diff --git a/app/models/ci/catalog/listing.rb b/app/models/ci/catalog/listing.rb
index 7a50a8ea94ac5a198e75e01296d3435480184805..3b1edac7b62b3c584f05e70476d22aa98b1637f4 100644
--- a/app/models/ci/catalog/listing.rb
+++ b/app/models/ci/catalog/listing.rb
@@ -60,7 +60,7 @@ def by_search(relation, search)
def by_scope(relation, scope)
if scope == :namespaces && Feature.enabled?(:ci_guard_for_catalog_resource_scope, current_user)
- relation.merge(Project.public_and_internal_only.visible_to_user(current_user))
+ relation.merge(Project.visible_to_user(current_user))
else
relation.merge(Project.public_or_visible_to_user(current_user))
end
diff --git a/spec/graphql/resolvers/ci/catalog/resources_resolver_spec.rb b/spec/graphql/resolvers/ci/catalog/resources_resolver_spec.rb
index 224af664ea1d8a780eccc908845bd4ff7eb3e8ef..a55724b5611ff40802ab62f3aeac0a6619a298ef 100644
--- a/spec/graphql/resolvers/ci/catalog/resources_resolver_spec.rb
+++ b/spec/graphql/resolvers/ci/catalog/resources_resolver_spec.rb
@@ -12,7 +12,7 @@
create(:project, :public, name: 'public', description: 'Test', namespace: namespace)
end
- let_it_be(:internal_project) { create(:project, :internal, :private, name: 'internal') }
+ let_it_be(:internal_project) { create(:project, :internal, name: 'internal') }
let_it_be(:private_resource) { create(:ci_catalog_resource, :published, project: private_namespace_project) }
let_it_be(:private_resource_2) { create(:ci_catalog_resource, project: private_namespace_project_2) }
let_it_be(:public_resource) { create(:ci_catalog_resource, :published, project: public_namespace_project) }
@@ -40,7 +40,7 @@
context 'with an authorized user' do
before_all do
namespace.add_reporter(user)
- internal_project.add_owner(user)
+ internal_project.add_reporter(user)
end
context 'when the project path argument is provided' do
@@ -83,13 +83,14 @@
context 'when the scope argument is :namespaces' do
let(:scope) { 'NAMESPACES' }
- it 'returns only internal and public projects of the namespaces the user is a member of' do
+ it 'returns projects of the namespaces the user is a member of' do
namespace = create(:namespace, owner: user)
internal_public_project = create(:project, :internal, name: 'internal public', namespace: namespace)
create(:ci_catalog_resource, :published, project: internal_public_project)
- expect(result.items.count).to be(2)
- expect(result.items.pluck(:name)).to contain_exactly('public', 'internal public')
+ expect(result.items.count).to be(4)
+ expect(result.items.pluck(:name)).to contain_exactly('public', 'internal public', 'internal',
+ 'z private test')
end
end
@@ -115,7 +116,9 @@
end
end
- context 'when the current user cannot read the namespace catalog' do
+ context 'when the user is anonymous' do
+ let_it_be(:user) { nil }
+
it 'returns only public projects' do
expect(result.items.count).to be(1)
expect(result.items.pluck(:name)).to contain_exactly('public')
diff --git a/spec/models/ci/catalog/listing_spec.rb b/spec/models/ci/catalog/listing_spec.rb
index 75188232dba003dce92735e4012644f9b1207954..2d20acd4091687e8dcda7d534d70dc4d68735e05 100644
--- a/spec/models/ci/catalog/listing_spec.rb
+++ b/spec/models/ci/catalog/listing_spec.rb
@@ -76,7 +76,8 @@
context 'when the `ci_guard_query_for_catalog_resource_scope` ff is enabled' do
it "returns the catalog resources belonging to the user's authorized namespaces" do
- is_expected.to contain_exactly(public_resource_a, public_resource_b, internal_resource)
+ is_expected.to contain_exactly(public_resource_a, public_resource_b, internal_resource,
+ private_namespace_resource)
end
end