Commit 37e495f0 authored by Shinya Maeda's avatar Shinya Maeda

Merge branch...

Merge branch '208736-api-calls-for-1st-class-vulnerabilities-should-be-configurable-per-project' into 'master'

Make API calls for 1st Class Vulnerabilities configurable per project

See merge request gitlab-org/gitlab!26321
parents 3f98bc16 18c61c80
......@@ -7,8 +7,6 @@ module API
included do
before do
not_found! unless Feature.enabled?(:first_class_vulnerabilities)
authenticate!
end
end
......
......@@ -33,8 +33,9 @@ module API
success EE::API::Entities::Vulnerability
end
get ':id' do
vulnerability = Vulnerability.find(params[:id])
authorize_vulnerability!(vulnerability, :read_vulnerability)
vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
render_vulnerability(vulnerability)
end
......@@ -43,7 +44,9 @@ module API
end
post ':id/resolve' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
break not_modified! if vulnerability.resolved?
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
not_modified! if vulnerability.resolved?
vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute
render_vulnerability(vulnerability)
......@@ -54,7 +57,9 @@ module API
end
post ':id/dismiss' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
break not_modified! if vulnerability.dismissed?
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
not_modified! if vulnerability.dismissed?
vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute
render_vulnerability(vulnerability)
......@@ -65,7 +70,9 @@ module API
end
post ':id/confirm' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
break not_modified! if vulnerability.confirmed?
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
not_modified! if vulnerability.confirmed?
vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, vulnerability).execute
render_vulnerability(vulnerability)
......@@ -79,6 +86,9 @@ module API
desc 'Get a list of project vulnerabilities' do
success EE::API::Entities::Vulnerability
end
before do
not_found! unless Feature.enabled?(:first_class_vulnerabilities, user_project)
end
params do
use :pagination
end
......
......@@ -33,6 +33,7 @@ module API
end
get ':id/issue_links' do
vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
present vulnerability
.related_issues
......@@ -50,6 +51,8 @@ module API
end
post ':id/issue_links' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
issue = find_project_issue(params[:target_issue_iid], vulnerability.project_id)
response = ::VulnerabilityIssueLinks::CreateService.new(
......@@ -65,7 +68,9 @@ module API
requires :issue_link_id, type: Integer, desc: 'The ID of a vulnerability-issue-link to delete'
end
delete ':id/issue_links/:issue_link_id' do
find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
issue_link = find_issue_link!
service_response = ::VulnerabilityIssueLinks::DeleteService.new(current_user, issue_link).execute
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment