Merge branch...

Merge branch '208736-api-calls-for-1st-class-vulnerabilities-should-be-configurable-per-project' into 'master' Make API calls for 1st Class Vulnerabilities configurable per project See merge request gitlab-org/gitlab!26321

Merge branch...
Merge branch '208736-api-calls-for-1st-class-vulnerabilities-should-be-configurable-per-project' into 'master' Make API calls for 1st Class Vulnerabilities configurable per project See merge request gitlab-org/gitlab!26321
37e495f0 · Shinya Maeda · 3f98bc16 · 18c61c80 · 37e495f0 · 37e495f0
Commit 37e495f0 authored Mar 18, 2020 by Shinya Maeda
3 changed files
--- a/ee/lib/api/helpers/vulnerabilities_hooks.rb
+++ b/ee/lib/api/helpers/vulnerabilities_hooks.rb
@@ -7,8 +7,6 @@ module API

      included do
        before do
-          not_found! unless Feature.enabled?(:first_class_vulnerabilities)
-
          authenticate!
        end
      end

--- a/ee/lib/api/vulnerabilities.rb
+++ b/ee/lib/api/vulnerabilities.rb
@@ -33,8 +33,9 @@ module API
        success EE::API::Entities::Vulnerability
      end
      get ':id' do
-        vulnerability = Vulnerability.find(params[:id])
-        authorize_vulnerability!(vulnerability, :read_vulnerability)
+        vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
+        not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
+
        render_vulnerability(vulnerability)
      end

@@ -43,7 +44,9 @@ module API
      end
      post ':id/resolve' do
        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
-        break not_modified! if vulnerability.resolved?
+        not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
+
+        not_modified! if vulnerability.resolved?

        vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute
        render_vulnerability(vulnerability)
@@ -54,7 +57,9 @@ module API
      end
      post ':id/dismiss' do
        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
-        break not_modified! if vulnerability.dismissed?
+        not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
+
+        not_modified! if vulnerability.dismissed?

        vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute
        render_vulnerability(vulnerability)
@@ -65,7 +70,9 @@ module API
      end
      post ':id/confirm' do
        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
-        break not_modified! if vulnerability.confirmed?
+        not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
+
+        not_modified! if vulnerability.confirmed?

        vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, vulnerability).execute
        render_vulnerability(vulnerability)
@@ -79,6 +86,9 @@ module API
      desc 'Get a list of project vulnerabilities' do
        success EE::API::Entities::Vulnerability
      end
+      before do
+        not_found! unless Feature.enabled?(:first_class_vulnerabilities, user_project)
+      end
      params do
        use :pagination
      end

--- a/ee/lib/api/vulnerability_issue_links.rb
+++ b/ee/lib/api/vulnerability_issue_links.rb
@@ -33,6 +33,7 @@ module API
      end
      get ':id/issue_links' do
        vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
+        not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)

        present vulnerability
                  .related_issues
@@ -50,6 +51,8 @@ module API
      end
      post ':id/issue_links' do
        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
+        not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
+
        issue = find_project_issue(params[:target_issue_iid], vulnerability.project_id)

        response = ::VulnerabilityIssueLinks::CreateService.new(
@@ -65,7 +68,9 @@ module API
        requires :issue_link_id, type: Integer, desc: 'The ID of a vulnerability-issue-link to delete'
      end
      delete ':id/issue_links/:issue_link_id' do
-        find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
+        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
+        not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
+
        issue_link = find_issue_link!

        service_response = ::VulnerabilityIssueLinks::DeleteService.new(current_user, issue_link).execute