Add dismissal reason to vulnerability state dropdown
What does this MR do and why?
This MR allows a user to specify a dismissal reason when dismissing a vulnerability. This allows more fine-grained control of the status of a vulnerability.
The feature is behind a feature flag dismissal_reason
.
Related:
- Issue: Dismissal Types(FE): Implement the new design t... (#285470 - closed) • Samantha Ming, Lorenz van Herwaarden • 15.11
- Epic: &4942 (closed)
- Documentation: !115852 (merged)
- MR to show dismissal reason in header status: !112468 (merged)
- Upcoming issue to show dismissal reason descriptions on hover: #393043 (closed)
- Feature flag rollout issue: #393005 (closed)
Screenshots or screen recordings
This screen recording shows how the dropdown works with a nested dropdown for dismissal reasons. It showcases the following:
- showing and hiding of the nested dropdown when hovering over the dismiss action
- being able to select a dismissal reason and see it selected
- change status to dismissed with a dismissal reason and see the change reflected in the header and in the discussions
- being able to go from dismissed with dismissal reason x to dismissed with dismissal reason y
- correctly handle initial/selected status and dismissal reason
vulnerability-state-dropdown-dismissal-reason
How to set up and validate locally
Prerequisites
- You'll need an EE license
- You'll need to have runners enabled (See $2408961 for setting up a runner)
- Import https://gitlab.com/gitlab-examples/security/security-reports
- Run a pipeline on master
Validate tests
yarn jest ee/spec/frontend/vulnerabilities/vulnerability_state_dropdown_spec.js
yarn jest ee/spec/frontend/vulnerabilities/vulnerability_state_dropdown_deprecated_spec.js
yarn jest ee/spec/frontend/vulnerabilities/header_spec.js
Validate original dropdown
Sanity check for when feature flag is turned off
- Go to the details page of a vulnerability in the security-reports project
- Change the status of the vulnerability and notice that it still behaves as before
Validate new dropdown
- Enable feature flag:
echo "Feature.enable(:dismissal_reason)" | rails c
- Go to the details page of a vulnerability (one with detected status) in the security-reports project
- Click on the status dropdown
- Validate that the subtext for dismiss action shows "Select a reason"
- Validate that clicking the dismiss action does not select it
-
Nested dropdown:
- Move you mouse over the dismiss action
- Validate that a nested dropdown appears with the dismissal reasons
- Validate that if your browser is narrow it appears to the left of the standard dropdown
- Validate that if your browser is wide it appears to the right of the standard dropdown
- Validate that if you move your mouse to the nested dropdown it stays visible
- Validate that if you move your move to another status action the nested dropdown disappears
-
Changing state and selection:
- Select a dismissal reason
- Validate that the dismissal reason and the dismiss action become selected
- Validate that the Change status button becomes enabled
- Select the needs triage status and validate that the Change status button is disabled again
- Select a dismissal reason again and click the Cancel button
- Click on the status dropdown again
- Validate that the Needs triage status is selected again
-
Select dismissal reason:
- Select any dismissal reason
- Click the Change status button
- Validate that dropdown closes and loading icon is shown
- Validate the status description in header is updated to reflect dismissed status and the chosen dismissal reason
- Validate that an entry in the discussions at the bottom is added
-
Change dismissal reason:
- Click on the status dropdown
- Select another dismissal reason
- Click the Change status button
- Validate that status description in header shows dismissed status with the newly chosen dismissal reason
- Note: suspected bug in backend does not add another entry in the discussions with the updated dismissal reason. I left a comment here
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Closes #285470 (closed)
Edited by Lorenz van Herwaarden