given projects' do
result = DastScannerProfile.project_id_in([subject.project.id])
expect(result).to eq([subject])
end
end
end
end end
...@@ -7,6 +7,8 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do ...@@ -7,6 +7,8 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do
let_it_be(:dast_scanner_profile) { create(:dast_scanner_profile) } let_it_be(:dast_scanner_profile) { create(:dast_scanner_profile) }
let_it_be(:project) { dast_scanner_profile.project } let_it_be(:project) { dast_scanner_profile.project }
let_it_be(:dast_scanner_profile_different_project) { create(:dast_scanner_profile) }
let_it_be(:project_2) { dast_scanner_profile_different_project.project }
let_it_be(:current_user) { create(:user) } let_it_be(:current_user) { create(:user) }
let(:query) do let(:query) do
...@@ -43,6 +45,7 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do ...@@ -43,6 +45,7 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do
context 'when the user can run a dast scan' do context 'when the user can run a dast scan' do
before do before do
project.add_guest(current_user) project.add_guest(current_user)
project_2.add_guest(current_user)
end end
describe 'dast scanner profiles' do describe 'dast scanner profiles' do
...@@ -52,6 +55,22 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do ...@@ -52,6 +55,22 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do
end end
end end
context 'when a user has access to multiple projects' do
before do
project.add_developer(current_user)
project_2.add_developer(current_user)
end
describe 'dast scanner profiles' do
subject { response_data.dig('project', 'dastScannerProfiles', 'nodes') }
it 'returns only the dast_scanner_profile for the requested project' do
expect(subject.length).to eq(1)
expect(subject.first['id']).to eq(Gitlab::GlobalId.build(dast_scanner_profile).to_s)
end
end
end
context 'when a user has access dast_scanner_profiles' do context 'when a user has access dast_scanner_profiles' do
before do before do
project.add_developer(current_user) project.add_developer(current_user)
......
...@@ -5,7 +5,9 @@ require 'spec_helper' ...@@ -5,7 +5,9 @@ require 'spec_helper'
RSpec.describe DastScannerProfiles::UpdateService do RSpec.describe DastScannerProfiles::UpdateService do
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:dast_scanner_profile, reload: true) { create(:dast_scanner_profile, target_timeout: 200, spider_timeout: 5000) } let_it_be(:dast_scanner_profile, reload: true) { create(:dast_scanner_profile, target_timeout: 200, spider_timeout: 5000) }
let_it_be(:dast_scanner_profile_2, reload: true) { create(:dast_scanner_profile, target_timeout: 200, spider_timeout: 5000) }
let(:project) { dast_scanner_profile.project } let(:project) { dast_scanner_profile.project }
let(:project_2) { dast_scanner_profile_2.project }
let_it_be(:new_profile_name) { SecureRandom.hex } let_it_be(:new_profile_name) { SecureRandom.hex }
let_it_be(:new_target_timeout) { dast_scanner_profile.target_timeout + 1 } let_it_be(:new_target_timeout) { dast_scanner_profile.target_timeout + 1 }
...@@ -40,6 +42,26 @@ RSpec.describe DastScannerProfiles::UpdateService do ...@@ -40,6 +42,26 @@ RSpec.describe DastScannerProfiles::UpdateService do
end end
end end
context 'when the dast_scanner_profile exists on a different project' do
before do
project.add_developer(user)
project_2.add_developer(user)
end
subject do
described_class.new(project_2, user).execute(
id: dast_scanner_profile.id,
profile_name: new_profile_name,
target_timeout: new_target_timeout,
spider_timeout: new_spider_timeout
)
end
it 'returns an error status' do
expect(status).to eq(:error)
end
end
context 'when the user can run a dast scan' do context 'when the user can run a dast scan' do
before do before do
project.add_developer(user) project.add_developer(user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment