From 893b1eb1d3290a662a01188d2055798778bc442a Mon Sep 17 00:00:00 2001
From: Valery Sizov <valery@gitlab.com>
Date: Mon, 22 May 2017 19:51:09 +0300
Subject: [PATCH] Fix: Wiki is not searchable with Guest permissions

---
 app/services/search_service.rb       |  2 +-
 app/views/search/_category.html.haml | 77 +++++++++++++++-------------
 spec/services/search_service_spec.rb |  9 ++++
 3 files changed, 52 insertions(+), 36 deletions(-)

diff --git a/app/services/search_service.rb b/app/services/search_service.rb
index 22736c71725..1d4d03a8b7d 100644
--- a/app/services/search_service.rb
+++ b/app/services/search_service.rb
@@ -12,7 +12,7 @@ class SearchService
     @project =
       if params[:project_id].present?
         the_project = Project.find_by(id: params[:project_id])
-        can?(current_user, :download_code, the_project) ? the_project : nil
+        can?(current_user, :read_project, the_project) ? the_project : nil
       else
         nil
       end
diff --git a/app/views/search/_category.html.haml b/app/views/search/_category.html.haml
index 059a0d1ac78..7ec4aa9998f 100644
--- a/app/views/search/_category.html.haml
+++ b/app/views/search/_category.html.haml
@@ -3,41 +3,48 @@
   .fade-right= icon('angle-right')
   %ul.nav-links.search-filter.scrolling-tabs
     - if @project
-      %li{ class: active_when(@scope == 'blobs') }
-        = link_to search_filter_path(scope: 'blobs') do
-          Code
-          %span.badge
-            = @search_results.blobs_count
-      %li{ class: active_when(@scope == 'issues') }
-        = link_to search_filter_path(scope: 'issues') do
-          Issues
-          %span.badge
-            = @search_results.issues_count
-      %li{ class: active_when(@scope == 'merge_requests') }
-        = link_to search_filter_path(scope: 'merge_requests') do
-          Merge requests
-          %span.badge
-            = @search_results.merge_requests_count
-      %li{ class: active_when(@scope == 'milestones') }
-        = link_to search_filter_path(scope: 'milestones') do
-          Milestones
-          %span.badge
-            = @search_results.milestones_count
-      %li{ class: active_when(@scope == 'notes') }
-        = link_to search_filter_path(scope: 'notes') do
-          Comments
-          %span.badge
-            = @search_results.notes_count
-      %li{ class: active_when(@scope == 'wiki_blobs') }
-        = link_to search_filter_path(scope: 'wiki_blobs') do
-          Wiki
-          %span.badge
-            = @search_results.wiki_blobs_count
-      %li{ class: active_when(@scope == 'commits') }
-        = link_to search_filter_path(scope: 'commits') do
-          Commits
-          %span.badge
-            = @search_results.commits_count
+      - if can?(current_user, :download_code, @project)
+        %li{ class: active_when(@scope == 'blobs') }
+          = link_to search_filter_path(scope: 'blobs') do
+            Code
+            %span.badge
+              = @search_results.blobs_count
+      - if can?(current_user, :read_issue, @project)
+        %li{ class: active_when(@scope == 'issues') }
+          = link_to search_filter_path(scope: 'issues') do
+            Issues
+            %span.badge
+              = @search_results.issues_count
+      - if can?(current_user, :read_merge_request, @project)
+        %li{ class: active_when(@scope == 'merge_requests') }
+          = link_to search_filter_path(scope: 'merge_requests') do
+            Merge requests
+            %span.badge
+              = @search_results.merge_requests_count
+      - if can?(current_user, :read_milestone, @project)
+        %li{ class: active_when(@scope == 'milestones') }
+          = link_to search_filter_path(scope: 'milestones') do
+            Milestones
+            %span.badge
+              = @search_results.milestones_count
+      - if can?(current_user, :read_merge_request, @project) || can?(current_user, :read_issue, @project)
+        %li{ class: active_when(@scope == 'notes') }
+          = link_to search_filter_path(scope: 'notes') do
+            Comments
+            %span.badge
+              = @search_results.notes_count
+      - if can?(current_user, :read_wiki, @project)
+        %li{ class: active_when(@scope == 'wiki_blobs') }
+          = link_to search_filter_path(scope: 'wiki_blobs') do
+            Wiki
+            %span.badge
+              = @search_results.wiki_blobs_count
+      - if can?(current_user, :download_code, @project)
+        %li{ class: active_when(@scope == 'commits') }
+          = link_to search_filter_path(scope: 'commits') do
+            Commits
+            %span.badge
+              = @search_results.commits_count
 
     - elsif @show_snippets
       %li{ class: active_when(@scope == 'snippet_blobs') }
diff --git a/spec/services/search_service_spec.rb b/spec/services/search_service_spec.rb
index 2112f1cf9ea..694124a8be3 100644
--- a/spec/services/search_service_spec.rb
+++ b/spec/services/search_service_spec.rb
@@ -26,6 +26,15 @@ describe SearchService, services: true do
 
         expect(project).to eq accessible_project
       end
+
+      it 'returns the project for guests' do
+        search_project = create :empty_project
+        search_project.team << [user, :guest]
+
+        project = SearchService.new(user, project_id: search_project.id).project
+
+        expect(project).to eq search_project
+      end
     end
 
     context 'when the project is not accessible' do
-- 
2.30.9