Change license classification dropdown selection to `deny` and `allow` in policy tab UI
Problem to solve
When user is editing a classification in the policy section, the selection option terms are not displayed as:deny
or allow
(currently, they are denied
and allowed
).
Context: In #12937 (closed), we identified classifications to use in the UI, which are:
-
Allowed
: admin has classified license as acceptable -
Allow
: used in the call-to-action seen in the MR (admin view) or policy list to classify license as Allowed -
Denied
: project participant views this classification when admin classified license as not allowed -
Deny
!*: used in the call-to-action seen in the MR (admin view) or policy list to classify license as unacceptable -
Uncategorized
: admin has not selected classification
View current UI: MR_classification
Intended users
- Compliance Role wants to see that they are following policies that have been set, edit policies as needed, and set policies for unclassified licenses.
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Sam (Security Analyst)\
- Legal and/or person responsible for orgs compliance
Proposal
Change allowed
to allow
and denied
to deny
in the policy tab (maintainer view), since the dropdown is the action that can be taken (vs the policy that is assigned).
Implementation
In addition to the I18n translations we should also update the license status constants.
Constants usage should be refactored to: LICENSE_APPROVAL_STATUS.APPROVED -> LICENSE_APPROVAL_STATUS.ALLOWED LICENSE_APPROVAL_STATUS.BLACKLISTED -> LICENSE_APPROVAL_STATUS.DENIED
In: ee/app/assets/javascripts/vue_shared/license_management/constants.js
export const LICENSE_APPROVAL_STATUS = {
ALLOWED: 'allowed',
DENIED: 'denied',
};
We should also update the action names as per: !22465 (comment 283591283)
In: ee/app/assets/javascripts/vue_shared/license_management/components/admin_license_management_row.vue
...mapActions(LICENSE_MANAGEMENT, ['setLicenseInModal', 'approveLicense', 'blacklistLicense']),
Permissions and Security
- Developer view may view policies, but can't adjust them
- Maintainer may view/add/edit/delete policies
- Public projects policy section is not visible to non-project participants (#33659 (closed))
Documentation
- License compliance foundations document
- Updated classification names issue #12937 (closed)
- Update docs https://docs.gitlab.com/ee/user/application_security/license_compliance/#project-policies-for-license-compliance with additional way to see policies
Testing
TBD
What does success look like, and how can we measure that?
- Does the user understand the selection options?