Display proper error messages on vulnerabilities fetch failure
What does this MR do?
- Related issue: #33918 (closed)
- Depends on !23677 (merged)
This improves a vague error message that would be displayed when trying to access a pipeline's security report without having required permissions. We have identified two cases, in both cases we will now show an empty state. The empty state's contents will vary depending on the context:
- The user is not logged in: the empty state explains that it is required to be logged in as an authorized user and shows a Sign in button.
- The user is logged in but doesn't have permission to see the report: the empty state simply states that the user doesn't have sufficient permissions to view the report.
Screenshots
Before | After (Anonynmous user) | After (Unauthorized user) |
---|---|---|
How to test this?
- Make sure that your GitLab instance contains at least one pipeline with a security report that's accessible at a path similar to
/:group/:project/pipelines/:id/security
- To experience the report as an unauthenticated user:
- Open a new "incognito" window
- Navigate to the security report in that new window
- To experience the report as an unauthorized user:
- Sign back in as the root user
- Go to Admin Area > Users
- Click on one of the basic users in the list
- Click on Impersonate
- Navigate to the security report
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
Edited by Paul Gascou-Vaillancourt