Skip to content

Do not try to auto-complete vulnerabilities if the user is nil

Mehmet Emin INAC requested to merge 346247_authorize_auto_complete_action_for_vulnerabilities into master

What does this MR do and why?

This usually happens when the user signouts from a different browser tab and then tries to add a note to an issue with the [vulnerability: prefix in it.

My initial idea was to add an authorization check to the controller layer and respond with "HTTP 403 or 404" but this breaks the client-side logic.

Screenshots

After this fix, the loading indicator gets removed correctly;

Screenshot_2021-11-23_at_14.36.25

Before this fix(and the same if we try to apply authorization on controller layer), the loading indicator stays after the HTTP request completes;

Screenshot_2021-11-23_at_14.47.09

Related to #346247 (closed)(https://sentry.gitlab.net/gitlab/gitlabcom/issues/2953033).

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports