Commit 9765f172 authored by Jonathan Schafer's avatar Jonathan Schafer

Check flag for issue links

parent 68cf6b34
......@@ -33,6 +33,7 @@ module API
end
get ':id/issue_links' do
vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
present vulnerability
.related_issues
......@@ -50,6 +51,7 @@ module API
end
post ':id/issue_links' do
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
issue = find_project_issue(params[:target_issue_iid], vulnerability.project_id)
response = ::VulnerabilityIssueLinks::CreateService.new(
......@@ -65,7 +67,8 @@ module API
requires :issue_link_id, type: Integer, desc: 'The ID of a vulnerability-issue-link to delete'
end
delete ':id/issue_links/:issue_link_id' do
find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
issue_link = find_issue_link!
service_response = ::VulnerabilityIssueLinks::DeleteService.new(current_user, issue_link).execute
......
......@@ -4,7 +4,6 @@ RSpec.shared_examples 'forbids access to vulnerability API endpoint in case of d
context 'when "first-class vulnerabilities" feature is disabled' do
before do
stub_feature_flags(first_class_vulnerabilities: false)
stub_feature_flags(first_class_vulnerabilities: { enabled: false, thing: project })
end
it 'responds with "not found"' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment