Add latest changes from gitlab-org/gitlab@15-8-stable-eev15.8.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-01-18 22:00:14 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-01-18 22:00:14 +0300
commit: 05f0ebba3a2c8ddf39e436f412dc2ab5bf1353b2 (patch)
tree: 11d0f2a6ec31c7793c184106cedc2ded3d9a2cc5 /app/controllers/projects
parent: ec73467c23693d0db63a797d10194da9e72a74af (diff)
18 files changed, 132 insertions, 58 deletions
diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb
index c3dcde38d09..3201538a393 100644
--- a/app/controllers/projects/artifacts_controller.rb
+++ b/app/controllers/projects/artifacts_controller.rb
@@ -82,6 +82,7 @@ class Projects::ArtifactsController < Projects::ApplicationController
 
   def raw
     return render_404 unless zip_artifact?
+    return render_404 unless artifacts_file
 
     path = Gitlab::Ci::Build::Artifacts::Path.new(params[:path])
 
diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb
index ef20c71cd77..000203079cc 100644
--- a/app/controllers/projects/autocomplete_sources_controller.rb
+++ b/app/controllers/projects/autocomplete_sources_controller.rb
@@ -5,7 +5,7 @@ class Projects::AutocompleteSourcesController < Projects::ApplicationController
   before_action :authorize_read_crm_contact!, only: :contacts
 
   feature_category :team_planning, [:issues, :labels, :milestones, :commands, :contacts]
-  feature_category :code_review, [:merge_requests]
+  feature_category :code_review_workflow, [:merge_requests]
   feature_category :users, [:members]
   feature_category :source_code_management, [:snippets]
 
@@ -33,7 +33,7 @@ class Projects::AutocompleteSourcesController < Projects::ApplicationController
   end
 
   def commands
-    render json: autocomplete_service.commands(target, params[:type])
+    render json: autocomplete_service.commands(target)
   end
 
   def snippets
diff --git a/app/controllers/projects/ci/pipeline_editor_controller.rb b/app/controllers/projects/ci/pipeline_editor_controller.rb
index 84e5d59a2c3..1942a5fef7b 100644
--- a/app/controllers/projects/ci/pipeline_editor_controller.rb
+++ b/app/controllers/projects/ci/pipeline_editor_controller.rb
@@ -2,9 +2,6 @@
 
 class Projects::Ci::PipelineEditorController < Projects::ApplicationController
   before_action :check_can_collaborate!
-  before_action do
-    push_frontend_feature_flag(:schema_linting, @project)
-  end
 
   feature_category :pipeline_authoring
 
diff --git a/app/controllers/projects/design_management/designs/resized_image_controller.rb b/app/controllers/projects/design_management/designs/resized_image_controller.rb
index 50a997f32db..6bf304419e1 100644
--- a/app/controllers/projects/design_management/designs/resized_image_controller.rb
+++ b/app/controllers/projects/design_management/designs/resized_image_controller.rb
@@ -8,12 +8,13 @@ module Projects
         include SendFileUpload
 
         before_action :validate_size!
+        before_action :validate_sha!
 
         skip_before_action :default_cache_headers, only: :show
 
         def show
           relation = design.actions
-          relation = relation.up_to_version(sha) if sha
+          relation = relation.up_to_version(version) if version
           action = relation.most_recent.first
 
           return render_404 unless action
@@ -37,9 +38,19 @@ module Projects
           render_404 unless ::DesignManagement::DESIGN_IMAGE_SIZES.include?(size)
         end
 
+        def validate_sha!
+          render_404 if sha && version.blank?
+        end
+
         def size
           params[:id]
         end
+
+        def version
+          return if sha.blank?
+
+          @version ||= design.versions.find_by_sha(sha)
+        end
       end
     end
   end
diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb
index 537fd3854c4..ea1288c0b20 100644
--- a/app/controllers/projects/environments_controller.rb
+++ b/app/controllers/projects/environments_controller.rb
@@ -299,6 +299,16 @@ class Projects::EnvironmentsController < Projects::ApplicationController
   def authorize_update_environment!
     access_denied! unless can?(current_user, :update_environment, environment)
   end
+
+  def append_info_to_payload(payload)
+    super
+
+    return unless Feature.enabled?(:environments_search_logging) && params[:search].present?
+
+    # Merging to :metadata will ensure these are logged as top level keys
+    payload[:metadata] ||= {}
+    payload[:metadata]['meta.environment.search'] = params[:search]
+  end
 end
 
 Projects::EnvironmentsController.prepend_mod_with('Projects::EnvironmentsController')
diff --git a/app/controllers/projects/google_cloud/deployments_controller.rb b/app/controllers/projects/google_cloud/deployments_controller.rb
index 041486eb2fb..fae8dbd59c7 100644
--- a/app/controllers/projects/google_cloud/deployments_controller.rb
+++ b/app/controllers/projects/google_cloud/deployments_controller.rb
@@ -75,6 +75,13 @@ The `deploy-to-cloud-run` job:
     * `GCP_PROJECT_ID`
     * `GCP_SERVICE_ACCOUNT_KEY`
 * Job definition can be found at: https://gitlab.com/gitlab-org/incubation-engineering/five-minute-production/library
+* Uses CI/CD variables to configure the deployment. You can override the default values by adding these variables:
+    * `GCP_CLOUD_RUN_MAX_INSTANCES`
+    * `GCP_CLOUD_RUN_MIN_INSTANCES`
+    * `GCP_CLOUD_RUN_CONCURRENCY`
+    * `GCP_CLOUD_RUN_CPU`
+    * `GCP_CLOUD_RUN_MEMORY`
+    * `GCP_CLOUD_RUN_TIMEOUT`
 
 This pipeline definition has been committed to the branch `#{branch_name}`.
 You may modify the pipeline definition further or accept the changes as-is if suitable.
diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb
index 08eebfa0e4b..451f1d1363b 100644
--- a/app/controllers/projects/group_links_controller.rb
+++ b/app/controllers/projects/group_links_controller.rb
@@ -2,13 +2,13 @@
 
 class Projects::GroupLinksController < Projects::ApplicationController
   layout 'project_settings'
-  before_action :authorize_admin_project!
+  before_action :authorize_admin_project!, except: [:destroy]
+  before_action :authorize_admin_project_group_link!, only: [:destroy]
   before_action :authorize_admin_project_member!, only: [:update]
 
   feature_category :subgroups
 
   def update
-    group_link = @project.project_group_links.find(params[:id])
     Projects::GroupLinks::UpdateService.new(group_link, current_user).execute(group_link_params)
 
     if group_link.expires?
@@ -22,13 +22,15 @@ class Projects::GroupLinksController < Projects::ApplicationController
   end
 
   def destroy
-    group_link = project.project_group_links.find(params[:id])
-
     ::Projects::GroupLinks::DestroyService.new(project, current_user).execute(group_link)
 
     respond_to do |format|
       format.html do
-        redirect_to project_project_members_path(project), status: :found
+        if can?(current_user, :admin_group, group_link.group)
+          redirect_to group_path(group_link.group), status: :found
+        elsif can?(current_user, :admin_project, group_link.project)
+          redirect_to project_project_members_path(project), status: :found
+        end
       end
       format.js { head :ok }
     end
@@ -36,6 +38,15 @@ class Projects::GroupLinksController < Projects::ApplicationController
 
   protected
 
+  def authorize_admin_project_group_link!
+    render_404 unless can?(current_user, :admin_project_group_link, group_link)
+  end
+
+  def group_link
+    @project.project_group_links.find(params[:id])
+  end
+  strong_memoize_attr :group_link
+
   def group_link_params
     params.require(:group_link).permit(:group_access, :expires_at)
   end
diff --git a/app/controllers/projects/incidents_controller.rb b/app/controllers/projects/incidents_controller.rb
index 3842a88d15b..8e4fbf24ca2 100644
--- a/app/controllers/projects/incidents_controller.rb
+++ b/app/controllers/projects/incidents_controller.rb
@@ -10,6 +10,7 @@ class Projects::IncidentsController < Projects::ApplicationController
     push_force_frontend_feature_flag(:work_items, @project&.work_items_feature_flag_enabled?)
     push_force_frontend_feature_flag(:work_items_mvc, @project&.work_items_mvc_feature_flag_enabled?)
     push_force_frontend_feature_flag(:work_items_mvc_2, @project&.work_items_mvc_2_feature_flag_enabled?)
+    push_frontend_feature_flag(:incident_event_tags, project)
   end
 
   feature_category :incident_management
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 631e697dd2f..06c16297ce8 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -27,6 +27,10 @@ class Projects::IssuesController < Projects::ApplicationController
   before_action :set_issuables_index, if: ->(c) {
     SET_ISSUABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) && !index_html_request?
   }
+  before_action :check_search_rate_limit!, if: ->(c) {
+    SET_ISSUABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) && !index_html_request? &&
+      params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches)
+  }
 
   # Allow write(create) issue
   before_action :authorize_create_issue!, only: [:new, :create]
@@ -59,7 +63,7 @@ class Projects::IssuesController < Projects::ApplicationController
     push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?)
     push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?)
     push_frontend_feature_flag(:epic_widget_edit_confirmation, project)
-    push_frontend_feature_flag(:use_iid_in_work_items_path, project)
+    push_frontend_feature_flag(:use_iid_in_work_items_path, project&.group)
     push_force_frontend_feature_flag(:work_items_create_from_markdown, project&.work_items_create_from_markdown_feature_flag_enabled?)
   end
 
@@ -436,7 +440,7 @@ class Projects::IssuesController < Projects::ApplicationController
   def create_vulnerability_issue_feedback(issue); end
 
   def redirect_if_work_item
-    return unless allowed_work_item?
+    return unless use_work_items_path?(issue)
 
     if Feature.enabled?(:use_iid_in_work_items_path, project.group)
       redirect_to project_work_items_path(project, issue.iid, params: request.query_parameters.merge(iid_path: true))
@@ -444,10 +448,6 @@ class Projects::IssuesController < Projects::ApplicationController
       redirect_to project_work_items_path(project, issue.id, params: request.query_parameters)
     end
   end
-
-  def allowed_work_item?
-    issue.task?
-  end
 end
 
 Projects::IssuesController.prepend_mod_with('Projects::IssuesController')
diff --git a/app/controllers/projects/merge_requests/application_controller.rb b/app/controllers/projects/merge_requests/application_controller.rb
index d8da448a323..be44c78ac9d 100644
--- a/app/controllers/projects/merge_requests/application_controller.rb
+++ b/app/controllers/projects/merge_requests/application_controller.rb
@@ -5,7 +5,7 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont
   before_action :merge_request
   before_action :authorize_read_merge_request!
 
-  feature_category :code_review
+  feature_category :code_review_workflow
 
   private
 
@@ -13,6 +13,10 @@ class Projects::MergeRequests::ApplicationController < Projects::ApplicationCont
     @issuable =
       @merge_request ||=
         merge_request_includes(@project.merge_requests).find_by_iid!(params[:id])
+
+    return render_404 unless can?(current_user, :read_merge_request, @issuable)
+
+    @issuable
   end
 
   def merge_request_includes(association)
diff --git a/app/controllers/projects/merge_requests/diffs_controller.rb b/app/controllers/projects/merge_requests/diffs_controller.rb
index 83377f67723..1c546d70df9 100644
--- a/app/controllers/projects/merge_requests/diffs_controller.rb
+++ b/app/controllers/projects/merge_requests/diffs_controller.rb
@@ -36,15 +36,17 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
     diff_options_hash[:paths] = params[:paths] if params[:paths]
 
     diffs = @compare.diffs_in_batch(params[:page], params[:per_page], diff_options: diff_options_hash)
-    unfoldable_positions = @merge_request.note_positions_for_paths(diffs.diff_file_paths, current_user).unfoldable
+
+    unfoldable_positions = Gitlab::Metrics.measure(:diffs_unfoldable_positions) do
+      @merge_request.note_positions_for_paths(diffs.diff_file_paths, current_user).unfoldable
+    end
 
     options = {
       merge_request: @merge_request,
       commit: commit,
       diff_view: diff_view,
       merge_ref_head_diff: render_merge_ref_head_diff?,
-      pagination_data: diffs.pagination_data,
-      merge_conflicts_in_diff: display_merge_conflicts_in_diff?
+      pagination_data: diffs.pagination_data
     }
 
     # NOTE: Any variables that would affect the resulting json needs to be added to the cache_context to avoid stale cache issues.
@@ -56,16 +58,22 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
       params[:expanded],
       params[:page],
       params[:per_page],
-      options[:merge_ref_head_diff],
-      options[:merge_conflicts_in_diff]
+      options[:merge_ref_head_diff]
     ]
 
     return unless stale?(etag: [cache_context + diff_options_hash.fetch(:paths, []), diffs])
 
-    diffs.unfold_diff_files(unfoldable_positions)
-    diffs.write_cache
+    Gitlab::Metrics.measure(:diffs_unfold) do
+      diffs.unfold_diff_files(unfoldable_positions)
+    end
+
+    Gitlab::Metrics.measure(:diffs_write_cache) do
+      diffs.write_cache
+    end
 
-    render json: PaginatedDiffSerializer.new(current_user: current_user).represent(diffs, options)
+    Gitlab::Metrics.measure(:diffs_render) do
+      render json: PaginatedDiffSerializer.new(current_user: current_user).represent(diffs, options)
+    end
   end
   # rubocop: enable Metrics/AbcSize
 
@@ -74,8 +82,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
 
     options = additional_attributes.merge(
       only_context_commits: show_only_context_commits?,
-      merge_ref_head_diff: render_merge_ref_head_diff?,
-      merge_conflicts_in_diff: display_merge_conflicts_in_diff?
+      merge_ref_head_diff: render_merge_ref_head_diff?
     )
 
     render json: DiffsMetadataSerializer.new(project: @merge_request.project, current_user: current_user)
@@ -103,8 +110,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
 
     options = additional_attributes.merge(
       diff_view: "inline",
-      merge_ref_head_diff: render_merge_ref_head_diff?,
-      merge_conflicts_in_diff: display_merge_conflicts_in_diff?
+      merge_ref_head_diff: render_merge_ref_head_diff?
     )
 
     options[:context_commits] = @merge_request.recent_context_commits
@@ -232,8 +238,4 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
     Gitlab::UsageDataCounters::MergeRequestActivityUniqueCounter
       .track_mr_diffs_single_file_action(merge_request: @merge_request, user: current_user)
   end
-
-  def display_merge_conflicts_in_diff?
-    Feature.enabled?(:display_merge_conflicts_in_diff, @merge_request.project)
-  end
 end
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 3ab1f7d1d32..b0920b3fbdb 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -28,6 +28,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
     :codequality_mr_diff_reports
   ]
   before_action :set_issuables_index, only: [:index]
+  before_action :check_search_rate_limit!, only: [:index], if: -> {
+    params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches)
+  }
   before_action :authenticate_user!, only: [:assign_related_issues]
   before_action :check_user_can_push_to_source_branch!, only: [:rebase]
 
@@ -37,7 +40,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
     push_frontend_feature_flag(:refactor_security_extension, @project)
     push_frontend_feature_flag(:refactor_code_quality_inline_findings, project)
     push_frontend_feature_flag(:moved_mr_sidebar, project)
-    push_frontend_feature_flag(:paginated_mr_discussions, project)
     push_frontend_feature_flag(:mr_review_submit_comment, project)
     push_frontend_feature_flag(:mr_experience_survey, project)
     push_frontend_feature_flag(:realtime_reviewers, project)
@@ -52,7 +54,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
 
   after_action :log_merge_request_show, only: [:show, :diffs]
 
-  feature_category :code_review, [
+  feature_category :code_review_workflow, [
     :assign_related_issues, :bulk_update, :cancel_auto_merge,
     :commit_change_content, :commits, :context_commits, :destroy,
     :discussions, :edit, :index, :merge, :rebase, :remove_wip,
@@ -387,13 +389,13 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
       end
 
       format.patch do
-        break render_404 unless @merge_request.diff_refs
+        next render_404 unless @merge_request.diff_refs
 
         send_git_patch @project.repository, @merge_request.diff_refs
       end
 
       format.diff do
-        break render_404 unless @merge_request.diff_refs
+        next render_404 unless @merge_request.diff_refs
 
         send_git_diff @project.repository, @merge_request.diff_refs
       end
@@ -512,15 +514,13 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   end
 
   def check_user_can_push_to_source_branch!
-    return access_denied! unless @merge_request.source_branch_exists?
+    result = MergeRequests::RebaseService
+      .new(project: @merge_request.source_project, current_user: current_user)
+      .validate(@merge_request)
 
-    access_check = ::Gitlab::UserAccess
-      .new(current_user, container: @merge_request.source_project)
-      .can_push_to_branch?(@merge_request.source_branch)
+    return if result.success?
 
-    access_denied! unless access_check
-
-    access_denied! unless merge_request.permits_force_push?
+    render json: { merge_error: result.message }, status: :forbidden
   end
 
   def merge_access_check
diff --git a/app/controllers/projects/ml/experiments_controller.rb b/app/controllers/projects/ml/experiments_controller.rb
index c82a959d612..1e1c4b1587c 100644
--- a/app/controllers/projects/ml/experiments_controller.rb
+++ b/app/controllers/projects/ml/experiments_controller.rb
@@ -7,10 +7,11 @@ module Projects
 
       feature_category :mlops
 
-      MAX_PER_PAGE = 20
+      MAX_EXPERIMENTS_PER_PAGE = 20
+      MAX_CANDIDATES_PER_PAGE = 30
 
       def index
-        @experiments = ::Ml::Experiment.by_project_id(@project.id).page(params[:page]).per(MAX_PER_PAGE)
+        @experiments = ::Ml::Experiment.by_project_id(@project.id).page(params[:page]).per(MAX_EXPERIMENTS_PER_PAGE)
       end
 
       def show
@@ -18,7 +19,26 @@ module Projects
 
         return redirect_to project_ml_experiments_path(@project) unless @experiment.present?
 
-        @candidates = @experiment.candidates&.including_metrics_and_params
+        page = params[:page].to_i
+        page = 1 if page == 0
+
+        @candidates = @experiment.candidates
+                                 .including_relationships
+                                 .page(page)
+                                 .per(MAX_CANDIDATES_PER_PAGE)
+
+        return unless @candidates
+
+        return redirect_to(url_for(page: @candidates.total_pages)) if @candidates.out_of_range?
+
+        @pagination = {
+          page: page,
+          is_last_page: @candidates.last_page?,
+          per_page: MAX_CANDIDATES_PER_PAGE,
+          total_items: @candidates.total_count
+        }
+
+        @candidates.each(&:artifact_lazy)
       end
 
       private
diff --git a/app/controllers/projects/pages_controller.rb b/app/controllers/projects/pages_controller.rb
index 0e990b64cd6..db0762a6cff 100644
--- a/app/controllers/projects/pages_controller.rb
+++ b/app/controllers/projects/pages_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Projects::PagesController < Projects::ApplicationController
-  layout 'project_settings'
+  layout :resolve_layout
 
   before_action :require_pages_enabled!
   before_action :authorize_read_pages!, only: [:show]
@@ -10,6 +10,10 @@ class Projects::PagesController < Projects::ApplicationController
 
   feature_category :pages
 
+  before_action do
+    push_frontend_feature_flag(:show_pages_in_deployments_menu, current_user, type: :experiment)
+  end
+
   def new
     @pipeline_wizard_data = {
       project_path: @project.full_path,
@@ -64,6 +68,10 @@ class Projects::PagesController < Projects::ApplicationController
 
   private
 
+  def resolve_layout
+    'project_settings' unless Feature.enabled?(:show_pages_in_deployments_menu, current_user, type: :experiment)
+  end
+
   def project_params
     params.require(:project).permit(project_params_attributes)
   end
diff --git a/app/controllers/projects/protected_refs_controller.rb b/app/controllers/projects/protected_refs_controller.rb
index 69a540158c6..442110d1044 100644
--- a/app/controllers/projects/protected_refs_controller.rb
+++ b/app/controllers/projects/protected_refs_controller.rb
@@ -22,7 +22,10 @@ class Projects::ProtectedRefsController < Projects::ApplicationController
       flash[:alert] = protected_ref.errors.full_messages.join(', ').html_safe
     end
 
-    redirect_to_repository_settings(@project, anchor: params[:update_section])
+    respond_to do |format|
+      format.html { redirect_to_repository_settings(@project, anchor: params[:update_section]) }
+      format.json { head :ok }
+    end
   end
 
   def show
diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb
index cf07de4dc29..f8133c5836d 100644
--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -4,6 +4,7 @@ module Projects
   module Settings
     class CiCdController < Projects::ApplicationController
       include RunnerSetupScripts
+      include ZuoraCSP
 
       NUMBER_OF_RUNNERS_PER_PAGE = 20
 
@@ -21,13 +22,11 @@ module Projects
         @entity = :project
         @variable_limit = ::Plan.default.actual_limits.project_ci_variables
 
-        if Feature.enabled?(:ci_pipeline_triggers_settings_vue_ui, @project)
-          triggers = ::Ci::TriggerSerializer.new.represent(
-            @project.triggers, current_user: current_user, project: @project
-          )
+        triggers = ::Ci::TriggerSerializer.new.represent(
+          @project.triggers, current_user: current_user, project: @project
+        )
 
-          @triggers_json = Gitlab::Json.dump(triggers)
-        end
+        @triggers_json = Gitlab::Json.dump(triggers)
 
         render
       end
diff --git a/app/controllers/projects/settings/merge_requests_controller.rb b/app/controllers/projects/settings/merge_requests_controller.rb
index 93e10695767..f09e324f574 100644
--- a/app/controllers/projects/settings/merge_requests_controller.rb
+++ b/app/controllers/projects/settings/merge_requests_controller.rb
@@ -9,7 +9,7 @@ module Projects
       before_action :present_project, only: [:edit]
       before_action :authorize_admin_project!
 
-      feature_category :code_review
+      feature_category :code_review_workflow
 
       def update
         result = ::Projects::UpdateService.new(@project, current_user, project_params).execute
diff --git a/app/controllers/projects/work_items_controller.rb b/app/controllers/projects/work_items_controller.rb
index a118c6986f7..db9dca14aab 100644
--- a/app/controllers/projects/work_items_controller.rb
+++ b/app/controllers/projects/work_items_controller.rb
@@ -5,7 +5,7 @@ class Projects::WorkItemsController < Projects::ApplicationController
     push_force_frontend_feature_flag(:work_items, project&.work_items_feature_flag_enabled?)
     push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?)
     push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?)
-    push_frontend_feature_flag(:use_iid_in_work_items_path, project)
+    push_frontend_feature_flag(:use_iid_in_work_items_path, project&.group)
   end
 
   feature_category :team_planning
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-01-18 22:00:14 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-01-18 22:00:14 +0300
commit	05f0ebba3a2c8ddf39e436f412dc2ab5bf1353b2 (patch)
tree	11d0f2a6ec31c7793c184106cedc2ded3d9a2cc5 /app/controllers/projects
parent	ec73467c23693d0db63a797d10194da9e72a74af (diff)