Merge branch '2633-related-issues-public-api' into 'master'

Resolve "Related Issues BE followup - Add public API" Closes #2633 See merge request !2123

Merge branch '2633-related-issues-public-api' into 'master'
Resolve "Related Issues BE followup - Add public API" Closes #2633 See merge request !2123
378a040b · Grzegorz Bizon · 60471a75 · c56448f3 · 378a040b · 378a040b
Commit 378a040b authored Jun 23, 2017 by Grzegorz Bizon
16 changed files
--- a/app/controllers/projects/issue_links_controller.rb
+++ b/app/controllers/projects/issue_links_controller.rb
@@ -15,12 +15,9 @@ module Projects

    def destroy
      issue_link = IssueLink.find(params[:id])
+      result = IssueLinks::DestroyService.new(issue_link, current_user).execute

-      return render_403 unless can?(current_user, :admin_issue_link, issue_link.target.project)
-
-      IssueLinks::DestroyService.new(issue_link, current_user).execute
-
-      render json: { issues: issues }
+      render json: { issues: issues }, status: result[:http_status]
    end

    private

--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -187,6 +187,19 @@ class Issue < ActiveRecord::Base
    branches_with_iid - branches_with_merge_request
  end

+  def related_issues(current_user, preload: nil)
+    related_issues = Issue
+                       .select(['issues.*', 'issue_links.id AS issue_link_id'])
+                       .joins("INNER JOIN issue_links ON
+                                 (issue_links.source_id = issues.id AND issue_links.target_id = #{id})
+                                 OR
+                                 (issue_links.target_id = issues.id AND issue_links.source_id = #{id})")
+                       .preload(preload)
+                       .reorder('issue_link_id')
+
+    Ability.issues_readable_by_user(related_issues, current_user)
+  end
+
  # Returns boolean if a related branch exists for the current issue
  # ignores merge requests branchs
  def has_related_branch?

--- a/app/services/issue_links/create_service.rb
+++ b/app/services/issue_links/create_service.rb
@@ -6,7 +6,7 @@ module IssueLinks

    def execute
      if referenced_issues.blank?
-        return error('No Issue found for given reference', 401)
+        return error('No Issue found for given params', 404)
      end

      create_issue_links
@@ -32,16 +32,28 @@ module IssueLinks

    def referenced_issues
      @referenced_issues ||= begin
-        issue_references = params[:issue_references]
-        text = issue_references.join(' ')
+        target_issue = params[:target_issue]

-        extractor = Gitlab::ReferenceExtractor.new(@issue.project, @current_user)
-        extractor.analyze(text)
+        issues = if params[:issue_references].present?
+                   extract_issues_from_references
+                 elsif target_issue
+                   [target_issue]
+                 else
+                   []
+                 end

-        extractor.issues.select do |issue|
-          can?(current_user, :admin_issue_link, issue)
-        end
+        issues.select { |issue| can?(current_user, :admin_issue_link, issue) }
      end
    end
+
+    def extract_issues_from_references
+      issue_references = params[:issue_references]
+      text = issue_references.join(' ')
+
+      extractor = Gitlab::ReferenceExtractor.new(@issue.project, @current_user)
+      extractor.analyze(text)
+
+      extractor.issues
+    end
  end
 end
--- a/app/services/issue_links/destroy_service.rb
+++ b/app/services/issue_links/destroy_service.rb
@@ -8,6 +8,8 @@ module IssueLinks
    end

    def execute
+      return error('No Issue Link found', 404) unless permission_to_remove_relation?
+
      remove_relation
      create_notes

@@ -24,5 +26,10 @@ module IssueLinks
      SystemNoteService.unrelate_issue(@issue, @referenced_issue, current_user)
      SystemNoteService.unrelate_issue(@referenced_issue, @issue, current_user)
    end
+
+    def permission_to_remove_relation?
+      can?(current_user, :admin_issue_link, @issue) &&
+        can?(current_user, :admin_issue_link, @referenced_issue)
+    end
  end
 end
--- a/app/services/issue_links/list_service.rb
+++ b/app/services/issue_links/list_service.rb
@@ -22,16 +22,7 @@ module IssueLinks
    private

    def issues
-      related_issues = Issue
-                         .select(['issues.*', 'issue_links.id AS issue_links_id'])
-                         .joins("INNER JOIN issue_links ON
-                                 (issue_links.source_id = issues.id AND issue_links.target_id = #{@issue.id})
-                                 OR
-                                 (issue_links.target_id = issues.id AND issue_links.source_id = #{@issue.id})")
-                         .preload(project: :namespace)
-                         .reorder('issue_links_id')
-
-      Ability.issues_readable_by_user(related_issues, @current_user)
+      @issue.related_issues(@current_user, preload: { project: :namespace })
    end

    def destroy_relation_path(issue)
@@ -41,7 +32,7 @@ module IssueLinks
        namespace_project_issue_link_path(@project.namespace,
                                          @issue.project,
                                          @issue.iid,
-                                          issue.issue_links_id)
+                                          issue.issue_link_id)
      end
    end


--- a/changelogs/unreleased-ee/2633-related-issues-public-api.yml
+++ b/changelogs/unreleased-ee/2633-related-issues-public-api.yml
+---
+title: Add public API for listing, creating and deleting Related Issues
+merge_request:
+author:
--- a/doc/api/issue_links.md
+++ b/doc/api/issue_links.md
+# Issue links API
+
+## List issue relations
+
+Get a list of related issues of a given issue, sorted by the relationship creation datetime (ascending).
+Issues will be filtered according to the user authorizations.
+
+```
+GET /projects/:id/issues/:issue_iid/links
+```
+
+Parameters:
+
+| Attribute   | Type    | Required | Description                          |
+|-------------|---------|----------|--------------------------------------|
+| `id`        | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user  |
+| `issue_iid` | integer | yes      | The internal ID of a project's issue |
+
+```json
+[
+  {
+    "id" : 84,
+    "iid" : 14,
+    "issue_link_id": 1
+    "project_id" : 4,
+    "created_at" : "2016-01-07T12:44:33.959Z",
+    "title" : "Issues with auth",
+    "state" : "opened",
+    "assignees" : [],
+    "assignee" : null,
+    "labels" : [
+      "bug"
+    ],
+    "author" : {
+      "name" : "Alexandra Bashirian",
+      "avatar_url" : null,
+      "state" : "active",
+      "web_url" : "https://gitlab.example.com/eileen.lowe",
+      "id" : 18,
+      "username" : "eileen.lowe"
+    },
+    "description" : null,
+    "updated_at" : "2016-01-07T12:44:33.959Z",
+    "milestone" : null,
+    "subscribed" : true,
+    "user_notes_count": 0,
+    "due_date": null,
+    "web_url": "http://example.com/example/example/issues/14",
+    "confidential": false,
+    "weight": null,
+  }
+]
+```
+
+## Create an issue link
+
+Creates a two-way relation between two issues. User must be allowed to update both issues in order to succeed.
+
+```
+POST /projects/:id/issues/:issue_iid/links
+```
+
+| Attribute   | Type    | Required | Description                          |
+|-------------|---------|----------|--------------------------------------|
+| `id`        | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user  |
+| `issue_iid` | integer | yes      | The internal ID of a project's issue |
+| `target_project_id` | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) of a target project  |
+| `target_issue_iid` | integer/string | yes      | The internal ID of a target project's issue |
+
+
+```json
+{
+  "source_issue" : {
+    "id" : 83,
+    "iid" : 11,
+    "project_id" : 4,
+    "created_at" : "2016-01-07T12:44:33.959Z",
+    "title" : "Issues with auth",
+    "state" : "opened",
+    "assignees" : [],
+    "assignee" : null,
+    "labels" : [
+      "bug"
+    ],
+    "author" : {
+      "name" : "Alexandra Bashirian",
+      "avatar_url" : null,
+      "state" : "active",
+      "web_url" : "https://gitlab.example.com/eileen.lowe",
+      "id" : 18,
+      "username" : "eileen.lowe"
+    },
+    "description" : null,
+    "updated_at" : "2016-01-07T12:44:33.959Z",
+    "milestone" : null,
+    "subscribed" : true,
+    "user_notes_count": 0,
+    "due_date": null,
+    "web_url": "http://example.com/example/example/issues/11",
+    "confidential": false,
+    "weight": null,
+  },
+  "target_issue" : {
+    "id" : 84,
+    "iid" : 14,
+    "project_id" : 4,
+    "created_at" : "2016-01-07T12:44:33.959Z",
+    "title" : "Issues with auth",
+    "state" : "opened",
+    "assignees" : [],
+    "assignee" : null,
+    "labels" : [
+      "bug"
+    ],
+    "author" : {
+      "name" : "Alexandra Bashirian",
+      "avatar_url" : null,
+      "state" : "active",
+      "web_url" : "https://gitlab.example.com/eileen.lowe",
+      "id" : 18,
+      "username" : "eileen.lowe"
+    },
+    "description" : null,
+    "updated_at" : "2016-01-07T12:44:33.959Z",
+    "milestone" : null,
+    "subscribed" : true,
+    "user_notes_count": 0,
+    "due_date": null,
+    "web_url": "http://example.com/example/example/issues/14",
+    "confidential": false,
+    "weight": null,
+  }
+}
+```
+
+## Delete an issue link
+
+Deletes an issue link, thus removes the two-way relationship.
+
+```
+DELETE /projects/:id/issues/:issue_iid/links/:issue_link_id
+```
+
+
+| Attribute   | Type    | Required | Description                          |
+|-------------|---------|----------|--------------------------------------|
+| `id`        | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user  |
+| `issue_iid` | integer | yes      | The internal ID of a project's issue |
+| `issue_link_id` | integer/string | yes      | The ID of an issue relationship |
+
+
+```json
+{
+  "source_issue" : {
+    "id" : 83,
+    "iid" : 11,
+    "project_id" : 4,
+    "created_at" : "2016-01-07T12:44:33.959Z",
+    "title" : "Issues with auth",
+    "state" : "opened",
+    "assignees" : [],
+    "assignee" : null,
+    "labels" : [
+      "bug"
+    ],
+    "author" : {
+      "name" : "Alexandra Bashirian",
+      "avatar_url" : null,
+      "state" : "active",
+      "web_url" : "https://gitlab.example.com/eileen.lowe",
+      "id" : 18,
+      "username" : "eileen.lowe"
+    },
+    "description" : null,
+    "updated_at" : "2016-01-07T12:44:33.959Z",
+    "milestone" : null,
+    "subscribed" : true,
+    "user_notes_count": 0,
+    "due_date": null,
+    "web_url": "http://example.com/example/example/issues/11",
+    "confidential": false,
+    "weight": null,
+  },
+  "target_issue" : {
+    "id" : 84,
+    "iid" : 14,
+    "project_id" : 4,
+    "created_at" : "2016-01-07T12:44:33.959Z",
+    "title" : "Issues with auth",
+    "state" : "opened",
+    "assignees" : [],
+    "assignee" : null,
+    "labels" : [
+      "bug"
+    ],
+    "author" : {
+      "name" : "Alexandra Bashirian",
+      "avatar_url" : null,
+      "state" : "active",
+      "web_url" : "https://gitlab.example.com/eileen.lowe",
+      "id" : 18,
+      "username" : "eileen.lowe"
+    },
+    "description" : null,
+    "updated_at" : "2016-01-07T12:44:33.959Z",
+    "milestone" : null,
+    "subscribed" : true,
+    "user_notes_count": 0,
+    "due_date": null,
+    "web_url": "http://example.com/example/example/issues/14",
+    "confidential": false,
+    "weight": null,
+  }
+}
+```
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -106,6 +106,7 @@ module API
    mount ::API::Geo
    mount ::API::Internal
    mount ::API::Issues
+    mount ::API::IssueLinks
    mount ::API::Jobs
    mount ::API::Keys
    mount ::API::Labels

--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -320,6 +320,15 @@ module API
      end
    end

+    class RelatedIssue < Issue
+      expose :issue_link_id
+    end
+
+    class IssueLink < Grape::Entity
+      expose :source, as: :source_issue, using: Entities::IssueBasic
+      expose :target, as: :target_issue, using: Entities::IssueBasic
+    end
+
    class IssuableTimeStats < Grape::Entity
      expose :time_estimate
      expose :total_time_spent

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -92,8 +92,9 @@ module API
      label || not_found!('Label')
    end

-    def find_project_issue(iid)
-      IssuesFinder.new(current_user, project_id: user_project.id).find_by!(iid: iid)
+    def find_project_issue(iid, project_id = nil)
+      project = project_id ? find_project!(project_id) : user_project
+      IssuesFinder.new(current_user, project_id: project.id).find_by!(iid: iid)
    end

    def find_project_merge_request(iid)

--- a/lib/api/issue_links.rb
+++ b/lib/api/issue_links.rb
+module API
+  class IssueLinks < Grape::API
+    include PaginationParams
+
+    before { authenticate! }
+
+    params do
+      requires :id, type: String, desc: 'The ID of a project'
+      requires :issue_iid, type: Integer, desc: 'The internal ID of a project issue'
+    end
+    resource :projects, requirements: { id: %r{[^/]+} } do
+      desc 'Get related issues' do
+        success Entities::RelatedIssue
+      end
+      get ':id/issues/:issue_iid/links' do
+        source_issue = find_project_issue(params[:issue_iid])
+        related_issues = source_issue.related_issues(current_user)
+
+        present related_issues,
+                with: Entities::RelatedIssue,
+                current_user: current_user,
+                project: user_project
+      end
+
+      desc 'Relate issues' do
+        success Entities::IssueLink
+      end
+      params do
+        requires :target_project_id, type: String, desc: 'The ID of the target project'
+        requires :target_issue_iid, type: Integer, desc: 'The IID of the target issue'
+      end
+      post ':id/issues/:issue_iid/links' do
+        source_issue = find_project_issue(params[:issue_iid])
+        target_issue = find_project_issue(declared_params[:target_issue_iid],
+                                          declared_params[:target_project_id])
+
+        create_params = { target_issue: target_issue }
+
+        result = ::IssueLinks::CreateService
+                   .new(source_issue, current_user, create_params)
+                   .execute
+
+        if result[:status] == :success
+          issue_link = IssueLink.find_by!(source: source_issue, target: target_issue)
+
+          present issue_link, with: Entities::IssueLink
+        else
+          render_api_error!(result[:message], result[:http_status])
+        end
+      end
+
+      desc 'Remove issues relation' do
+        success Entities::IssueLink
+      end
+      params do
+        requires :issue_link_id, type: Integer, desc: 'The ID of an issue link'
+      end
+      delete ':id/issues/:issue_iid/links/:issue_link_id' do
+        issue_link = IssueLink.find(declared_params[:issue_link_id])
+
+        find_project_issue(params[:issue_iid])
+        find_project_issue(issue_link.target.iid.to_s, issue_link.target.project_id.to_s)
+
+        result = ::IssueLinks::DestroyService
+                   .new(issue_link, current_user)
+                   .execute
+
+        if result[:status] == :success
+          present issue_link, with: Entities::IssueLink
+        else
+          render_api_error!(result[:message], result[:http_status])
+        end
+      end
+    end
+  end
+end
--- a/spec/models/issue_spec.rb
+++ b/spec/models/issue_spec.rb
@@ -329,6 +329,27 @@ describe Issue, models: true do
    end
  end

+  describe '#related_issues' do
+    let(:user) { create(:user) }
+    let(:authorized_project) { create(:empty_project) }
+    let(:unauthorized_project) { create(:empty_project) }
+
+    let(:authorized_issue_a) { create(:issue, project: authorized_project) }
+    let(:authorized_issue_b) { create(:issue, project: authorized_project) }
+    let(:unauthorized_issue) { create(:issue, project: unauthorized_project) }
+
+    let!(:issue_link_a) { create(:issue_link, source: authorized_issue_a, target: authorized_issue_b) }
+    let!(:issue_link_b) { create(:issue_link, source: authorized_issue_a, target: unauthorized_issue) }
+
+    before do
+      authorized_project.add_developer(user)
+    end
+
+    it 'returns only authorized related issues for given user' do
+      expect(authorized_issue_a.related_issues(user)).to contain_exactly(authorized_issue_b)
+    end
+  end
+
  describe '#has_related_branch?' do
    let(:issue) { create(:issue, title: "Blue Bell Knoll") }
    subject { issue.has_related_branch? }

--- a/spec/requests/api/issue_links_spec.rb
+++ b/spec/requests/api/issue_links_spec.rb
+require 'spec_helper'
+
+describe API::IssueLinks do
+  let(:user) { create(:user) }
+  let(:project) { create(:empty_project) }
+  let(:issue) { create(:issue, project: project) }
+
+  before do
+    project.add_guest(user)
+  end
+
+  describe 'GET /links' do
+    context 'when unauthenticated' do
+      it 'returns 401' do
+        get api("/projects/#{project.id}/issues/#{issue.iid}/links")
+
+        expect(response).to have_http_status(401)
+      end
+    end
+
+    context 'when authenticated' do
+      it 'returns related issues' do
+        target_issue = create(:issue, project: project)
+        create(:issue_link, source: issue, target: target_issue)
+
+        get api("/projects/#{project.id}/issues/#{issue.iid}/links", user)
+
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_an Array
+        expect(json_response.length).to eq(1)
+        expect(json_response.first).to include('iid', 'title', 'issue_link_id')
+      end
+    end
+  end
+
+  describe 'POST /links' do
+    context 'when unauthenticated' do
+      it 'returns 401' do
+        target_issue = create(:issue)
+
+        post api("/projects/#{project.id}/issues/#{issue.iid}/links"),
+             target_project_id: target_issue.project.id, target_issue_iid: target_issue.iid
+
+        expect(response).to have_http_status(401)
+      end
+    end
+
+    context 'when authenticated' do
+      context 'given target project not found' do
+        it 'returns 404' do
+          target_issue = create(:issue)
+
+          post api("/projects/#{project.id}/issues/#{issue.iid}/links", user),
+               target_project_id: 999, target_issue_iid: target_issue.iid
+
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Project Not Found')
+        end
+      end
+
+      context 'given target issue not found' do
+        it 'returns 404' do
+          target_project = create(:empty_project, :public)
+
+          post api("/projects/#{project.id}/issues/#{issue.iid}/links", user),
+               target_project_id: target_project.id, target_issue_iid: 999
+
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Not found')
+        end
+      end
+
+      context 'when user does not have write access to given issue' do
+        it 'returns 404' do
+          unauthorized_project = create(:empty_project)
+          target_issue = create(:issue, project: unauthorized_project)
+          unauthorized_project.add_guest(user)
+
+          post api("/projects/#{project.id}/issues/#{issue.iid}/links", user),
+               target_project_id: unauthorized_project.id, target_issue_iid: target_issue.iid
+
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('No Issue found for given params')
+        end
+      end
+
+      context 'when trying to relate to a confidential issue' do
+        it 'returns 404' do
+          project = create(:empty_project, :public)
+          target_issue = create(:issue, :confidential, project: project)
+
+          post api("/projects/#{project.id}/issues/#{issue.iid}/links", user),
+               target_project_id: project.id, target_issue_iid: target_issue.iid
+
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Not found')
+        end
+      end
+
+      context 'when trying to relate to a private project issue' do
+        it 'returns 404' do
+          project = create(:empty_project, :private)
+          target_issue = create(:issue, project: project)
+
+          post api("/projects/#{project.id}/issues/#{issue.iid}/links", user),
+               target_project_id: project.id, target_issue_iid: target_issue.iid
+
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Project Not Found')
+        end
+      end
+
+      context 'when user has ability to create an issue link' do
+        it 'returns 201' do
+          target_issue = create(:issue, project: project)
+          project.add_reporter(user)
+
+          post api("/projects/#{project.id}/issues/#{issue.iid}/links", user),
+               target_project_id: project.id, target_issue_iid: target_issue.iid
+
+          expect(response).to have_http_status(201)
+          expect(json_response).to include('source_issue', 'target_issue')
+        end
+
+        it 'returns 201 when sending full path of target project' do
+          target_issue = create(:issue, project: project)
+          project.add_reporter(user)
+
+          post api("/projects/#{project.id}/issues/#{issue.iid}/links", user),
+               target_project_id: project.to_reference(full: true), target_issue_iid: target_issue.iid
+
+          expect(response).to have_http_status(201)
+          expect(json_response).to include('source_issue', 'target_issue')
+        end
+      end
+    end
+  end
+
+  describe 'DELETE /links/:issue_link_id' do
+    context 'when unauthenticated' do
+      it 'returns 401' do
+        issue_link = create(:issue_link)
+
+        delete api("/projects/#{project.id}/issues/#{issue.iid}/links/#{issue_link.id}")
+
+        expect(response).to have_http_status(401)
+      end
+    end
+
+    context 'when authenticated' do
+      context 'when user does not have write access to given issue link' do
+        it 'returns 404' do
+          unauthorized_project = create(:empty_project)
+          target_issue = create(:issue, project: unauthorized_project)
+          issue_link = create(:issue_link, source: issue, target: target_issue)
+          unauthorized_project.add_guest(user)
+
+          delete api("/projects/#{project.id}/issues/#{issue.iid}/links/#{issue_link.id}", user)
+
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('No Issue Link found')
+        end
+      end
+
+      context 'issue link not found' do
+        it 'returns 404' do
+          delete api("/projects/#{project.id}/issues/#{issue.iid}/links/999", user)
+
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Not found')
+        end
+      end
+
+      context 'when trying to delete a link with a private project issue' do
+        it 'returns 404' do
+          project = create(:empty_project, :private)
+          target_issue = create(:issue, project: project)
+          issue_link = create(:issue_link, source: issue, target: target_issue)
+
+          delete api("/projects/#{project.id}/issues/#{issue.iid}/links/#{issue_link.id}", user)
+
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Project Not Found')
+        end
+      end
+
+      context 'when user has ability to delete the issue link' do
+        it 'returns 200' do
+          target_issue = create(:issue, project: project)
+          issue_link = create(:issue_link, source: issue, target: target_issue)
+          project.add_reporter(user)
+
+          delete api("/projects/#{project.id}/issues/#{issue.iid}/links/#{issue_link.id}", user)
+
+          expect(response).to have_http_status(200)
+          expect(json_response).to include('source_issue', 'target_issue')
+        end
+      end
+    end
+  end
+end
--- a/spec/requests/projects/issue_links_controller_spec.rb
+++ b/spec/requests/projects/issue_links_controller_spec.rb
@@ -73,15 +73,15 @@ describe Projects::IssueLinksController do

          list_service_response = IssueLinks::ListService.new(issue, user).execute

-          expect(response).to have_http_status(401)
-          expect(json_response).to eq('message' => 'No Issue found for given reference', 'issues' => list_service_response.as_json)
+          expect(response).to have_http_status(404)
+          expect(json_response).to eq('message' => 'No Issue found for given params', 'issues' => list_service_response.as_json)
        end
      end
    end
  end

  describe 'DELETE /*namespace_id/:project_id/issues/:issue_id/link/:id' do
-    let(:issue_link) { create :issue_link, target: referenced_issue }
+    let(:issue_link) { create :issue_link, source: issue, target: referenced_issue }

    before do
      project.team << [user, user_role]
@@ -105,10 +105,10 @@ describe Projects::IssueLinksController do
        let(:referenced_issue) { create :issue }
        let(:user_role) { :developer }

-        it 'returns 403' do
+        it 'returns 404' do
          delete namespace_project_issue_link_path(issue_links_params(id: issue_link.id))

-          expect(response).to have_http_status(403)
+          expect(response).to have_http_status(404)
        end
      end
    end

--- a/spec/services/issue_links/create_service_spec.rb
+++ b/spec/services/issue_links/create_service_spec.rb
@@ -25,7 +25,7 @@ describe IssueLinks::CreateService, service: true do
      end

      it 'returns error' do
-        is_expected.to eq(message: 'No Issue found for given reference', status: :error, http_status: 401)
+        is_expected.to eq(message: 'No Issue found for given params', status: :error, http_status: 404)
      end
    end

@@ -35,7 +35,7 @@ describe IssueLinks::CreateService, service: true do
      end

      it 'returns error' do
-        is_expected.to eq(message: 'No Issue found for given reference', status: :error, http_status: 401)
+        is_expected.to eq(message: 'No Issue found for given params', status: :error, http_status: 404)
      end

      it 'no relationship is created' do
@@ -53,7 +53,7 @@ describe IssueLinks::CreateService, service: true do
      it 'returns error' do
        target_issue.project.add_guest(user)

-        is_expected.to eq(message: 'No Issue found for given reference', status: :error, http_status: 401)
+        is_expected.to eq(message: 'No Issue found for given params', status: :error, http_status: 404)
      end

      it 'no relationship is created' do

--- a/spec/services/issue_links/destroy_service_spec.rb
+++ b/spec/services/issue_links/destroy_service_spec.rb
@@ -2,27 +2,58 @@ require 'spec_helper'

 describe IssueLinks::DestroyService, service: true do
  describe '#execute' do
-    let(:user) { create :user }
-    let!(:issue_link) { create :issue_link }
+    let(:project) { create(:empty_project) }
+    let(:user) { create(:user) }

    subject { described_class.new(issue_link, user).execute }

-    it 'removes related issue' do
-      expect { subject }.to change(IssueLink, :count).from(1).to(0)
-    end
+    context 'when successfully removes an issue link' do
+      let(:issue_a) { create(:issue, project: project) }
+      let(:issue_b) { create(:issue, project: project) }
+
+      let!(:issue_link) { create(:issue_link, source: issue_a, target: issue_b) }
+
+      before do
+        project.add_reporter(user)
+      end
+
+      it 'removes related issue' do
+        expect { subject }.to change(IssueLink, :count).from(1).to(0)
+      end
+
+      it 'creates notes' do
+        # Two-way notes creation
+        expect(SystemNoteService).to receive(:unrelate_issue)
+                                       .with(issue_link.source, issue_link.target, user)
+        expect(SystemNoteService).to receive(:unrelate_issue)
+                                       .with(issue_link.target, issue_link.source, user)

-    it 'creates notes' do
-      # Two-way notes creation
-      expect(SystemNoteService).to receive(:unrelate_issue)
-        .with(issue_link.source, issue_link.target, user)
-      expect(SystemNoteService).to receive(:unrelate_issue)
-        .with(issue_link.target, issue_link.source, user)
+        subject
+      end

-      subject
+      it 'returns success message' do
+        is_expected.to eq(message: 'Relation was removed', status: :success)
+      end
    end

-    it 'returns success message' do
-      is_expected.to eq(message: 'Relation was removed', status: :success)
+    context 'when failing to remove an issue link' do
+      let(:unauthorized_project) { create(:empty_project) }
+      let(:issue_a) { create(:issue, project: project) }
+      let(:issue_b) { create(:issue, project: unauthorized_project) }
+
+      let!(:issue_link) { create(:issue_link, source: issue_a, target: issue_b) }
+
+      it 'does not remove relation' do
+        expect { subject }.not_to change(IssueLink, :count).from(1)
+      end
+
+      it 'does not create notes' do
+        expect(SystemNoteService).not_to receive(:unrelate_issue)
+      end
+
+      it 'returns error message' do
+        is_expected.to eq(message: 'No Issue Link found', status: :error, http_status: 404)
+      end
    end
  end
 end