Fix 500 error when accessing roadmaps for a group user has no access to

This changes fixes the 500 error when accessing the roadmaps page for a group the user has no access to - like when not logged in, or if the user is not a member of that private group.

Fix 500 error when accessing roadmaps for a group user has no access to
This changes fixes the 500 error when accessing the roadmaps page for a group the user has no access to - like when not logged in, or if the user is not a member of that private group.
90bb7820 · manojmj · 749bc8b2 · 90bb7820 · 90bb7820 · 90bb7820
Commit 90bb7820 authored Jan 29, 2020 by manojmj
3 changed files
--- a/ee/app/controllers/groups/roadmap_controller.rb
+++ b/ee/app/controllers/groups/roadmap_controller.rb
@@ -8,7 +8,6 @@ module Groups
    EPICS_ROADMAP_LIMIT = 1000

    before_action :check_epics_available!
-    before_action :group
    before_action :persist_roadmap_layout, only: [:show]
    before_action do
      push_frontend_feature_flag(:roadmap_graphql, @group)

--- a/ee/changelogs/unreleased/199473-nomethoderror-undefined-method-feature_available-for-nil-nilcla.yml
+++ b/ee/changelogs/unreleased/199473-nomethoderror-undefined-method-feature_available-for-nil-nilcla.yml
+---
+title: Fix 500 error when browsing the roadmap page for a group the user is not authorized
+  to view
+merge_request: 24002
+author:
+type: fixed
--- a/ee/spec/controllers/groups/roadmap_controller_spec.rb
+++ b/ee/spec/controllers/groups/roadmap_controller_spec.rb
@@ -7,17 +7,26 @@ describe Groups::RoadmapController do
  let(:user)  { create(:user) }

  describe '#show' do
+    context 'when the user is signed in' do
+      shared_examples_for 'returns 404 status' do
+        it do
+          get :show, params: { group_id: group }
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
      before do
        sign_in(user)
+      end
+
+      context 'when the user has access to the group' do
+        before do
          group.add_developer(user)
        end

        context 'when epics feature is disabled' do
-      it "returns 404 status" do
-        get :show, params: { group_id: group }
-
-        expect(response).to have_gitlab_http_status(404)
-      end
+          it_behaves_like 'returns 404 status'
        end

        context 'when epics feature is enabled' do
@@ -25,30 +34,17 @@ describe Groups::RoadmapController do
            stub_licensed_features(epics: true)
          end

-      it "returns 200 status" do
+          it 'returns 200 status' do
            get :show, params: { group_id: group }

-        expect(response).to have_gitlab_http_status(200)
+            expect(response).to have_gitlab_http_status(:ok)
          end

-      context 'when there is no logged user' do
-        it 'stores epics sorting param in a cookie' do
-          group.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
-          sign_out(user)
-
-          get :show, params: { group_id: group, sort: 'start_date_asc' }
-
-          expect(cookies['roadmap_sort']).to eq('start_date_asc')
-          expect(response).to have_gitlab_http_status(200)
-        end
-      end
-
-      context 'when there is a user logged in' do
          context 'when roadmaps_sort is nil' do
            it 'stores roadmaps sorting param in user preference' do
              get :show, params: { group_id: group, sort: 'start_date_asc' }

-            expect(response).to have_gitlab_http_status(200)
+              expect(response).to have_gitlab_http_status(:ok)
              expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
            end

@@ -68,7 +64,41 @@ describe Groups::RoadmapController do
              get :show, params: { group_id: group, sort: 'start_date_asc' }

              expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
-            expect(response).to have_gitlab_http_status(200)
+              expect(response).to have_gitlab_http_status(:ok)
+            end
+          end
+        end
+      end
+
+      context 'when the user does not have access to the group' do
+        it_behaves_like 'returns 404 status'
+      end
+    end
+
+    context 'when user is not signed in' do
+      context 'when epics feature is enabled' do
+        before do
+          stub_licensed_features(epics: true)
+        end
+
+        context 'when anonymous users does not have access to the group' do
+          it 'redirects to login page' do
+            get :show, params: { group_id: group }
+
+            expect(response).to redirect_to(new_user_session_path)
+          end
+        end
+
+        context 'when anonymous users have access to the group' do
+          before do
+            group.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+          end
+
+          it 'stores epics sorting param in a cookie' do
+            get :show, params: { group_id: group, sort: 'start_date_asc' }
+
+            expect(cookies['roadmap_sort']).to eq('start_date_asc')
+            expect(response).to have_gitlab_http_status(:ok)
          end
        end
      end