Add blank group-level security configuration page, navigation
What does this MR do and why?
Add group-level security configuration page
Add feature flag, licensed feature, and custom ability
Add sidebar menu item that links to group security configuration page
Add page that renders a vue app with title and tab
Only show menu item and page if
- feature flag is enabled for the top-level group
- licensed feature is available
- user has admin_security_labels permission-
add tests -
add detail to description -
fix https://gitlab.com/gitlab-org/gitlab/-/pipelines/1892456331/failures -
frontend review -
frontend maintainer review -
backend review -
backend maintainer review -
groupauthorization maintainer review (required for /ee/app/policies/changes)
References
- issue: Frontend: Scaffold group-level `Security config... (#550472 - closed)
- epic: Security Attributes/Context Filtering (&18010)
- design: #547963[Security_configuration_-_group-level_-_security_labels_-_category_details_-_full_edit.png]
- https://docs.gitlab.com/development/permissions/custom_roles/#how-to-add-support-for-an-ability-to-custom-roles
![#547963[Security_configuration_-_group-level_-_security_labels_-_category_details_-_full_edit.png]](https://gitlab.com/gitlab-org/gitlab/-/issues/547963/designs/Security_configuration_-_group-level_-_security_labels_-_category_details_-_full_edit.png){kind=link}
Screenshots or screen recordings
| Case | Before | After |
|---|---|---|
| feature flag enabled for the root group AND licensed feature available AND user authorized to admin_security_labels for the root group |
no menu item, no page |
|
| feature flag disabled for the root group OR licensed feature not available OR user not authorized to admin_security_labels for the root group |
no menu item, no page |
|
How to set up and validate locally
- run this command with
IDreplaced by the ID of a root group that you have at least the maintainer role in:git checkout 550472-set-up-group-security-configuration-page-with-security-labels-tab echo "Feature.enable(:security_context_labels, Group.find(ID))" | gdk rails c - navigate to the group or any of its subgroups
- in the sidebar choose
Secure=>Security configuration(new menu item) - a
Security configurationpage should be shown with a singleSecurity labelstab that contains only a description for now -
impersonate a user who has the developer role in the root group
5. navigate to the group or any of its subgroups
6.Secure=>Security configurationshould not be shown in the sidebar
7. if you navigate to the page anyway (/groups/path/to/group/-/security/configuration), it should show403: You do not have the permission to access this page - if the feature flag is not enabled for the group's root ancestor group, the page should show
403: You do not have the permission to access this page - if the group does not have a GitLab Ultimate license, the page should show
403: You do not have the permission to access this page
to run tests
bundle exec rspec ee/spec/helpers/groups/security_features_helper_spec.rb ee/spec/lib/sidebars/groups/menus/security_compliance_menu_spec.rb ee/spec/policies/group_policy_spec.rb ee/spec/requests/groups/security/configuration_controller_spec.rbMR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Hinam Mehra