From 72ff2e9324b2f425f3eed9729dfd903c9203b341 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 3 Feb 2020 15:32:00 +0200
Subject: [PATCH] Move security routes under - scope

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 .../unreleased/dz-scope-security-routes.yml   |  5 +++
 config/routes/project.rb                      |  3 +-
 ee/config/routes/project.rb                   | 31 ++++++++-----------
 .../merge_request_presenter_spec.rb           |  2 +-
 ee/spec/routing/project_routing_spec.rb       | 10 ++++--
 .../merge_request_widget_entity_spec.rb       |  2 +-
 6 files changed, 29 insertions(+), 24 deletions(-)
 create mode 100644 changelogs/unreleased/dz-scope-security-routes.yml

diff --git a/changelogs/unreleased/dz-scope-security-routes.yml b/changelogs/unreleased/dz-scope-security-routes.yml
new file mode 100644
index 00000000000000..04aa8cd3656d42
--- /dev/null
+++ b/changelogs/unreleased/dz-scope-security-routes.yml
@@ -0,0 +1,5 @@
+---
+title: Move security routes under - scope
+merge_request: 24287
+author:
+type: changed
diff --git a/config/routes/project.rb b/config/routes/project.rb
index 791f6cc2a4ebda..3f3d7452a84371 100644
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -468,7 +468,8 @@
                                             :forks, :group_links, :import, :avatar, :mirror,
                                             :cycle_analytics, :mattermost, :variables, :triggers,
                                             :environments, :protected_environments, :error_tracking,
-                                            :serverless, :clusters, :audit_events, :wikis, :merge_requests)
+                                            :serverless, :clusters, :audit_events, :wikis, :merge_requests,
+                                            :vulnerability_feedback, :security, :dependencies)
     end
 
     # rubocop: disable Cop/PutProjectRoutesUnderScope
diff --git a/ee/config/routes/project.rb b/ee/config/routes/project.rb
index 71718fc0c1f7a8..29ca9ceff5fd72 100644
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -56,8 +56,6 @@
 
         resources :subscriptions, only: [:create, :destroy]
 
-        resources :licenses, only: [:index, :create, :update]
-
         resource :threat_monitoring, only: [:show], controller: :threat_monitoring
 
         resources :logs, only: [:index] do
@@ -79,6 +77,16 @@
           resources :waf_anomalies, only: [] do
             get :summary, on: :collection
           end
+
+          resources :dashboard, only: [:show, :index], controller: :dashboard
+          resource :configuration, only: [:show], controller: :configuration
+          resource :discover, only: [:show], controller: :discover
+
+          resources :vulnerability_findings, only: [:index] do
+            collection do
+              get :summary
+            end
+          end
         end
 
         namespace :analytics do
@@ -88,6 +96,9 @@
         resources :approvers, only: :destroy
         resources :approver_groups, only: :destroy
         resources :push_rules, constraints: { id: /\d+/ }, only: [:update]
+        resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
+        resources :dependencies, only: [:index]
+        resources :licenses, only: [:index, :create, :update]
       end
       # End of the /-/ scope.
 
@@ -146,22 +157,6 @@
           post :query
         end
       end
-
-      namespace :security do
-        resources :dashboard, only: [:show, :index], controller: :dashboard
-        resource :configuration, only: [:show], controller: :configuration
-        resource :discover, only: [:show], controller: :discover
-
-        resources :vulnerability_findings, only: [:index] do
-          collection do
-            get :summary
-          end
-        end
-      end
-
-      resources :vulnerability_feedback, only: [:index, :create, :update, :destroy], constraints: { id: /\d+/ }
-
-      resources :dependencies, only: [:index]
       # All new routes should go under /-/ scope.
       # Look for scope '-' at the top of the file.
       # rubocop: enable Cop/PutProjectRoutesUnderScope
diff --git a/ee/spec/presenters/merge_request_presenter_spec.rb b/ee/spec/presenters/merge_request_presenter_spec.rb
index 08f3796453a694..9804fa167c5061 100644
--- a/ee/spec/presenters/merge_request_presenter_spec.rb
+++ b/ee/spec/presenters/merge_request_presenter_spec.rb
@@ -105,7 +105,7 @@
     with_them do
       subject { described_class.new(merge_request, current_user: user).public_send(create_feedback_path, merge_request.project) }
 
-      it { is_expected.to eq("/#{merge_request.project.full_path}/vulnerability_feedback") }
+      it { is_expected.to eq("/#{merge_request.project.full_path}/-/vulnerability_feedback") }
 
       context 'when not allowed to create vulnerability feedback' do
         let(:unauthorized_user) { create(:user) }
diff --git a/ee/spec/routing/project_routing_spec.rb b/ee/spec/routing/project_routing_spec.rb
index ed6c79c6d13bd5..add7e04332c7c5 100644
--- a/ee/spec/routing/project_routing_spec.rb
+++ b/ee/spec/routing/project_routing_spec.rb
@@ -12,15 +12,19 @@
   # project_vulnerability_feedback  DELETE /:project_id/vulnerability_feedback/:id(.:format) projects/vulnerability_feedback#destroy
   describe Projects::VulnerabilityFeedbackController, 'routing', type: :routing do
     it "to #index" do
-      expect(get("/gitlab/gitlabhq/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#index', namespace_id: 'gitlab', project_id: 'gitlabhq')
+      expect(get("/gitlab/gitlabhq/-/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#index', namespace_id: 'gitlab', project_id: 'gitlabhq')
     end
 
     it "to #create" do
-      expect(post("/gitlab/gitlabhq/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#create', namespace_id: 'gitlab', project_id: 'gitlabhq')
+      expect(post("/gitlab/gitlabhq/-/vulnerability_feedback")).to route_to('projects/vulnerability_feedback#create', namespace_id: 'gitlab', project_id: 'gitlabhq')
     end
 
     it "to #destroy" do
-      expect(delete("/gitlab/gitlabhq/vulnerability_feedback/1")).to route_to('projects/vulnerability_feedback#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1')
+      expect(delete("/gitlab/gitlabhq/-/vulnerability_feedback/1")).to route_to('projects/vulnerability_feedback#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1')
+    end
+
+    describe 'legacy routing' do
+      it_behaves_like 'redirecting a legacy project path', "/gitlab/gitlabhq/vulnerability_feedback", "/gitlab/gitlabhq/-/vulnerability_feedback"
     end
   end
 
diff --git a/ee/spec/serializers/merge_request_widget_entity_spec.rb b/ee/spec/serializers/merge_request_widget_entity_spec.rb
index becc41ea80a96b..13680858333a9f 100644
--- a/ee/spec/serializers/merge_request_widget_entity_spec.rb
+++ b/ee/spec/serializers/merge_request_widget_entity_spec.rb
@@ -208,7 +208,7 @@ def create_all_artifacts
 
   it 'has vulnerability feedback paths' do
     expect(subject.as_json[:vulnerability_feedback_path]).to eq(
-      "/#{merge_request.project.full_path}/vulnerability_feedback"
+      "/#{merge_request.project.full_path}/-/vulnerability_feedback"
     )
     expect(subject.as_json).to include(:create_vulnerability_feedback_issue_path)
     expect(subject.as_json).to include(:create_vulnerability_feedback_merge_request_path)
-- 
GitLab