Merge branch 'fix-error-500-internal-snippet' into 'master'

Fix Error 500 when one user attempts to access another's personal, internal snippet

### What does this MR do?

This MR fixes an Error 500 that occurred if one user tried to access another's personal, internal snippet. Steps to reproduce:

### Why was this MR needed?

1. Go to `<hostname>/snippets/new`.
2. Select "Internal".
3. Create a snippet. Save the URL (e.g. `<hostname>/snippets/20`)
4. Logout and sign in as another user.
5. Go to the URL in step 3.

### What are the relevant issue numbers?

Closes #1815

See merge request !854

CHANGELOG

@@ -10,6 +10,7 @@ v 7.13.0 (unreleased)
   - Update ssl_ciphers in Nginx example to remove DHE settings. This will deny forward secrecy for Android 2.3.7, Java 6 and OpenSSL 0.9.8
 
 v 7.12.0 (unreleased)
+  - Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu)
   - Fix post-receive errors on a push when an external issue tracker is configured (Stan Hu)
   - Update oauth button logos for Twitter and Google to recommended assets
   - Fix hooks for web based events with external issue references (Daniel Gerhardt)

app/models/ability.rb

@@ -263,7 +263,7 @@ class Ability
             :"modify_#{name}",
           ]
         else
-          if subject.respond_to?(:project)
+          if subject.respond_to?(:project) && subject.project
             project_abilities(user, subject.project)
           else
             []

features/snippets/snippets.feature

@@ -25,4 +25,15 @@ Feature: Snippets
   Scenario: I destroy "Personal snippet one"
     Given I visit snippet page "Personal snippet one"
     And I click link "Destroy"
-    Then I should not see "Personal snippet one" in snippets
+    Then I should not see "Personal snippet one" in snippets
\ No newline at end of file
+
+  Scenario: I create new internal snippet
+    Given I logout directly
+    And I sign in as an admin
+    Then I visit new snippet page
+    And I submit new internal snippet
+    Then I visit snippet page "Internal personal snippet one"
+    And I logout directly
+    Then I sign in as a user
+    Given I visit new snippet page
+    Then I visit snippet page "Internal personal snippet one"

features/steps/shared/authentication.rb

@@ -28,6 +28,10 @@ module SharedAuthentication
     logout
   end
 
+  step "I logout directly" do
+    logout_direct
+  end
+
   def current_user
     @user || User.first
   end

features/steps/snippets/snippets.rb

@@ -31,6 +31,18 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps
     click_button "Create snippet"
   end
 
+  step 'I submit new internal snippet' do
+    fill_in "personal_snippet_title", :with => "Internal personal snippet one"
+    fill_in "personal_snippet_file_name", :with => "my_snippet.rb"
+    choose 'personal_snippet_visibility_level_10'
+
+    page.within('.file-editor') do
+     find(:xpath, "//input[@id='personal_snippet_content']").set 'Content of internal snippet'
+    end
+
+    click_button "Create snippet"
+  end
+
   step 'I should see snippet "Personal snippet three"' do
     expect(page).to have_content "Personal snippet three"
     expect(page).to have_content "Content of snippet three"
@@ -58,7 +70,15 @@ class Spinach::Features::Snippets < Spinach::FeatureSteps
     visit snippet_path(snippet)
   end
 
+  step 'I visit snippet page "Internal personal snippet one"' do
+    visit snippet_path(internal_snippet)
+  end
+
   def snippet
     @snippet ||= PersonalSnippet.find_by!(title: "Personal snippet one")
   end
+
+  def internal_snippet
+    @snippet ||= PersonalSnippet.find_by!(title: "Internal personal snippet one")
+  end
 end

spec/support/login_helpers.rb

@@ -39,4 +39,9 @@ module LoginHelpers
   def logout
     find(:css, ".fa.fa-sign-out").click
   end
+
+  # Logout without JavaScript driver
+  def logout_direct
+    page.driver.submit :delete, '/users/sign_out', {}
+  end
 end