Merge branch '496332-add-group-instance-permission-ability' into 'master'

Pass permission ability for Group vulnerability report See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/167583 Merged-by: Samantha Ming <sming@gitlab.com> Approved-by: Michael Becker <mbecker@gitlab.com> Approved-by: Alex Buijs <abuijs@gitlab.com> Approved-by: Subashis Chakraborty <schakraborty@gitlab.com> Reviewed-by: Samantha Ming <sming@gitlab.com>

Merge branch '496332-add-group-instance-permission-ability' into 'master'
f30d279d · Samantha Ming · GitLab · 4c2e0af6 · 35a30d05 · f30d279d
--- a/ee/app/controllers/groups/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/groups/security/vulnerabilities_controller.rb
@@ -14,6 +14,8 @@ class VulnerabilitiesController < Groups::ApplicationController
      before_action do
        push_frontend_feature_flag(:vulnerability_report_owasp_2021, @group)
        push_frontend_feature_flag(:owasp_top_10_null_filtering, @group)
+
+        push_frontend_ability(ability: :resolve_vulnerability_with_ai, resource: @group, user: current_user)
      end

      def index

--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -539,6 +539,14 @@ module GroupPolicy
        enable :admin_vulnerability
      end

+      condition(:resolve_vulnerability_authorized) do
+        ::Gitlab::Llm::Utils::UserAuthorizer.new(@user, subject, :resolve_vulnerability).allowed?
+      end
+
+      rule { can?(:read_security_resource) & resolve_vulnerability_authorized }.policy do
+        enable :resolve_vulnerability_with_ai
+      end
+
      rule { custom_role_enables_admin_group_member }.policy do
        enable :admin_group_member
        enable :update_group_member

--- a/ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
+++ b/ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
@@ -11,7 +11,7 @@
  end

  describe 'GET index' do
-    subject { get :index, params: { group_id: group.to_param } }
+    subject(:show_security_dashboard) { get :index, params: { group_id: group.to_param } }

    context 'when security dashboard feature is enabled' do
      before do
@@ -26,7 +26,7 @@
        it { is_expected.to have_gitlab_http_status(:ok) }

        it_behaves_like 'tracks govern usage event', 'users_visiting_security_vulnerabilities' do
-          let(:request) { subject }
+          let(:request) { show_security_dashboard }
        end
      end

@@ -35,7 +35,7 @@
        it { is_expected.to render_template(:unavailable) }

        it_behaves_like "doesn't track govern usage event", 'users_visiting_security_vulnerabilities' do
-          let(:request) { subject }
+          let(:request) { show_security_dashboard }
        end
      end
    end
@@ -45,7 +45,37 @@
      it { is_expected.to render_template(:unavailable) }

      it_behaves_like "doesn't track govern usage event", 'users_visiting_security_vulnerabilities' do
-        let(:request) { subject }
+        let(:request) { show_security_dashboard }
+      end
+    end
+
+    context "when resolveVulnerabilityWithAi ability is allowed" do
+      before do
+        allow(Ability).to receive(:allowed?).and_call_original
+        allow(Ability).to receive(:allowed?).with(user, :resolve_vulnerability_with_ai, group).and_return(true)
+
+        show_security_dashboard
+      end
+
+      render_views
+
+      it 'sets the frontend ability to true when allowed' do
+        expect(response.body).to have_pushed_frontend_ability(resolveVulnerabilityWithAi: true)
+      end
+    end
+
+    context "when resolveVulnerabilityWithAi ability is not allowed" do
+      before do
+        allow(Ability).to receive(:allowed?).and_call_original
+        allow(Ability).to receive(:allowed?).with(user, :resolve_vulnerability_with_ai, group).and_return(false)
+
+        show_security_dashboard
+      end
+
+      render_views
+
+      it 'sets the frontend ability to false not allowed' do
+        expect(response.body).to have_pushed_frontend_ability(resolveVulnerabilityWithAi: false)
      end
    end
  end