An error occurred while fetching the assigned iteration of the selected issue.
Bulk dismissal checkboxes doesn't show for regular users on Security Center vulnerability report
NOTE: This is the same issue as #336214 (closed), but for the Security Center vulnerability report instead of the group-level.
For a regular user:
![]() |
on the Security Center vulnerability report for that user:
![]() |
the bulk select checkboxes aren't shown when they should be:
Current | Expected Behavior |
---|---|
![]() |
![]() |
The behavior of the bulk select checkboxes should be:
Access level | Description |
---|---|
Regular users | The bulk select checkboxes should always be shown. A regular user can only add projects to the Security Center vulnerability report that they have write access to. |
Auditor users | The bulk select checkboxes should always be hidden. Auditors have read-only access to all projects regardless of membership/role, but if their role in a project is Developer or higher, they also have write access. However, the bulk select checkboxes are currently an all-or-nothing feature; we can't selectively show checkboxes for some of the vulnerabilities and hide them for others. Thus, for now we'll hide them for all projects, even if the auditor user has write access to some or all of the projects that they added to the Security Center vulnerability report. |
Admin users | The bulk select checkboxes should always be shown, regardless of membership/role. |
Implementation plan
-
Add the
can_admin_vulnerability
property toee/app/helpers/security_helper.rb
. Useee/app/helpers/groups/security_features_helper.rb
,ee/app/helpers/ee/projects_helper.rb
, and !66312 (merged) for an example of how to do this.