Check flag for issue links

ee/lib/api/vulnerability_issue_links.rb

@@ -33,6 +33,7 @@ module API
       end
       get ':id/issue_links' do
         vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
+        break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
 
         present vulnerability
                   .related_issues
@@ -50,6 +51,7 @@ module API
       end
       post ':id/issue_links' do
         vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
+        break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
         issue = find_project_issue(params[:target_issue_iid], vulnerability.project_id)
 
         response = ::VulnerabilityIssueLinks::CreateService.new(
@@ -65,7 +67,8 @@ module API
         requires :issue_link_id, type: Integer, desc: 'The ID of a vulnerability-issue-link to delete'
       end
       delete ':id/issue_links/:issue_link_id' do
-        find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
+        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability_issue_link)
+        break not_found! unless Feature.enabled?(:first_class_vulnerabilities, vulnerability.project)
         issue_link = find_issue_link!
 
         service_response = ::VulnerabilityIssueLinks::DeleteService.new(current_user, issue_link).execute

ee/spec/support/shared_examples/requests/api/vulnerabilities_shared_examples.rb

@@ -4,7 +4,6 @@ RSpec.shared_examples 'forbids access to vulnerability API endpoint in case of d
   context 'when "first-class vulnerabilities" feature is disabled' do
     before do
       stub_feature_flags(first_class_vulnerabilities: false)
-      stub_feature_flags(first_class_vulnerabilities: { enabled: false, thing: project })
     end
 
     it 'responds with "not found"' do