Merge branch '15513-fix-undefined-can-method' into 'master'

Use the `can?` helper instead of `current_user.can?`

Fixes #15513.

See merge request !3882

CHANGELOG

 Please view this file on the master branch, on stable branches it's out of date.
 
+v 8.8.0 (unreleased)
+
+v 8.7.1 (unreleased)
+  - Use the `can?` helper instead of `current_user.can?`
+
 v 8.7.0
   - Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
   - Fix vulnerability that made it possible to gain access to private labels and milestones

app/views/projects/project_members/_shared_group_members.html.haml

@@ -8,7 +8,7 @@
       group, members with
       %strong #{group_links.human_access}
       role (#{shared_group_users_count})
-      - if current_user.can?(:admin_group, shared_group)
+      - if can?(current_user, :admin_group, shared_group)
         .panel-head-actions
           = link_to group_group_members_path(shared_group), class: 'btn btn-sm' do
             %i.fa.fa-pencil-square-o

spec/features/projects/members/anonymous_user_sees_members_spec.rb

+require 'spec_helper'
+
+feature 'Projects > Members > Anonymous user sees members', feature: true do
+  let(:user) { create(:user) }
+  let(:group) { create(:group, :public) }
+  let(:project) { create(:empty_project, :public) }
+
+  background do
+    project.team << [user, :master]
+    create(:project_group_link, project: project, group: group)
+  end
+
+  scenario "anonymous user visits the project's members page and sees the list of members" do
+    visit namespace_project_project_members_path(project.namespace, project)
+
+    expect(current_path).to eq(
+      namespace_project_project_members_path(project.namespace, project))
+    expect(page).to have_content(user.name)
+  end
+end