Commit 30886a18 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Check access to instance-level vulnerability export APIs

We restrict access to these endpoints if the `security_dashboard`
feature is not available.
parent f1d253c1
# frozen_string_literal: true
class InstanceSecurityDashboardPolicy < BasePolicy
rule { ~anonymous }.policy do
enable :read_instance_security_dashboard
enable :create_vulnerability_export
with_scope :global
condition(:security_dashboard_enabled) do
License.feature_available?(:security_dashboard)
end
rule { ~anonymous }.enable :read_instance_security_dashboard
rule { security_dashboard_enabled & can?(:read_instance_security_dashboard) }.enable :create_vulnerability_export
end
......@@ -53,6 +53,11 @@ module API
end
end
namespace do
before do
not_found! unless Feature.enabled?(:first_class_vulnerabilities)
end
params do
optional :export_format, type: String, desc: 'The format of export to be generated',
default: ::Vulnerabilities::Export.formats.each_key.first,
......@@ -66,6 +71,7 @@ module API
process_create_request_for(current_user.security_dashboard)
end
end
desc 'Get single project vulnerability export' do
success EE::API::Entities::VulnerabilityExport
......
......@@ -118,6 +118,8 @@ describe API::VulnerabilityExports do
end
end
end
it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
end
describe 'GET /security/vulnerability_exports/:id' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment