Security options "Configure with a merge request" are available even though MRs are deactivated for a project, yield 404 error

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Collaborate/take over this issue

Summary

There seems to be a missing check for the merge_requests_enabled settings on the /-/security/configuration page.

Steps to reproduce

1. In any GitLab.com project, toggle Merge requests off on its /edit#js-shared-permissions page.
2. On /-/security/configuration use any of the Configure with a merge request options.
3. This should redirect to a /-/merge_requests/new?merge_request[description]=Configure+Dependency+Scanning+in+`.gitlab-ci.yml`+using+the+GitLab+managed+template.+You+can+[add+variable+overrides](https%3A%2F%2Fdocs.gitlab.com%2Fee%2Fuser%2Fapplication_security%2Fdependency_scanning%2F%23customizing-the-dependency-scanning-settings)+to+customize+Dependency+Scanning+settings.&merge_request[source_branch]=set-dependency-scanning-config-1 page or similar.
4. Toggle MRs on again, and repeat steps 2 & 3 => MR page loads fine.

Example Project

What is the current bug behavior?

The options are available, without any hint about MRs being disabled in the project. Step 3 fails with a 404 error.

What is the expected correct behavior?

• Step 3 auto-toggles merge_requests_enabled: true in on-the-fly.
• The /-/security/configuration UI should contain any hint about MRs needing to be enabled in the project.
• The Merge requests toggle is presented in the relevant sections of /-/security/configuration so users see which option requires that feature.

Relevant logs and/or screenshots

Doesn't seem very useful, as it's an easily reproduced logic bug.

Output of checks: This bug happens on GitLab.com

Results of GitLab environment info

Results of GitLab application Check

Possible fixes

See expected behaviour ideas above.