Incorrect 403 Forbidden in /commits and /branches API resources when Repository Disabled
Summary
When a project's settings have Repository set to Disabled, an API call to /projects/:id/repository/commits
or /projects/:id/repository/branches
results in a 403 Forbidden. This is not true: In fact the user would have permission, but the project feature is disabled. There should be a better response for this.
This is important because we are trying to iterate over all projects and get branches & commits, but with a 403 response we don't know if we truly are missing necessary permissions or if the repository feature is disabled.
The right response is probably a 204, but I am not positive about this.
Steps to reproduce
In Settings -> General -> Permissions, disable Repository, like the screenshot below:
Then run:
curl --header "Private-Token: ***" https://{GITLAB-URL}/api/v4/projects/{projectId}/repository/branches
{"message":"403 Forbidden"}
Re-enable the Repository and you will see you get a response to this same API call.
What is the current bug behavior?
403 Forbidden response
What is the expected correct behavior?
Probably a 204 No Content Found with a custom message "Repository feature is disabled on this project"