Disable auto-fix settings toggle for unauthorized users (!32789) · Merge requests · GitLab.org / GitLab

Paul Gascou-Vaillancourt requested to merge 218695-autofix-settings-permissions-fe into master May 21, 2020

Related issue: #218695 (closed)

What does this MR do?

This adds a boolean check to the auto_fix_settings.vue app in order to disable the ability to toggle the setting when the user doesn't have sufficient permissions to do so.

The Ruby currently uses a hardcoded boolean that preserves the previous behavior where any user with access to the Security & Compliance > Configuration page can both see and toggle the settings. That boolean will be properly set in the backend MR: !32783 (merged)

Screenshots

Authorized user	Unauthorized user

How to test this?

Enable the security_auto_fix feature flag.

echo "Feature.enable(:security_auto_fix)" | spring rails c

Visit some project's Security & Compliance > Configuration page, you should be able to toggle the checkbox (although doing so will result in an error since the backend doesn't store the setting yet).
Set the boolean to false to disable the toggle.

diff --git a/ee/app/presenters/projects/security/configuration_presenter.rb b/ee/app/presenters/projects/security/configuration_presenter.rb
index ed41f6c18c4..7c34771042e 100644
--- a/ee/app/presenters/projects/security/configuration_presenter.rb
+++ b/ee/app/presenters/projects/security/configuration_presenter.rb
@@ -49,7 +49,7 @@ module Projects
             dependency_scanning: true,
             container_scanning: true
           }.to_json,
-          can_toggle_auto_fix_settings: true, # To be replaced with the real value in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32783
+          can_toggle_auto_fix_settings: false, # To be replaced with the real value in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32783
           auto_fix_user_path: '/' # TODO: real link will be updated with https://gitlab.com/gitlab-org/gitlab/-/issues/215669
         }
       end

Does this MR meet the acceptance criteria?

Conformity

[-] Changelog entry (behind a feature flag)
[-] Documentation (if required)
Code review guidelines
[-] Merge request performance guidelines
Style guides
[-] Database guides
Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
[-] Tested in all supported browsers
[-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Edited Jun 03, 2020 by Markus Koller

Disable auto-fix settings toggle for unauthorized users