BE: Update approvers fetching logic to include role approvers
Why are we doing this work
Scan Result Policy Action currently supports individual approvers or a group of users. However, when a customer has projects with lower criticality or the scan results detect a vulnerability of low criticality (I.e., Low/Medium), they want to require an approver from the project based on the role (I.e., owner/maintainer)
This issue focusses on updating the approvers fetching logic in FetchPolicyApproversService
to include the users with roles from role_approvers
Relevant links
Epic: Support Role Based Approval Action for Scan Res... (&8018 - closed)
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend Update FetchPolicyApproversService
to get users with role fromrole_approvers
def execute
action = required_approval(policy)
return success({ users: [], groups: [], roles: [] }) unless action
success({ users: user_approvers(action), groups: group_approvers(action), role_users: role_approvers(action) })
end
private
def role_approvers(action)
return [] unless action[:role_approvers]
action[:role_approvers].flat_map do |role|
container.members.public_send(role.pluralize)
end
end
Verification steps
Edited by Sashi Kumar Kumaresan