Merge branch...

Merge branch '199473-nomethoderror-undefined-method-feature_available-for-nil-nilclass' into 'master'

Fix 500 error when browsing the roadmap page for a group the user is not authorized to view

Closes #199473

See merge request gitlab-org/gitlab!24002

ee/app/controllers/groups/roadmap_controller.rb

@@ -8,7 +8,6 @@ module Groups
     EPICS_ROADMAP_LIMIT = 1000
 
     before_action :check_epics_available!
-    before_action :group
     before_action :persist_roadmap_layout, only: [:show]
     before_action do
       push_frontend_feature_flag(:roadmap_graphql, @group)

ee/changelogs/unreleased/199473-nomethoderror-undefined-method-feature_available-for-nil-nilcla.yml

+---
+title: Fix 500 error when browsing the roadmap page for a group the user is not authorized
+  to view
+merge_request: 24002
+author:
+type: fixed

ee/spec/controllers/groups/roadmap_controller_spec.rb

@@ -7,68 +7,98 @@ describe Groups::RoadmapController do
   let(:user)  { create(:user) }
 
   describe '#show' do
-    before do
-      sign_in(user)
-      group.add_developer(user)
-    end
-
-    context 'when epics feature is disabled' do
-      it "returns 404 status" do
-        get :show, params: { group_id: group }
+    context 'when the user is signed in' do
+      shared_examples_for 'returns 404 status' do
+        it do
+          get :show, params: { group_id: group }
 
-        expect(response).to have_gitlab_http_status(404)
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
       end
-    end
 
-    context 'when epics feature is enabled' do
       before do
-        stub_licensed_features(epics: true)
+        sign_in(user)
       end
 
-      it "returns 200 status" do
-        get :show, params: { group_id: group }
+      context 'when the user has access to the group' do
+        before do
+          group.add_developer(user)
+        end
 
-        expect(response).to have_gitlab_http_status(200)
-      end
+        context 'when epics feature is disabled' do
+          it_behaves_like 'returns 404 status'
+        end
 
-      context 'when there is no logged user' do
-        it 'stores epics sorting param in a cookie' do
-          group.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
-          sign_out(user)
+        context 'when epics feature is enabled' do
+          before do
+            stub_licensed_features(epics: true)
+          end
 
-          get :show, params: { group_id: group, sort: 'start_date_asc' }
+          it 'returns 200 status' do
+            get :show, params: { group_id: group }
 
-          expect(cookies['roadmap_sort']).to eq('start_date_asc')
-          expect(response).to have_gitlab_http_status(200)
-        end
-      end
+            expect(response).to have_gitlab_http_status(:ok)
+          end
 
-      context 'when there is a user logged in' do
-        context 'when roadmaps_sort is nil' do
-          it 'stores roadmaps sorting param in user preference' do
-            get :show, params: { group_id: group, sort: 'start_date_asc' }
+          context 'when roadmaps_sort is nil' do
+            it 'stores roadmaps sorting param in user preference' do
+              get :show, params: { group_id: group, sort: 'start_date_asc' }
+
+              expect(response).to have_gitlab_http_status(:ok)
+              expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
+            end
 
-            expect(response).to have_gitlab_http_status(200)
-            expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
+            it 'defaults to sort_value_start_date_soon' do
+              user.user_preference.update(roadmaps_sort: nil)
+
+              get :show, params: { group_id: group }
+
+              expect(assigns(:sort)).to eq('start_date_asc')
+            end
           end
 
-          it 'defaults to sort_value_start_date_soon' do
-            user.user_preference.update(roadmaps_sort: nil)
+          context 'when roadmaps_sort is present' do
+            it 'update roadmaps_sort with current value' do
+              user.user_preference.update(roadmaps_sort: 'created_desc')
+
+              get :show, params: { group_id: group, sort: 'start_date_asc' }
+
+              expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
+              expect(response).to have_gitlab_http_status(:ok)
+            end
+          end
+        end
+      end
 
+      context 'when the user does not have access to the group' do
+        it_behaves_like 'returns 404 status'
+      end
+    end
+
+    context 'when user is not signed in' do
+      context 'when epics feature is enabled' do
+        before do
+          stub_licensed_features(epics: true)
+        end
+
+        context 'when anonymous users does not have access to the group' do
+          it 'redirects to login page' do
             get :show, params: { group_id: group }
 
-            expect(assigns(:sort)).to eq('start_date_asc')
+            expect(response).to redirect_to(new_user_session_path)
           end
         end
 
-        context 'when roadmaps_sort is present' do
-          it 'update roadmaps_sort with current value' do
-            user.user_preference.update(roadmaps_sort: 'created_desc')
+        context 'when anonymous users have access to the group' do
+          before do
+            group.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+          end
 
+          it 'stores epics sorting param in a cookie' do
             get :show, params: { group_id: group, sort: 'start_date_asc' }
 
-            expect(user.reload.user_preference.roadmaps_sort).to eq('start_date_asc')
-            expect(response).to have_gitlab_http_status(200)
+            expect(cookies['roadmap_sort']).to eq('start_date_asc')
+            expect(response).to have_gitlab_http_status(:ok)
           end
         end
       end