Merge branch '212941-sec-tab-for-reporters' into 'master'

Hide Pipeline Security tab from reporters See merge request gitlab-org/gitlab!29334

Merge branch '212941-sec-tab-for-reporters' into 'master'
Hide Pipeline Security tab from reporters See merge request gitlab-org/gitlab!29334
f333eb77 · Ash McKenzie · f412d4fb · acf61727 · f333eb77 · f333eb77
Commit f333eb77 authored Apr 15, 2020 by Ash McKenzie
5 changed files
--- a/ee/app/presenters/ee/ci/pipeline_presenter.rb
+++ b/ee/app/presenters/ee/ci/pipeline_presenter.rb
@@ -19,6 +19,8 @@ module EE
      end

      def expose_security_dashboard?
+        return false unless can?(current_user, :read_vulnerability, pipeline.project)
+
        batch_lookup_report_artifact_for_file_type(:sast) ||
          batch_lookup_report_artifact_for_file_type(:dependency_scanning) ||
          batch_lookup_report_artifact_for_file_type(:dast) ||

--- a/ee/changelogs/unreleased/212941-sec-tab-for-reporters.yml
+++ b/ee/changelogs/unreleased/212941-sec-tab-for-reporters.yml
+---
+title: Hide Pipeline Security tab from reporters
+merge_request: 29334
+author:
+type: changed
--- a/ee/spec/controllers/projects/pipelines_controller_spec.rb
+++ b/ee/spec/controllers/projects/pipelines_controller_spec.rb
@@ -21,7 +21,7 @@ describe Projects::PipelinesController do

      context 'with feature enabled' do
        before do
-          stub_licensed_features(sast: true)
+          stub_licensed_features(sast: true, security_dashboard: true)

          get :security, params: { namespace_id: project.namespace, project_id: project, id: pipeline }
        end

--- a/ee/spec/features/projects/pipelines/pipeline_spec.rb
+++ b/ee/spec/features/projects/pipelines/pipeline_spec.rb
@@ -95,7 +95,7 @@ describe 'Pipeline', :js do
    let(:pipeline) { create(:ci_pipeline, project: project, ref: 'master', sha: project.commit.id) }

    before do
-      stub_licensed_features(sast: true)
+      stub_licensed_features(sast: true, security_dashboard: true)
    end

    context 'with a sast artifact' do
@@ -121,7 +121,7 @@ describe 'Pipeline', :js do

      it 'displays the pipeline graph' do
        expect(current_path).to eq(pipeline_path(pipeline))
-        expect(page).not_to have_content('Security')
+        expect(page).not_to have_css('#js-tab-security')
        expect(page).to have_selector('.pipeline-visualization')
      end
    end

--- a/ee/spec/presenters/ci/pipeline_presenter_spec.rb
+++ b/ee/spec/presenters/ci/pipeline_presenter_spec.rb
@@ -28,36 +28,59 @@ describe Ci::PipelinePresenter do
  describe '#expose_security_dashboard?' do
    subject { presenter.expose_security_dashboard? }

-    context 'when features are available' do
+    let(:current_user) { create(:user) }
+
+    before do
+      allow(presenter).to receive(:current_user) { current_user }
+    end
+
+    context 'with developer' do
      before do
-        stub_licensed_features(dependency_scanning: true, license_scanning: true)
+        project.add_developer(current_user)
      end

-      context 'when there is an artifact of a right type' do
-        let!(:build) { create(:ee_ci_build, :dependency_scanning, pipeline: pipeline) }
+      context 'when features are available' do
+        before do
+          stub_licensed_features(dependency_scanning: true, license_scanning: true, security_dashboard: true)
+        end

-        it { is_expected.to be_truthy }
-      end
+        context 'when there is an artifact of a right type' do
+          let!(:build) { create(:ee_ci_build, :dependency_scanning, pipeline: pipeline) }
+
+          it { is_expected.to be_truthy }
+        end

-      context 'when there is an artifact of a wrong type' do
-        let!(:build) { create(:ee_ci_build, :license_scanning, pipeline: pipeline) }
+        context 'when there is an artifact of a wrong type' do
+          let!(:build) { create(:ee_ci_build, :license_scanning, pipeline: pipeline) }

-        it { is_expected.to be_falsey }
+          it { is_expected.to be_falsey }
+        end
+
+        context 'when there is no found artifact' do
+          let!(:build) { create(:ee_ci_build, pipeline: pipeline) }
+
+          it { is_expected.to be_falsey }
+        end
      end

-      context 'when there is no found artifact' do
-        let!(:build) { create(:ee_ci_build, pipeline: pipeline) }
+      context 'when features are disabled' do
+        context 'when there is an artifact of a right type' do
+          let!(:build) { create(:ee_ci_build, :dependency_scanning, pipeline: pipeline) }

-        it { is_expected.to be_falsey }
+          it { is_expected.to be_falsey }
+        end
      end
    end

-    context 'when features are disabled' do
-      context 'when there is an artifact of a right type' do
-        let!(:build) { create(:ee_ci_build, :dependency_scanning, pipeline: pipeline) }
+    context 'with reporter' do
+      let!(:build) { create(:ee_ci_build, :dependency_scanning, pipeline: pipeline) }

-        it { is_expected.to be_falsey }
+      before do
+        project.add_reporter(current_user)
+        stub_licensed_features(dependency_scanning: true, license_scanning: true, security_dashboard: true)
      end
+
+      it { is_expected.to be_falsey }
    end
  end
 end