Broaden access scope for Version API

Requiring the api scope for accessing the version seems excessive.
The docs state that it "Responds 200 OK for authenticated users."

See https://gitlab.com/gitlab-org/gitlab/issues/198483

changelogs/unreleased/broaden-access-scope-for-version-api.yml

+---
+title: Allow access to /version API endpoint with read_user scope
+merge_request: 25211
+author:
+type: changed

lib/api/version.rb

@@ -3,6 +3,9 @@
 module API
   class Version < Grape::API
     helpers ::API::Helpers::GraphqlHelpers
+    include APIGuard
+
+    allow_access_with_scope :read_user, if: -> (request) { request.get? }
 
     before { authenticate! }
 

spec/requests/api/version_spec.rb

@@ -12,17 +12,55 @@ describe API::Version do
       end
     end
 
-    context 'when authenticated' do
+    context 'when authenticated as user' do
       let(:user) { create(:user) }
 
       it 'returns the version information' do
         get api('/version', user)
 
-        expect(response).to have_gitlab_http_status(200)
-        expect(json_response['version']).to eq(Gitlab::VERSION)
-        expect(json_response['revision']).to eq(Gitlab.revision)
+        expect_version
       end
     end
+
+    context 'when authenticated with token' do
+      let(:personal_access_token) { create(:personal_access_token, scopes: scopes) }
+
+      context 'with api scope' do
+        let(:scopes) { %i(api) }
+
+        it 'returns the version information' do
+          get api('/version', personal_access_token: personal_access_token)
+
+          expect_version
+        end
+      end
+
+      context 'with read_user scope' do
+        let(:scopes) { %i(read_user) }
+
+        it 'returns the version information' do
+          get api('/version', personal_access_token: personal_access_token)
+
+          expect_version
+        end
+      end
+
+      context 'with neither api nor read_user scope' do
+        let(:scopes) { %i(read_repository) }
+
+        it 'returns authorization error' do
+          get api('/version', personal_access_token: personal_access_token)
+
+          expect(response).to have_gitlab_http_status(403)
+        end
+      end
+    end
+
+    def expect_version
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response['version']).to eq(Gitlab::VERSION)
+      expect(json_response['revision']).to eq(Gitlab.revision)
+    end
   end
 
   context 'with graphql enabled' do