Implement dismissal behavior when dismissed vulnerabilities are hidden
- Related issue: #9102 (closed)
- Depends on !15015 (merged)
- Follows up on !15333 (merged)
What does this MR do?
This MR implements the behavior for dismissing vulnerabilities while the Hide dismissed vulnerabilities toggle is turned on.
The issue describes this behavior as follows:
Once the user has clicked the dismiss vulnerability button, the dismissed vulnerability will hide and the list will shift up, adding 1 new vulnerability at the bottom of the list. The user will also see a toast appear with an ease-in animation from the bottom and display at the left-bottom of the screen alerting the user of their action. After a short while, the toast will ease-out with the opposite motion.
This description suggests that we discreetly refresh the vulnerabilities list (ie without showing the loading skeleton) which is what was implemented in this MR's initial iteration:
But we then realized that it might result in an inconsistent UX because pipelines might be running in the background while vulnerabilities are being dismissed, in such case, users might see a completely different set of vulnerabilities after dismissing an item.
In a second iteration, we tried to not refresh the vulnerabilities at all, and to simply grey out dismissed items, which had another problem: if we had 2 pages of vulnerabilities, we would be able to dismiss everything on the first page, but all the vulnerabilities from the second page would remain hidden until the page was manually reloaded (attempting to view the second page would lead to an empty page).
We decided to proceed with a compromise: we will still refresh the list when vulnerabilities are being dismissed, but rather than doing the refresh discreetly, we will keep showing the loading skeleton, which can seem a bit harsh but produces a more consistent UX. We expect that we'll be able to improve this whole process in future iterations, once we have achieved Standalone vulnerabilities.
How to test?
-
To fully test this, you'll need to pull the BE changes from
9102-hide-dismissed-be
on top of this MR. -
Start a Rails console from the
gitlab/
directory:
rails console
- Enable the feature flag:
Feature.enable(:hide_dismissed_vulnerabilities)
- Visit a security dashboard
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation created/updated or follow-up review issue created
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Performance and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- note: The security dashboard currently doesn't work in IE11, see !17644 (closed)