Render 404 whenever we cannot find or not authorized Issue/IssueLink

lib/api/issue_links.rb

@@ -46,7 +46,7 @@ module API
 
           present issue_link, with: Entities::IssueLink
         else
-          render_api_error!(result[:message], result[:http_status])
+          not_found!
         end
       end
 
@@ -66,7 +66,7 @@ module API
         if result[:status] == :success
           present issue_link, with: Entities::IssueLink
         else
-          render_api_error!(result[:message], result[:http_status])
+          not_found!
         end
       end
     end

spec/requests/api/issue_links_spec.rb

@@ -54,22 +54,24 @@ describe API::IssueLinks do
                target_project_id: 999, target_issue_iid: target_issue.iid
 
           expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Project Not Found')
         end
       end
 
       context 'given target issue not found' do
         it 'returns 404' do
-          target_project = create(:empty_project)
+          target_project = create(:empty_project, :public)
 
           post api("/projects/#{project.id}/issues/#{issue.iid}/links", user),
                target_project_id: target_project.id, target_issue_iid: 999
 
           expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Not found')
         end
       end
 
       context 'when user does not have write access to given issue' do
-        it 'returns 401' do
+        it 'returns 404' do
           unauthorized_project = create(:empty_project)
           target_issue = create(:issue, project: unauthorized_project)
           unauthorized_project.add_guest(user)
@@ -77,8 +79,8 @@ describe API::IssueLinks do
           post api("/projects/#{project.id}/issues/#{issue.iid}/links", user),
                target_project_id: unauthorized_project.id, target_issue_iid: target_issue.iid
 
-          expect(response).to have_http_status(401)
-          expect(json_response['message']).to eq('No Issue found for given params')
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Not Found')
         end
       end
 
@@ -91,6 +93,7 @@ describe API::IssueLinks do
                target_project_id: project.id, target_issue_iid: target_issue.iid
 
           expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Not found')
         end
       end
 
@@ -103,6 +106,7 @@ describe API::IssueLinks do
                target_project_id: project.id, target_issue_iid: target_issue.iid
 
           expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Project Not Found')
         end
       end
 
@@ -145,7 +149,7 @@ describe API::IssueLinks do
 
     context 'when authenticated' do
       context 'when user does not have write access to given issue link' do
-        it 'returns 401' do
+        it 'returns 404' do
           unauthorized_project = create(:empty_project)
           target_issue = create(:issue, project: unauthorized_project)
           issue_link = create(:issue_link, source: issue, target: target_issue)
@@ -153,7 +157,8 @@ describe API::IssueLinks do
 
           delete api("/projects/#{project.id}/issues/#{issue.iid}/links/#{issue_link.id}", user)
 
-          expect(response).to have_http_status(401)
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Not Found')
         end
       end
 
@@ -162,18 +167,20 @@ describe API::IssueLinks do
           delete api("/projects/#{project.id}/issues/#{issue.iid}/links/999", user)
 
           expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Not found')
         end
       end
 
       context 'when trying to delete a link with a private project issue' do
-        it 'returns 401' do
+        it 'returns 404' do
           project = create(:empty_project, :private)
           target_issue = create(:issue, project: project)
           issue_link = create(:issue_link, source: issue, target: target_issue)
 
           delete api("/projects/#{project.id}/issues/#{issue.iid}/links/#{issue_link.id}", user)
 
-          expect(response).to have_http_status(401)
+          expect(response).to have_http_status(404)
+          expect(json_response['message']).to eq('404 Not Found')
         end
       end
 

spec/services/issue_links/destroy_service_spec.rb

@@ -2,16 +2,16 @@ require 'spec_helper'
 
 describe IssueLinks::DestroyService, service: true do
   describe '#execute' do
-    let(:project) { create :empty_project }
-    let(:user) { create :user }
+    let(:project) { create(:empty_project) }
+    let(:user) { create(:user) }
 
     subject { described_class.new(issue_link, user).execute }
 
     context 'when successfully removes an issue link' do
-      let(:issue_a) { create :issue, project: project }
-      let(:issue_b) { create :issue, project: project }
+      let(:issue_a) { create(:issue, project: project) }
+      let(:issue_b) { create(:issue, project: project) }
 
-      let!(:issue_link) { create :issue_link, source: issue_a, target: issue_b }
+      let!(:issue_link) { create(:issue_link, source: issue_a, target: issue_b) }
 
       before do
         project.add_reporter(user)
@@ -37,11 +37,11 @@ describe IssueLinks::DestroyService, service: true do
     end
 
     context 'when failing to remove an issue link' do
-      let(:unauthorized_project) { create :empty_project }
-      let(:issue_a) { create :issue, project: project }
-      let(:issue_b) { create :issue, project: unauthorized_project }
+      let(:unauthorized_project) { create(:empty_project) }
+      let(:issue_a) { create(:issue, project: project) }
+      let(:issue_b) { create(:issue, project: unauthorized_project) }
 
-      let!(:issue_link) { create :issue_link, source: issue_a, target: issue_b }
+      let!(:issue_link) { create(:issue_link, source: issue_a, target: issue_b) }
 
       it 'does not remove relation' do
         expect { subject }.not_to change(IssueLink, :count).from(1)