From 0a0d2e1afabc87807d07726b781883a5dc643aeb Mon Sep 17 00:00:00 2001
From: mc_rocha <mrocha@gitlab.com>
Date: Mon, 27 Jun 2022 15:04:41 -0400
Subject: [PATCH] Update Vulnerabilities Confirm Service

After the https://gitlab.com/gitlab-org/gitlab/-/issues/324860
 is merged, a Vulnerability will be
created when a user interacts with a finding.
There will be no Vulnerability Feedback object to be
destroyed when a vulnerability is confirmed.

Changelog: fixed
EE: true
---
 .../services/vulnerabilities/confirm_service.rb   | 10 ++++++++--
 .../vulnerabilities/confirm_service_spec.rb       | 15 ++++++++++++++-
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/ee/app/services/vulnerabilities/confirm_service.rb b/ee/app/services/vulnerabilities/confirm_service.rb
index 444b43c17a964..8a29622336e4a 100644
--- a/ee/app/services/vulnerabilities/confirm_service.rb
+++ b/ee/app/services/vulnerabilities/confirm_service.rb
@@ -7,8 +7,14 @@ class ConfirmService < BaseService
     def execute
       raise Gitlab::Access::AccessDeniedError unless authorized?
 
-      update_vulnerability_with(state: Vulnerability.states[:confirmed], confirmed_by: @user, confirmed_at: Time.current) do
-        DestroyDismissalFeedbackService.new(@user, @vulnerability).execute
+      if Feature.enabled?(:deprecate_vulnerabilities_feedback, @vulnerability.project)
+        update_vulnerability_with(state: Vulnerability.states[:confirmed], confirmed_by: @user,
+                                  confirmed_at: Time.current)
+      else
+        update_vulnerability_with(state: Vulnerability.states[:confirmed], confirmed_by: @user,
+                                  confirmed_at: Time.current) do
+          DestroyDismissalFeedbackService.new(@user, @vulnerability).execute
+        end
       end
 
       @vulnerability
diff --git a/ee/spec/services/vulnerabilities/confirm_service_spec.rb b/ee/spec/services/vulnerabilities/confirm_service_spec.rb
index b836d9ace3502..8892f96ab251d 100644
--- a/ee/spec/services/vulnerabilities/confirm_service_spec.rb
+++ b/ee/spec/services/vulnerabilities/confirm_service_spec.rb
@@ -23,7 +23,14 @@
     end
 
     it_behaves_like 'calls vulnerability statistics utility services in order'
-    it_behaves_like 'removes dismissal feedback from associated findings'
+
+    context 'when feature flag deprecate_vulnerabilities_feedback is disabled' do
+      before do
+        stub_feature_flags(deprecate_vulnerabilities_feedback: false)
+      end
+
+      it_behaves_like 'removes dismissal feedback from associated findings'
+    end
 
     it 'confirms a vulnerability' do
       freeze_time do
@@ -40,6 +47,12 @@
       confirm_vulnerability
     end
 
+    it 'does not remove the feedback from associated findings' do
+      expect(Vulnerabilities::DestroyDismissalFeedbackService).not_to receive(:new).with(user, vulnerability)
+
+      confirm_vulnerability
+    end
+
     context 'when security dashboard feature is disabled' do
       before do
         stub_licensed_features(security_dashboard: false)
-- 
GitLab