Disable auto-fix settings toggle for unauthorized users
- Related issue: #218695 (closed)
What does this MR do?
This adds a boolean check to the auto_fix_settings.vue
app in order to disable the ability to toggle the setting when the user doesn't have sufficient permissions to do so.
The Ruby currently uses a hardcoded boolean that preserves the previous behavior where any user with access to the Security & Compliance > Configuration page can both see and toggle the settings. That boolean will be properly set in the backend MR: !32783 (merged)
Screenshots
Authorized user | Unauthorized user |
---|---|
How to test this?
- Enable the
security_auto_fix
feature flag.
echo "Feature.enable(:security_auto_fix)" | spring rails c
-
Visit some project's Security & Compliance > Configuration page, you should be able to toggle the checkbox (although doing so will result in an error since the backend doesn't store the setting yet).
-
Set the boolean to false to disable the toggle.
diff --git a/ee/app/presenters/projects/security/configuration_presenter.rb b/ee/app/presenters/projects/security/configuration_presenter.rb
index ed41f6c18c4..7c34771042e 100644
--- a/ee/app/presenters/projects/security/configuration_presenter.rb
+++ b/ee/app/presenters/projects/security/configuration_presenter.rb
@@ -49,7 +49,7 @@ module Projects
dependency_scanning: true,
container_scanning: true
}.to_json,
- can_toggle_auto_fix_settings: true, # To be replaced with the real value in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32783
+ can_toggle_auto_fix_settings: false, # To be replaced with the real value in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32783
auto_fix_user_path: '/' # TODO: real link will be updated with https://gitlab.com/gitlab-org/gitlab/-/issues/215669
}
end
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry (behind a feature flag)
- [-] Documentation (if required)
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Edited by Markus Koller