Simplify can create issue logic in new finding modal
What does this MR do and why?
When using the new pipeline dashboard (pipeline_security_dashboard_graphql
is enabled), findings that do not have a related vulnerability (e.g. newly identified findings) do not have the ability to "Create issue". This is because we're not passing the has-create-issue-path
prop in mr_widget_security_reports.vue
to the modal and this.finding?.vulnerability?.userPermissions?.createVulnerabilityFeedback;
is undefined
because there is no vulnerability.
Instead of using createVulnerabilityFeedback
which is based on the deprecated VulnerabilityFeedback or create_vulnerability_feedback_issue_path
, we can simply use can_admin_vulnerability
. This was brought to my attention by @mallocke. He's replacing similar createVulnerabilityFeedback...
with the can_admin_vulnerability
ability in !143462 (closed).
In this MR we're reusing the injected can_admin_vulnerability
, but in a next iteration we can look to switching this to the new frontend ability.
On the longer term, it might be desirable to have an ability/permission separate from the can_admin_vulnerability
which is more granular in regards to creating an issue. In the context of the modal, this should be on the Finding model because we can't be sure we have a related vulnerability. @subashis
is looking into this: Add PipelineSecurityReportingFinding userPermis... (#431569 - closed) • Subashis Chakraborty • 16.10 • On track.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
![]() |
![]() |
How to set up and validate locally
Prerequisites
- You need an EE license
- You need to have runners enabled (See $2408961 for setting up a runner)
- Import https://gitlab.com/gitlab-examples/security/security-reports
- Run pipeline on master
- Enable feature flag:
echo "Feature.enable(:pipeline_security_dashboard_graphql)" | gdk rails c
- Go to latest pipeline > security tab
- Click on a finding
- The "Create issue" button should be there