Allow Unleash clients to request feature flags for private repos

Continue to forbid clients for disabled repos

changelogs/unreleased/unleash-api-with-private-repo.yml

+---
+title: Allow Unleash clients to request feature flags when repository is private
+merge_request: 43059
+author:
+type: fixed

ee/lib/api/unleash.rb

@@ -14,7 +14,6 @@ module API
         route_param :project_id do
           before do
             authorize_by_unleash_instance_id!
-            authorize_feature_flags_feature!
           end
 
           get do
@@ -65,10 +64,6 @@ module API
           .find_for_project_and_token(project, unleash_instance_id)
       end
 
-      def authorize_feature_flags_feature!
-        forbidden! unless project.feature_available?(:repository)
-      end
-
       def feature_flags
         return [] unless unleash_app_name.present?
 

ee/spec/requests/api/unleash_spec.rb

@@ -21,7 +21,7 @@ RSpec.describe API::Unleash do
         expect(response).to have_gitlab_http_status(:ok)
       end
 
-      context 'when feature is not available' do
+      context 'when repository is disabled' do
         before do
           project.project_feature.update!(
             repository_access_level: ::ProjectFeature::DISABLED,
@@ -33,7 +33,23 @@ RSpec.describe API::Unleash do
         it 'responds with forbidden' do
           subject
 
-          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'when repository is private' do
+        before do
+          project.project_feature.update!(
+            repository_access_level: ::ProjectFeature::PRIVATE,
+            merge_requests_access_level: ::ProjectFeature::DISABLED,
+            builds_access_level: ::ProjectFeature::DISABLED
+          )
+        end
+
+        it 'responds with OK' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:ok)
         end
       end
     end