GET /Release/{id} returns HTTP403 for non-existent release
Summary
When using the release API, GET /Release/{tag_name} returns HTTP403 Forbidden instead of HTTP404 for an authorized user
Steps to reproduce
Apologies in advance for the Powershell.
Add-Type -AssemblyName System.Web
$token = $env:PERSONAL_ACCESS_TOKEN
$project_id = [system.web.httpUtility]::UrlEncode('cbrown194/hello-sched-pipelines')
$release_id = 'v1.0'
# Create a release
Invoke-RestMethod -Method POST `
-Uri "https://gitlab.com/api/v4/projects/$project_id/releases" `
-Headers @{ 'Content-Type' = 'application/json'; 'PRIVATE-TOKEN' = $token } `
-Body $(@{ name = 'fake'; tag_name = $release_id; ref = 'master'} | ConvertTo-Json -Compress)
<# Returns:
name : fake
tag_name : v1.0
description :
created_at : 2021-05-17T16:32:17.107Z
...
#>
Invoke-RestMethod -Method Delete `
-Uri "https://gitlab.com/api/v4/projects/$project_id/releases/$release_id" `
-Headers @{ 'Content-Type' = 'application/json'; 'PRIVATE-TOKEN' = $token }
<# HTTP200 OK #>
# If I can create/delete I'm clearly authorized -- attempt to retrieve it
Invoke-RestMethod `
-Uri "https://gitlab.com/api/v4/projects/$project_id/releases/$release_id" `
-Headers @{ 'Content-Type' = 'application/json'; 'PRIVATE-TOKEN' = $token }
<# Invoke-RestMethod : {"message":"403 Forbidden"} #>
Example Project
https://gitlab.com/cbrown194/hello-sched-pipelines
What is the current bug behavior?
HTTP403 Forbidden returned by the Releases API
What is the expected correct behavior?
HTTP404 Not Found returned (when using a token that's authenticated & authorized)
Edited by Carl Brown