Fix VulnerabilitiesController authorization for new action spec
What does this MR do and why?
The previous version of the spec was not testing the authorization at all. This can be confirmed by just removing the before_action :authorize_create_vulnerability!, only: :new
callback(It will continue passing). The reason is, we have a mixin called SecurityAndCompliancePermissions
which checks if the "Security & Compliance" related features are enabled which can not be accessed by a guest user anyway so the execution halt by the callbacks included by that mixin.
Regardless of this issue, I don't think that we should test every single detail of the policies as they are already being tested by their own specs.
Related to !74505 (merged).
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.