Add classifications and compliance display and editing to license list "detected in project"
Problem to solve
This is MVC following ~"product discovery" #12941 (closed)
For each Project there is a License List - we want everyone who views this list to be able to tell if these Licenses are Allowed, Denied, or Unclassified for inclusion in the Project. We want maintainers to easily be able to edit policies on existing licenses.
Intended users
- Sasha (Software Developer) will want to view this list. They may wish to know if a license they are considering is already allowed or denied without adding something to the project.
- Compliance Role wants to see that they are following policies that have been set, edit policies as needed, and set policies for unclassified licenses.
Further details
Proposal
- add detected in project with policy column to list
- display comments icon next to policies in the column if present, don't if not
- mousing over comment icon gets you tooltip with comments
https://gitlab.com/gitlab-org/gitlab/uploads/476eb3f2b7d329f16cd0869dcebdf98d/maintainer.png
Permissions and Security
- not logged in - can see list of licenses and dependencies but can't see allow/deny/unclassified column or policy tab
- User has at least developer access - can see new column, but can't edit, can see policy tab again can't edit
- maintainer - can see new column, and can edit
Documentation
Update docs https://docs.gitlab.com/ee/user/application_security/license_compliance/#project-policies-for-license-compliance with additional way to see policies
Testing
- unit test on NOT seeing as non developer (not logged in, logged in but not dev)
- unit test see as developer but can't edit
- unit test can see as maintainer, and can edit
What does success look like, and how can we measure that?
We are striving to make the person in charge of compliances job direct and with the least amount of manual work or busy work (copy paste). This should make it simpler to interact with all licenses in the project to be able to see their state, and quickly update as needed.
What is the type of buyer?
Links / references
SubIssue - Implement showing license policy status in developer view, and dropdown in maintainer view on what would be the "Detected in project" tab
-
Add a policy status column showing the "Allow", "Deny", "Uncategorized" status in developer view -
Add a policy status dropdown in maintainer view to allow a maintainer to change the status from the dropdown -
Policy dropdown should be a de-coupled reusable component since we will use it on the other tab in the future -
We are not using tabs at this point since we are effectively showing the "Detected in project" view.