Skip to content

Disable auto-fix settings toggle for unauthorized users

What does this MR do?

This adds a boolean check to the auto_fix_settings.vue app in order to disable the ability to toggle the setting when the user doesn't have sufficient permissions to do so.

The Ruby currently uses a hardcoded boolean that preserves the previous behavior where any user with access to the Security & Compliance > Configuration page can both see and toggle the settings. That boolean will be properly set in the backend MR: !32783 (merged)

Screenshots

Authorized user Unauthorized user
image image

How to test this?

  1. Enable the security_auto_fix feature flag.
echo "Feature.enable(:security_auto_fix)" | spring rails c
  1. Visit some project's Security & Compliance > Configuration page, you should be able to toggle the checkbox (although doing so will result in an error since the backend doesn't store the setting yet).

  2. Set the boolean to false to disable the toggle.

diff --git a/ee/app/presenters/projects/security/configuration_presenter.rb b/ee/app/presenters/projects/security/configuration_presenter.rb
index ed41f6c18c4..7c34771042e 100644
--- a/ee/app/presenters/projects/security/configuration_presenter.rb
+++ b/ee/app/presenters/projects/security/configuration_presenter.rb
@@ -49,7 +49,7 @@ module Projects
             dependency_scanning: true,
             container_scanning: true
           }.to_json,
-          can_toggle_auto_fix_settings: true, # To be replaced with the real value in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32783
+          can_toggle_auto_fix_settings: false, # To be replaced with the real value in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32783
           auto_fix_user_path: '/' # TODO: real link will be updated with https://gitlab.com/gitlab-org/gitlab/-/issues/215669
         }
       end

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Edited by Markus Koller

Merge request reports

Loading