Move feature check to API code

The check needs to be after the vulnerability is retrieved and before the response is rendered.

Move feature check to API code
The check needs to be after the vulnerability is retrieved and before the response is rendered.
0342efb5 · Jonathan Schafer · 986beb89 · 0342efb5 · 0342efb5
Commit 0342efb5 authored Mar 04, 2020 by Jonathan Schafer
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 9 deletions

ee/lib/api/helpers/vulnerabilities_hooks.rb ee/lib/api/helpers/vulnerabilities_hooks.rb +1 -3

ee/lib/api/vulnerabilities.rb ee/lib/api/vulnerabilities.rb +5 -6

No files found.
--- a/ee/lib/api/helpers/vulnerabilities_hooks.rb
+++ b/ee/lib/api/helpers/vulnerabilities_hooks.rb
@@ -6,9 +6,7 @@ module API
      extend ActiveSupport::Concern
      included do
-        after do
+        before do
-          not_found! unless Feature.enabled?(:first_class_vulnerabilities, @project)
          authenticate!
        end
      end

--- a/ee/lib/api/vulnerabilities.rb
+++ b/ee/lib/api/vulnerabilities.rb
@@ -33,9 +33,8 @@ module API
        success EE::API::Entities::Vulnerability
      end
      get ':id' do
-        vulnerability = Vulnerability.find(params[:id])
+        vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
-        @project = vulnerability.project
+        break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
-        authorize_vulnerability!(vulnerability, :read_vulnerability)
        render_vulnerability(vulnerability)
      end
@@ -44,7 +43,7 @@ module API
      end
      post ':id/resolve' do
        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
-        @project = vulnerability.project
+        break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
        break not_modified! if vulnerability.resolved?
        vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute
@@ -56,7 +55,7 @@ module API
      end
      post ':id/dismiss' do
        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
-        @project = vulnerability.project
+        break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
        break not_modified! if vulnerability.dismissed?
        vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute
@@ -68,7 +67,7 @@ module API
      end
      post ':id/confirm' do
        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
-        @project = vulnerability.project
+        break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
        break not_modified! if vulnerability.confirmed?
        vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, vulnerability).execute