Skip to content

Fix VulnerabilitiesController authorization for new action spec

Mehmet Emin INAC requested to merge fix_vulnerabilities_controller_specs into master

What does this MR do and why?

The previous version of the spec was not testing the authorization at all. This can be confirmed by just removing the before_action :authorize_create_vulnerability!, only: :new callback(It will continue passing). The reason is, we have a mixin called SecurityAndCompliancePermissions which checks if the "Security & Compliance" related features are enabled which can not be accessed by a guest user anyway so the execution halt by the callbacks included by that mixin.

Regardless of this issue, I don't think that we should test every single detail of the policies as they are already being tested by their own specs.

Related to !74505 (merged).

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Mehmet Emin INAC

Merge request reports

Loading