Checks project feature flag for 1st class vulns

ee/lib/api/helpers/vulnerabilities_hooks.rb

@@ -6,8 +6,8 @@ module API
       extend ActiveSupport::Concern
 
       included do
-        before do
-          not_found! unless Feature.enabled?(:first_class_vulnerabilities)
+        after do
+          not_found! unless Feature.enabled?(:first_class_vulnerabilities, @project)
 
           authenticate!
         end

ee/lib/api/vulnerabilities.rb

@@ -34,6 +34,7 @@ module API
       end
       get ':id' do
         vulnerability = Vulnerability.find(params[:id])
+        @project = vulnerability.project
         authorize_vulnerability!(vulnerability, :read_vulnerability)
         render_vulnerability(vulnerability)
       end
@@ -43,6 +44,7 @@ module API
       end
       post ':id/resolve' do
         vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
+        @project = vulnerability.project
         break not_modified! if vulnerability.resolved?
 
         vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute
@@ -54,6 +56,7 @@ module API
       end
       post ':id/dismiss' do
         vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
+        @project = vulnerability.project
         break not_modified! if vulnerability.dismissed?
 
         vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute
@@ -65,6 +68,7 @@ module API
       end
       post ':id/confirm' do
         vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
+        @project = vulnerability.project
         break not_modified! if vulnerability.confirmed?
 
         vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, vulnerability).execute