Skip to content

Fix auditor user able to bulk select vulns on vulnerability report

This MR fixes an issue where an auditor user is able to bulk select vulnerabilities on the vulnerability list by clicking on the row, despite the checkbox column not shown.

Before After
Peek_2022-01-13_14-35

How to set up and validate locally

  1. As an admin user, create an auditor user:
Step 1 Step 2
ksnip_20220113-143722 ksnip_20220113-143756
  1. Log in as or impersonate the user:
ksnip_20220113-143952
  1. Go to the vulnerability report and verify the following:
  • The checkbox column is not shown, including the "select all" checkbox in the header.
  • There is still a hover effect where the background turns dark.
  • The mouse pointer shown is the default cursor and not the finger pointer.
  • Clicking on the row does nothing.
  • Clicking on the description text (which is a link) still navigates to the vulnerability details page.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #350310 (closed)

Merge request reports

Loading