Skip to content

Auto-Remediation - Bot profile - Frontend

Paul Gascou-Vaillancourt requested to merge 215684-security-bot-profile into master

What does this MR do?

This makes a few visual changes to make bot users (and specifically GitLab Security Bot) stand out from other users.

  • A bot's user profile should only expose an Overview and an Activity tab. In the Overview tab, the projects panel is removed, and the Activity panel's title is changed from Activity to Bot activity. The user's website is considered as a help link, so we add a ? icon next to it.
  • In the user popover, there should be a link to the bot's documentation. Note that this change only applies to the GitLab Security Bot due to some API restrictions.
  • In the admin area's users list, there should be a link to the bot's documentation next to its name.

How to test this?

  1. Enable the :security_auto_fix feature flag.
echo "Feature.enable(:security_auto_fix)" | rails c
  1. Create the GitLab Security Bot.
echo "User.security_bot" | rails c
  1. Create a merge request and assign it to the GitLab Security Bot from Rails' console (required to test the popover).
mr = MergeRequest.find(<mr_id>)
mr.author = User.security_bot
mr.save
  1. Visit the bot's profile at /security-bot or /GitLab-Security-Bot.
  2. Visit the users list in the admin area at /admin/users.
  3. Visit the previously created merge request and hover over the author's name.

Screenshots

User profile

Before After
Screen_Shot_2020-10-06_at_10.46.53_AM user_profile

User popover

Before After
Screen_Shot_2020-10-06_at_10.47.48_AM user_popover

Note: popovers have a max width of 384px, hence the odd line break in the "more info" link

Users admin

Before After
Screen_Shot_2020-10-06_at_10.48.15_AM users_admin

Note: Internal users don't seem to appear in projects' users lists, so this change only affects the admin area

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Edited by Jannik Lehmann

Merge request reports

Loading