Provide & edit dismissal reason in finding modal
Summary
When dismissing a finding in the modal, a dismissal reason should be provided.
Because the reason is required and it's not possible to dismiss without, the split button used at the moment to differentiate between simply dismissing or dismissing with a comment should be replaced with 1 button "Dismiss".
If a reason is not provided when clicking "Confirm dismissal", the reason listbox should show an error state with error message.
This issue also includes editing the dismissal reason (this functionality is already available for editing the comment after it's submitted).
While the DismissalNote component is used both in the old and new modal, we'll only support showing the dismissal reason in the new one (VulnerabilityFindingModal).
Screenshots
default
provide reason and comment
error state
edit dismissal (no comment provided)
edit dismissal (with comment)
Implementation steps
- Go from split dismiss/dismiss with comment button to 1 "Dismiss vulnerability" button (cleanup code if necessary)
- Add dismissal reason listbox with label "Dismiss as" and sync with VulnerabilityFindingModal (consider making this a separate component)
- Add label above comment input "Dismissal comment"
- Rename "Add comment & dismiss" button to "Confirm dismissal" and make it confirm variant
- Hide "Create issue" button when adding dismissal
- Manage error state of dismissal reason when clicking "Confirm dismissal". If no reason is provided, show error message "This selection is required." and put listbox in variant=danger and category=secondary.
- Update
dismiss_finding.mutation.graphql
to acceptdismissalReason
and pass from VulnerabilityFindingModal - Consider renaming
isCommentingOnDismissal
data property to be more general to cover it's about editing the comment and reason. - Update
vulnerability_finding_modal_spec.js
accordingly
Testing
- E2E testing: Make sure e2e: package-and-test is run and govern specs are green
Verification steps
Validation
- Go to a pipeline security tab of this verification project: https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/verify-provide-and-edit-dismissal-reason-in-finding-modal/-/pipelines/1000667892/security
- Select the "More info" info icon of a non-dismissed finding
- Verify in the footer of the modal it contains a "Dismiss vulnerability" button
- Verify that after selecting that button, it shows an event item with your name and username, followed by an edit section where you can choose the dismissal reason and enter a comment
- Verify that if you provide no reason and you select "Confirm dismissal", it does not dismiss and instead shows an error message under the dismissal reason listbox
- Now provide a dismissal reason (no comment yet) and select "Confirm dismissal"
- Verify that the modal closes
- Open the same finding modal again
- Verify that the event item shows "Dismissed", followed by the reason you provided
- Select the "Edit dismissal" pencil icon button
- Verify the dismissal reason is pre-filled now
- Now enter a comment this time
- Select "Confirm dismissal"
- Verify the modal closes, now open it again
- Verify that it the comment is shown below the event item of before, showing the comment. It also shows two icon buttons: "Edit dismissal" and "Remove comment".
- Verify that selecting "Edit dismissal" opens the edit section
- Verify that selecting "Cancel" closes the editing section
- Select "Undo dismiss"
- Verify that it closes the modal and the finding is now in Detected state again.