Add current_user check in events api

The API returns a 500 error when scope is supplied and current_user
is not present. This is because a user's projects are used in the
query that returns all events.

This change adds a check to confirm that current_user is provided
before trying to run the query when scope is passed

app/finders/events_finder.rb

@@ -43,16 +43,17 @@ class EventsFinder
     events = sort(events)
 
     events = events.with_associations if params[:with_associations]
-
     paginated_filtered_by_user_visibility(events)
   end
 
   private
 
   def get_events
-    return EventCollection.new(current_user.authorized_projects).all_project_events if scope == 'all'
-
-    source.events
+    if current_user && scope == 'all'
+      EventCollection.new(current_user.authorized_projects).all_project_events
+    else
+      source.events
+    end
   end
 
   # rubocop: disable CodeReuse/ActiveRecord

changelogs/unreleased/18999-add-current-user-check-to-events-api.yml

+---
+title: Authenticate user when scope is passed to events api
+merge_request: 22956
+author: briankabiro
+type: fixed

spec/requests/api/events_spec.rb

@@ -171,6 +171,18 @@ describe API::Events do
           expect(json_response[0]['target_id']).to eq(closed_issue.id)
         end
       end
+
+      context 'when scope is passed' do
+        context 'when unauthenticated' do
+          it 'returns no user events' do
+            get api("/users/#{user.username}/events?scope=all")
+
+            expect(response).to have_gitlab_http_status(200)
+            expect(json_response).to be_an Array
+            expect(json_response.size).to eq(0)
+          end
+        end
+      end
     end
 
     it 'returns a 404 error if not found' do