Hide on-demand scan edit without push permission
What does this MR do and why?
Hide on-demand scan edit without push permission
Don't show edit action for site profiles, scanner profiles, and
on-demand scans when user doesn't have permission to edit them
Render 403 instead of 404 if they navigate to the page anywayReferences
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
reproduce the bug 🐛
git checkout master- go to a project, create
some-branch - in
Settings=>Repository=>Branch rules, configure a rule forsome-branchthat doesn't allow you to push to it - go to a project =>
Secure=>On-demand scans=>New scan - create an on-demand scan with
Scan configuration=>Branchset tosome-branch - (you'll also need to name your scan, create a scanner profile, and create a site profile to save the scan)
- clicking any of these actions will lead to a 404:
🐛 - project =>
Secure=>On-demand scans=>Scan librarytab =>⋮next to the scan you created =>Edit - project =>
Secure=>Security configuration=>Dynamic Application Security Testing (DAST)=>Manage profiles-
Site profilestab =>⋮next to the site profile you created =>Edit -
Scanner profilestab =>⋮next to the scanner profile you created =>Edit
-
- project =>
test the fix 🛠️
git checkout 513374-fix-404-for-dast-paths- these actions should be hidden for the items you don't have permission to edit:
- project =>
Secure=>On-demand scans=>Scan librarytab =>⋮next to the scan you created =>Edit - project =>
Secure=>Security configuration=>Dynamic Application Security Testing (DAST)=>Manage profiles-
Site profilestab =>⋮next to the site profile you created =>Edit -
Scanner profilestab =>⋮next to the scanner profile you created =>Edit
-
- project =>
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Miranda Fluharty