Check if security_and_compliance is enabled (!134344) · Merge requests · GitLab.org / GitLab

Kenneth Chu requested to merge kenneth-security-sidebar-disabled into master Oct 17, 2023

What does this MR do and why?

I believe a bug was introduced in MR Fix Security navigation for users with custom role (!121736 - merged), where the Security and Compliance sidebar item will always show up in the sidebar, even if Security and Compliance is disabled within a project.

The sidebar item would then show sub-items that all confusingly link to a 404, because the feature is not enabled on the project, such as the Vulernability Report and Audit Events.

This MR checks if Security and Compliance is disabled within a project, and will not show the Secure sidebar item if it is.

NOTE: A SaaS Customer with an Ultimate Subscription ran into this problem in this internal ZD ticket.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before (with Security and Compliance is disabled)	After (with Security and Compliance is disabled)

How to set up and validate locally

Create a new project
Go to Settings > General > Visibility, project features, permissions
Disable Security and Compliance
Observe Security and Compliance sidebar item should no longer show up.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 17, 2023 by Kenneth Chu

Check if security_and_compliance is enabled

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports