Project security dashboard not visible to custom guest with read_vulnerability
Description
Currently, a custom guest with read_vulnerability
gets a 404 when trying to visit the project security dashboard page.
Interestingly, if the custom role is on a group, they can see the group security dashboard page. That was validated here: #411851 (comment 1507068670)
The custom guest user with read_vulnerability
can see also see the project-level vulnerability report but not the security dashboard.
This is because access_security_and_compliance
is required to view this.
This also came up in another MR related to custom roles: !128921 (diffs, comment 1506977575)
We need to either enable access_security_and_compliance
for custom role users or we need to refactor the usage of that ability.
What I see
A 404
What I should see
The project security dashboard
Edited by Jessie Young