Fix bug when accessing import and user not authenticated

When the user is not authenticated and we access the import routes, the method `can?` is called on the user but, since it's `nil`, it raises an exception.

Fix bug when accessing import and user not authenticated
When the user is not authenticated and we access the import routes, the method `can?` is called on the user but, since it's `nil`, it raises an exception.
161c812c · fjsanpedro · 0dffbcb4 · 161c812c · 161c812c · 161c812c
Commit 161c812c authored Oct 27, 2020 by fjsanpedro
3 changed files
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@@ -55,7 +55,7 @@ class Projects::ImportsController < Projects::ApplicationController
  end
  def require_namespace_project_creation_permission
-    render_404 unless current_user.can?(:admin_project, @project) || current_user.can?(:create_projects, @project.namespace)
+    render_404 unless can?(current_user, :admin_project, @project) || can?(current_user, :create_projects, @project.namespace)
  end
  def redirect_if_progress

--- a/changelogs/unreleased/fj-fix-bug-when-user-anonymous-and-import.yml
+++ b/changelogs/unreleased/fj-fix-bug-when-user-anonymous-and-import.yml
+---
+title: Fix bug accessing import route with no user
+merge_request: 46215
+author:
+type: fixed
--- a/spec/controllers/projects/imports_controller_spec.rb
+++ b/spec/controllers/projects/imports_controller_spec.rb
@@ -7,10 +7,21 @@ RSpec.describe Projects::ImportsController do
  let(:project) { create(:project) }
  before do
-    sign_in(user)
+    sign_in(user) if user
  end
  describe 'GET #show' do
+    context 'when user is not authenticated and the project is public' do
+      let(:user) { nil }
+      let(:project) { create(:project, :public) }
+      it 'returns 404 response' do
+        get :show, params: { namespace_id: project.namespace.to_param, project_id: project }
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
    context 'when the user has maintainer rights' do
      before do
        project.add_maintainer(user)