Fix 500 error when accessing roadmaps for a group user has no access to

This changes fixes the 500 error when accessing the roadmaps page for a group the user has no access to - like when not logged in, or if the user is not a member of that private group.

Fix 500 error when accessing roadmaps for a group user has no access to
This changes fixes the 500 error when accessing the roadmaps page for a group the user has no access to - like when not logged in, or if the user is not a member of that private group.
90bb7820 · manojmj · 749bc8b2 · 90bb7820 · 90bb7820 · 90bb7820
Commit 90bb7820 authored Jan 29, 2020 by manojmj
3 changed files
--- a/ee/app/controllers/groups/roadmap_controller.rb
+++ b/ee/app/controllers/groups/roadmap_controller.rb
@@ -8,7 +8,6 @@ module Groups
    EPICS_ROADMAP_LIMIT = 1000

    before_action :check_epics_available!
-    before_action :group
    before_action :persist_roadmap_layout, only: [:show]
    before_action do
      push_frontend_feature_flag(:roadmap_graphql, @group)

--- a/ee/changelogs/unreleased/199473-nomethoderror-undefined-method-feature_available-for-nil-nilcla.yml
+++ b/ee/changelogs/unreleased/199473-nomethoderror-undefined-method-feature_available-for-nil-nilcla.yml
+---
+title: Fix 500 error when browsing the roadmap page for a group the user is not authorized
+  to view
+merge_request: 24002
+author:
+type: fixed
--- a/ee/spec/controllers/groups/roadmap_controller_spec.rb
+++ b/ee/spec/controllers/groups/roadmap_controller_spec.rb
@@ -7,68 +7,98 @@ describe Groups::RoadmapController do
  let(:user)  { create(:user) }

  describe '#show' do
-    before do
-      sign_in(user)
-      group.add_developer(user)
-    end
-
-    context 'when epics feature is disabled' do
-      it "returns 404 status" do
-        get :show, params: { group_id: group }
+    context 'when the user is signed in' do
+      shared_examples_for 'returns 404 status' do
+        it do
+          get :show, params: { group_id: group }

-        expect(response).to have_gitlab_http_status(404)
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
      end
-    end

-    context 'when epics feature is enabled' do
      before do
-        stub_licensed_features(epics: true)
+        sign_in(user)
      end

-      it "returns 200 status" do
-        get :show, params: { group_id: group }
+      context 'when the user has access to the group' do
+        before do
+          group.add_developer(user)
+        end

-        expect(response).to have_gitlab_http_status(200)
-      end
+        context 'when epics feature is disabled' do
+          it_behaves_like 'returns 404 status'
+        end

-      context 'when there is no logged user' do
-        it 'stores epics sorting param in a cookie' do
-          group.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
-          sign_out(user)
+        context 'when epics feature is enabled' do
+          before do
+            stub_licensed_features(epics: true)
+          end

-          get :show, params: { group_id: group, sort: 'start_date_asc' }
+          it 'returns 200 status' do
+            get :show, params: { group_id: group }

-          expect(cookies['roadmap_sort']).to eq('start_date_asc')
-          expect(response).to have_gitlab_http_status(200)
-        end
-      end
+            expect(response).to have_gitlab_http_status(:ok)
+          end

-      context 'when there is a user logged in' do
-        context 'when roadmaps_sort is nil' do
-          it 'stores roadmaps sorting param in user preference' do
-            get :show, params: { group_id: group, sort: 'start_date_asc' }
+          context 'when roadmaps_sort is nil' do
+            it 'stores roadmaps sorting param in user preference' do
+              get :show, params: { group_id: group, sort: 'start_date_asc' }
+
+              expect(response).to have_gitlab_http_status(:ok)
+              expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
+            end

-            expect(response).to have_gitlab_http_status(200)
-            expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
+            it 'defaults to sort_value_start_date_soon' do
+              user.user_preference.update(roadmaps_sort: nil)
+
+              get :show, params: { group_id: group }
+
+              expect(assigns(:sort)).to eq('start_date_asc')
+            end
          end

-          it 'defaults to sort_value_start_date_soon' do
-            user.user_preference.update(roadmaps_sort: nil)
+          context 'when roadmaps_sort is present' do
+            it 'update roadmaps_sort with current value' do
+              user.user_preference.update(roadmaps_sort: 'created_desc')
+
+              get :show, params: { group_id: group, sort: 'start_date_asc' }
+
+              expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
+              expect(response).to have_gitlab_http_status(:ok)
+            end
+          end
+        end
+      end

+      context 'when the user does not have access to the group' do
+        it_behaves_like 'returns 404 status'
+      end
+    end
+
+    context 'when user is not signed in' do
+      context 'when epics feature is enabled' do
+        before do
+          stub_licensed_features(epics: true)
+        end
+
+        context 'when anonymous users does not have access to the group' do
+          it 'redirects to login page' do
            get :show, params: { group_id: group }

-            expect(assigns(:sort)).to eq('start_date_asc')
+            expect(response).to redirect_to(new_user_session_path)
          end
        end

-        context 'when roadmaps_sort is present' do
-          it 'update roadmaps_sort with current value' do
-            user.user_preference.update(roadmaps_sort: 'created_desc')
+        context 'when anonymous users have access to the group' do
+          before do
+            group.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+          end

+          it 'stores epics sorting param in a cookie' do
            get :show, params: { group_id: group, sort: 'start_date_asc' }

-            expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
-            expect(response).to have_gitlab_http_status(200)
+            expect(cookies['roadmap_sort']).to eq('start_date_asc')
+            expect(response).to have_gitlab_http_status(:ok)
          end
        end
      end