Incorrect 403 Forbidden in /commits and /branches API resources when Repository Disabled

Summary

When a project's settings have Repository set to Disabled, an API call to /projects/:id/repository/commits or /projects/:id/repository/branches results in a 403 Forbidden. This is not true: In fact the user would have permission, but the project feature is disabled. There should be a better response for this.

This is important because we are trying to iterate over all projects and get branches & commits, but with a 403 response we don't know if we truly are missing necessary permissions or if the repository feature is disabled.

The right response is probably a 204, but I am not positive about this.

Steps to reproduce

In Settings -> General -> Permissions, disable Repository, like the screenshot below:

Then run:

curl --header "Private-Token: ***" https://{GITLAB-URL}/api/v4/projects/{projectId}/repository/branches

{"message":"403 Forbidden"}

Re-enable the Repository and you will see you get a response to this same API call.

What is the current bug behavior?

403 Forbidden response

What is the expected correct behavior?

Probably a 204 No Content Found with a custom message "Repository feature is disabled on this project"

Edited Aug 29, 2018 by Andrew Warzon