Merge branch '208723-license-compliance-permissions' into 'master'

Authorize access to  view license scan reports

See merge request gitlab-org/gitlab!34324

ee/app/controllers/ee/projects/merge_requests_controller.rb

@@ -17,6 +17,7 @@ module EE
         before_action :whitelist_query_limiting_ee_merge, only: [:merge]
         before_action :whitelist_query_limiting_ee_show, only: [:show]
         before_action :authorize_read_pipeline!, only: [:container_scanning_reports, :dependency_scanning_reports,
+                                                        :license_scanning_reports,
                                                         :sast_reports, :secret_detection_reports, :dast_reports, :metrics_reports]
       end
 

ee/changelogs/unreleased/208723-license-compliance-permissions.yml

+---
+title: 'Authorize access to view license scan reports'
+merge_request: 34324
+author:
+type: fixed

ee/spec/controllers/projects/merge_requests_controller_spec.rb

@@ -784,7 +784,7 @@ RSpec.describe Projects::MergeRequestsController do
 
     before do
       allow_any_instance_of(::MergeRequest).to receive(:compare_reports)
-        .with(::Ci::CompareLicenseScanningReportsService, project.users.first).and_return(comparison_status)
+        .with(::Ci::CompareLicenseScanningReportsService, viewer).and_return(comparison_status)
     end
 
     context 'when comparison is being processed' do
@@ -836,6 +836,10 @@ RSpec.describe Projects::MergeRequestsController do
         expect(json_response).to eq({ 'status_reason' => 'Failed to parse license scanning reports' })
       end
     end
+
+    context "when authorizing access to license scan reports" do
+      it_behaves_like 'authorize read pipeline'
+    end
   end
 
   describe 'GET #metrics_reports' do