1 files changed, 38 insertions, 0 deletions

diff --git a/app/controllers/projects/releases/evidences_controller.rb b/app/controllers/projects/releases/evidences_controller.rb
new file mode 100644
index 00000000000..34e450d903f
--- /dev/null
+++ b/app/controllers/projects/releases/evidences_controller.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Projects
+  module Releases
+    class EvidencesController < Projects::ApplicationController
+      before_action :require_non_empty_project
+      before_action :release
+      before_action :authorize_read_release_evidence!
+
+      def show
+        respond_to do |format|
+          format.json do
+            render json: evidence.summary
+          end
+        end
+      end
+
+      private
+
+      def authorize_read_release_evidence!
+        access_denied! unless Feature.enabled?(:release_evidence, project, default_enabled: true)
+        access_denied! unless can?(current_user, :read_release_evidence, evidence)
+      end
+
+      def release
+        @release ||= project.releases.find_by_tag!(sanitized_tag_name)
+      end
+
+      def evidence
+        release.evidences.find(params[:id])
+      end
+
+      def sanitized_tag_name
+        CGI.unescape(params[:tag])
+      end
+    end
+  end
+end