[FE] Pipeline security tab allows changing a vulnerability status

Summary

The pipeline security tab allows you to select vulnerabilities to dismiss when it should not. The admin_vulnerability permission is required to change the status of a Vulnerability. When someone without the appropriate access attempts to dismiss a vulnerability from here an error is returned in GraphQL response. The GraphQL Mutation will reject this change when this happens.

Steps to reproduce

Enable the disable_developer_access_to_admin_vulnerability feature flag on a Group actor.
Log in with an account that has Developer access to the group.
Visit the Pipeline Security Tab

Example Project

https://gitlab.com/custom-roles-root-group/custom-roles-testing/

What is the current bug behavior?

The user interface allows a user without the admin_vulnerability permission to attempt to change a vulnerability status.

What is the expected correct behavior?

The user interface does not allow a user that does not have the admin_vulnerability permission to attempt to change a vulnerability status.

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Results of GitLab environment info

Results of GitLab application Check

Possible fixes

Edited Nov 20, 2023 by mo khan