Dismiss security-training promo when enabling it
requested to merge 350442-only-show-promotion-callout-for-security-training-when-the-current-user-hasn-t-enabled-the into master
What does this MR do and why?
To prevent showing the promition banner for the security-training unnecessarily, this MR adds a GraphQL) mutation, which dismisses the callout when the related configuration is being touched.
Note: The callout - and he code within this MR - is only temporary and will be removed in the future.
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Environment preparations
Enable the feature flag
echo "Feature.enable(:secure_vulnerability_training)" | rails c
Create two training providers:
echo "Security::TrainingProvider.create!(name: 'Foo', description: 'Foo provider', url: 'http://foo.com', logo_url: [http://foo.com/logo')" | rails c
echo "Security::TrainingProvider.create!(name: 'Bar', description: 'Bar provider', url: 'http://bar.com', logo_url: 'http://bar.com/logo')" | rails c
Testing instructions
- Go to a project's vulnerability report - make sure the banner is showing up
- Open a new browser tab and go to the same project's security dashboard - make sure the banner is showing up
- Go to the project's "Security & Compliance" -> "Configuration" -> "Vulnerability Management"
- Enable a provider (todo: enter instructions on how to populate)
- Refresh the vulnerability report and security dashboard - make sure the banner does not show up any more
Reset the dismissed callout (in case you want to test it more than once)
echo 'User.find_by(username: "root").callouts.find_by(feature_name: "security_training_feature_promotion").destroy' | rails c
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #350442 (closed)
Edited by David Pisek