Return 404 if the enable_vulnerablecodedb_access not True #95

Signed-off-by: tdruez <[email protected]>

component_catalog/tests/test_views.py

@@ -4846,6 +4846,24 @@ def test_vulnerability_list_view_num_queries(self):
         expected = f'<a class="nav-link disabled">{vulnerability_count} results</a>'
         self.assertContains(response, expected, html=True)
 
+    def test_vulnerability_list_view_enable_vulnerablecodedb_access(self):
+        self.client.login(username=self.super_user.username, password="secret")
+        vulnerability_list_url = reverse("component_catalog:vulnerability_list")
+        response = self.client.get(vulnerability_list_url)
+        self.assertEqual(200, response.status_code)
+        vulnerability_header_link = (
+            f'<a class="dropdown-item active" href="{vulnerability_list_url}">'
+        )
+        self.assertContains(response, vulnerability_header_link)
+
+        self.dataspace.enable_vulnerablecodedb_access = False
+        self.dataspace.save()
+        response = self.client.get(reverse("component_catalog:vulnerability_list"))
+        self.assertEqual(404, response.status_code)
+
+        response = self.client.get(reverse("component_catalog:package_list"))
+        self.assertNotContains(response, vulnerability_header_link)
+
     def test_vulnerability_list_view_vulnerability_id_link(self):
         self.client.login(username=self.super_user.username, password="secret")
         response = self.client.get(reverse("component_catalog:vulnerability_list"))

component_catalog/views.py

@@ -2525,6 +2525,10 @@ def get_queryset(self):
 
     def get_context_data(self, **kwargs):
         context_data = super().get_context_data(**kwargs)
+
+        if not self.dataspace.enable_vulnerablecodedb_access:
+            raise Http404("VulnerableCode access is not enabled.")
+
         vulnerablecode = VulnerableCode(self.dataspace)
         context_data["vulnerablecode_url"] = vulnerablecode.service_url
         return context_data

dje/templates/admin/base_site.html

@@ -42,6 +42,7 @@ <h1 id="grp-admin-title">
     {% url 'workflow:request_list' as request_list_url %}
     {% url 'component_catalog:scan_list' as scan_list_url %}
     {% url 'purldb:purldb_list' as purldb_list_url %}
+    {% url 'component_catalog:vulnerability_list' as vulnerability_list_url %}
     {% url 'api_v2:api-root' as api_root_url %}
     {% if report_list_url or request_list_url or api_root_url %}
         <li class="grp-collapse grp-closed">
@@ -64,6 +65,10 @@ <h1 id="grp-admin-title">
                       <li><a href="{{ purldb_list_url }}">{% trans 'PurlDB' %}</a></li>
                   {% endif %}
                 {% endif %}
+                {% if user.dataspace.enable_vulnerablecodedb_access %}
+                    <li class="nav-header">{% trans 'Vulnerabilities' %}</li>
+                    <li><a href="{{ vulnerability_list_url }}">{% trans 'Vulnerabilities' %}</a></li>
+                {% endif %}
                 {% if api_root_url %}
                     <li class="nav-header">{% trans 'API' %}</li>
                     <li><a href="{{ api_root_url }}">{% trans 'API Root' %}</a></li>