Skip to content

G
gitlab-ce
Commit 37e495f0 authored by Shinya Maeda's avatar Shinya Maeda
Browse files
Options

Merge branch... 

Merge branch '208736-api-calls-for-1st-class-vulnerabilities-should-be-configurable-per-project' into 'master'

Make API calls for 1st Class Vulnerabilities configurable per project

See merge request gitlab-org/gitlab!26321
parents 3f98bc16 18c61c80
Hide whitespace changes
Inline Side-by-side
Showing with 21 additions and 8 deletions
ee/lib/api/helpers/vulnerabilities_hooks.rb
View file @ 37e495f0
...@@ -7,8 +7,6 @@ module API ...@@ -7,8 +7,6 @@ module API
included do included do
before do before do
not_found! unless Feature.enabled?(:first_class_vulnerabilities)
authenticate! authenticate!
end end
end end
......
ee/lib/api/vulnerabilities.rb
View file @ 37e495f0
...@@ -33,8 +33,9 @@ module API ...@@ -33,8 +33,9 @@ module API
success EE::API::Entities::Vulnerability success EE::API::Entities::Vulnerability
end end
get ':id' do get ':id' do
vulnerability = Vulnerability.find(params[:id]) vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
authorize_vulnerability!(vulnerability, :read_vulnerability) not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
render_vulnerability(vulnerability) render_vulnerability(vulnerability)
end end
...@@ -43,7 +44,9 @@ module API ...@@ -43,7 +44,9 @@ module API
end end
post ':id/resolve' do post ':id/resolve' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability) vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
break not_modified! if vulnerability.resolved? not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
not_modified! if vulnerability.resolved?
vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute
render_vulnerability(vulnerability) render_vulnerability(vulnerability)
...@@ -54,7 +57,9 @@ module API ...@@ -54,7 +57,9 @@ module API
end end
post ':id/dismiss' do post ':id/dismiss' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability) vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
break not_modified! if vulnerability.dismissed? not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
not_modified! if vulnerability.dismissed?
vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute
render_vulnerability(vulnerability) render_vulnerability(vulnerability)
...@@ -65,7 +70,9 @@ module API ...@@ -65,7 +70,9 @@ module API
end end
post ':id/confirm' do post ':id/confirm' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability) vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
break not_modified! if vulnerability.confirmed? not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
not_modified! if vulnerability.confirmed?
vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, vulnerability).execute vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, vulnerability).execute
render_vulnerability(vulnerability) render_vulnerability(vulnerability)
...@@ -79,6 +86,9 @@ module API ...@@ -79,6 +86,9 @@ module API
desc 'Get a list of project vulnerabilities' do desc 'Get a list of project vulnerabilities' do
success EE::API::Entities::Vulnerability success EE::API::Entities::Vulnerability
end end
before do
not_found! unless Feature.enabled?(:first_class_vulnerabilities, user_project)
end
params do params do
use :pagination use :pagination
end end
......
ee/lib/api/vulnerability_issue_links.rb
View file @ 37e495f0
...@@ -33,6 +33,7 @@ module API ...@@ -33,6 +33,7 @@ module API
end end
get ':id/issue_links' do get ':id/issue_links' do
vulnerability = find_and_authorize_vulnerability!(:read_vulnerability) vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
present vulnerability present vulnerability
.related_issues .related_issues
...@@ -50,6 +51,8 @@ module API ...@@ -50,6 +51,8 @@ module API
end end
post ':id/issue_links' do post ':id/issue_links' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link) vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
issue = find_project_issue(params[:target_issue_iid], vulnerability.project_id) issue = find_project_issue(params[:target_issue_iid], vulnerability.project_id)
response = ::VulnerabilityIssueLinks::CreateService.new( response = ::VulnerabilityIssueLinks::CreateService.new(
...@@ -65,7 +68,9 @@ module API ...@@ -65,7 +68,9 @@ module API
requires :issue_link_id, type: Integer, desc: 'The ID of a vulnerability-issue-link to delete' requires :issue_link_id, type: Integer, desc: 'The ID of a vulnerability-issue-link to delete'
end end
delete ':id/issue_links/:issue_link_id' do delete ':id/issue_links/:issue_link_id' do
find_and_authorize_vulnerability!(:admin_vulnerability_issue_link) vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
issue_link = find_issue_link! issue_link = find_issue_link!
service_response = ::VulnerabilityIssueLinks::DeleteService.new(current_user, issue_link).execute service_response = ::VulnerabilityIssueLinks::DeleteService.new(current_user, issue_link).execute
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7