Allow organization owners to view explore dependency list page

ee/app/policies/ee/organizations/organization_policy.rb

@@ -15,8 +15,8 @@ module OrganizationPolicy
           License.feature_available?(:license_scanning)
         end
 
-        rule { admin & dependency_scanning_enabled }.enable :read_dependency
-        rule { admin & license_scanning_enabled }.enable :read_licenses
+        rule { (admin | organization_owner) & dependency_scanning_enabled }.enable :read_dependency
+        rule { (admin | organization_owner) & license_scanning_enabled }.enable :read_licenses
       end
     end
   end

ee/spec/policies/organizations/organization_policy_spec.rb

@@ -8,41 +8,30 @@
 
   subject(:policy) { described_class.new(current_user, organization) }
 
+  RSpec.shared_context 'with licensed features' do |features|
+    before do
+      stub_licensed_features(features)
+    end
+  end
+
   context 'when the user is an admin' do
     let_it_be(:current_user) { create(:user, :admin) }
 
     context 'when admin mode is enabled', :enable_admin_mode do
       context 'when dependency scanning is enabled' do
-        before do
-          stub_licensed_features(dependency_scanning: true)
-        end
+        include_context 'with licensed features', dependency_scanning: true
 
         it { is_expected.to be_allowed(:read_dependency) }
       end
 
-      context 'when dependency scanning is disabled' do
-        before do
-          stub_licensed_features(dependency_scanning: false)
-        end
-
-        it { is_expected.to be_disallowed(:read_dependency) }
-      end
-
       context 'when license scanning is enabled' do
-        before do
-          stub_licensed_features(license_scanning: true)
-        end
+        include_context 'with licensed features', license_scanning: true
 
         it { is_expected.to be_allowed(:read_licenses) }
       end
 
-      context 'when license scanning is disabled' do
-        before do
-          stub_licensed_features(license_scanning: false)
-        end
-
-        it { is_expected.to be_disallowed(:read_licenses) }
-      end
+      it { is_expected.to be_disallowed(:read_dependency) }
+      it { is_expected.to be_disallowed(:read_licenses) }
     end
 
     context 'when admin mode is disabled' do
@@ -50,4 +39,49 @@
       it { is_expected.to be_disallowed(:read_licenses) }
     end
   end
+
+  context 'when the user is an organization owner' do
+    let_it_be(:organization_user) { create(:organization_user, :owner, organization: organization, user: current_user) }
+
+    context 'when dependency scanning is enabled' do
+      include_context 'with licensed features', dependency_scanning: true
+
+      it { is_expected.to be_allowed(:read_dependency) }
+    end
+
+    context 'when license scanning is enabled' do
+      include_context 'with licensed features', license_scanning: true
+
+      it { is_expected.to be_allowed(:read_licenses) }
+    end
+
+    it { is_expected.to be_disallowed(:read_dependency) }
+    it { is_expected.to be_disallowed(:read_licenses) }
+  end
+
+  context 'when the user is an organization guest' do
+    let_it_be(:organization_user) do
+      create(:organization_user, organization: organization, user: current_user, access_level: :default)
+    end
+
+    context 'when dependency scanning is enabled' do
+      include_context 'with licensed features', dependency_scanning: true
+
+      it { is_expected.to be_disallowed(:read_dependency) }
+    end
+
+    context 'when license scanning is enabled' do
+      include_context 'with licensed features', license_scanning: true
+
+      it { is_expected.to be_disallowed(:read_licenses) }
+    end
+
+    it { is_expected.to be_disallowed(:read_dependency) }
+    it { is_expected.to be_disallowed(:read_licenses) }
+  end
+
+  context 'when the user is not a member of the organization' do
+    it { is_expected.to be_disallowed(:read_dependency) }
+    it { is_expected.to be_disallowed(:read_licenses) }
+  end
 end