Prevent creation of issue from vulnerability when permission is not granted or feature is disabled
Summary
When creating an issue from a vulnerability the permission are not checked correctly which e.g. allows to create an issue even if the issues are disabled at project level.
Steps to reproduce
- have a project with vulnerabilities
- disable issues feature
- open a vulnerability and create a issue
Example Project
What is the current bug behavior?
Issue is created and user redirected to a 404
What is the expected correct behavior?
Issue created if prevented and user gets an error message, until we improve ux with https://gitlab.com/gitlab-org/gitlab-ee/issues/8150
Possible fixes
Add necessary permission check