Check nil before checking connection

When the field is a connection using a resolver but the resolved type is
nil, the connection field logic tries to call `object` on `nil` and
throws a NoMethodError. By checking if the resolved type is nil first,
we avoid this issue.

https://gitlab.com/gitlab-org/gitlab/-/issues/214047

lib/gitlab/graphql/authorize/authorize_field_service.rb

@@ -70,7 +70,10 @@ module Gitlab
         end
 
         def filter_allowed(current_user, resolved_type, authorizing_object)
-          if authorizing_object
+          if resolved_type.nil?
+            # We're not rendering anything, for example when a record was not found
+            # no need to do anything
+          elsif authorizing_object
             # Authorizing fields representing scalars, or a simple field with an object
             resolved_type if allowed_access?(current_user, authorizing_object)
           elsif @field.connection?
@@ -83,9 +86,6 @@ module Gitlab
             resolved_type.select do |single_object_type|
               allowed_access?(current_user, single_object_type.object)
             end
-          elsif resolved_type.nil?
-            # We're not rendering anything, for example when a record was not found
-            # no need to do anything
           else
             raise "Can't authorize #{@field}"
           end

spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb

@@ -84,6 +84,16 @@ describe Gitlab::Graphql::Authorize::AuthorizeFieldService do
       end
     end
 
+    context 'when the field is a connection' do
+      context 'when it resolves to nil' do
+        let(:field) { type_with_field(Types::QueryType.connection_type, :read_field, nil).fields['testField'].to_graphql }
+
+        it 'does not fail when authorizing' do
+          expect(resolved).to be_nil
+        end
+      end
+    end
+
     context 'when the field is a specific type' do
       let(:custom_type) { type(:read_type) }
       let(:object_in_field) { double('presented in field') }