Commit ee8a9ab6 authored by Zamir Martins Filho's avatar Zamir Martins Filho Committed by Jan Provaznik

Add validation for alert id with respective specs

parent 97ccd117
......@@ -10,11 +10,12 @@ module Projects
push_frontend_feature_flag(:threat_monitoring_alerts, project, default_enabled: :yaml)
end
before_action :threat_monitoring_ff_enabled, only: [:alert_details]
feature_category :web_firewall
def alert_details
render_404 unless Feature.enabled?(:threat_monitoring_alerts, project, default_enabled: :yaml)
@alert_id = params[:id]
@alert_id = project.alert_management_alerts.find(params[:id]).id
end
def edit
......@@ -32,5 +33,11 @@ module Projects
render_404
end
end
private
def threat_monitoring_ff_enabled
render_404 unless Feature.enabled?(:threat_monitoring_alerts, project, default_enabled: :yaml)
end
end
end
......@@ -40,7 +40,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :subscriptions, only: [:create, :destroy]
resource :threat_monitoring, only: [:show], controller: :threat_monitoring do
get '/alerts/:id', action: 'alert_details'
get '/alerts/:id', action: 'alert_details', constraints: { id: /\d+/ }
resources :policies, only: [:new, :edit], controller: :threat_monitoring
end
......
......@@ -4,6 +4,7 @@ require 'spec_helper'
RSpec.describe Projects::ThreatMonitoringController do
let_it_be(:project) { create(:project, :repository, :private) }
let_it_be(:alert) { create(:alert_management_alert, :cilium, project: project) }
let_it_be(:user) { create(:user) }
describe 'GET show' do
......@@ -238,7 +239,9 @@ RSpec.describe Projects::ThreatMonitoringController do
end
describe 'GET threat monitoring alerts' do
subject { get :alert_details, params: { namespace_id: project.namespace, project_id: project, id: '5' } }
let(:alert_id) { alert.id }
subject { get :alert_details, params: { namespace_id: project.namespace, project_id: project, id: alert_id } }
context 'with authorized user' do
before do
......@@ -246,6 +249,29 @@ RSpec.describe Projects::ThreatMonitoringController do
sign_in(user)
end
context 'with threat_monitoring feature and threat_monitoring_alerts feature flag' do
using RSpec::Parameterized::TableSyntax
where(:feature_flag, :feature, :http_status) do
false | false | :not_found
false | true | :not_found
true | false | :not_found
true | true | :ok
end
with_them do
before do
stub_licensed_features(threat_monitoring: feature)
stub_feature_flags(threat_monitoring_alerts: feature_flag)
end
specify do
subject
expect(response).to have_gitlab_http_status(http_status)
end
end
end
context 'when feature is available' do
before do
stub_licensed_features(threat_monitoring: true)
......@@ -254,21 +280,25 @@ RSpec.describe Projects::ThreatMonitoringController do
it 'renders the show template' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:alert_details)
end
end
context 'when feature is not available' do
before do
stub_licensed_features(threat_monitoring: true)
stub_feature_flags(threat_monitoring_alerts: false)
context 'when id is invalid' do
let(:alert_id) { nil }
it 'raises an error' do
expect { subject }.to raise_error(ActionController::UrlGenerationError)
end
end
it 'returns 404' do
subject
context 'when id is not found' do
let(:alert_id) { non_existing_record_id }
expect(response).to have_gitlab_http_status(:not_found)
it 'renders not found' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
......
......@@ -109,6 +109,20 @@ FactoryBot.define do
end
end
trait :cilium do
monitoring_tool { Gitlab::AlertManagement::Payload::MONITORING_TOOLS[:cilium] }
payload do
{
annotations: {
title: 'This is a cilium alert',
summary: 'Summary of the alert',
description: 'Description of the alert'
},
startsAt: started_at
}.with_indifferent_access
end
end
trait :all_fields do
with_issue
with_assignee
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment