Merge branch 'fix-merge-train-graphql-nre' into 'master'

Fix NRE when logged out and reading merge trains via GraphQL See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/167410 Merged-by: Lee Tickett <ltickett@gitlab.com> Approved-by: Niklas van Schrick <mc.taucher2003@gmail.com> Approved-by: Stan Hu <stanhu@gmail.com> Reviewed-by: Niklas van Schrick <mc.taucher2003@gmail.com>

Merge branch 'fix-merge-train-graphql-nre' into 'master'
a5f367fe · Lee Tickett · GitLab · 3cbdbadc · 0d21ab17 · a5f367fe
--- a/ee/app/graphql/resolvers/merge_trains/trains_resolver.rb
+++ b/ee/app/graphql/resolvers/merge_trains/trains_resolver.rb
@@ -33,7 +33,7 @@ def merge_trains_available?
      end

      def authorize!
-        current_user.can?(:read_merge_train, project) || raise_resource_not_available_error!
+        Ability.allowed?(current_user, :read_merge_train, project) || raise_resource_not_available_error!
      end
    end
  end

--- a/ee/spec/requests/api/graphql/merge_trains/trains_spec.rb
+++ b/ee/spec/requests/api/graphql/merge_trains/trains_spec.rb
@@ -6,7 +6,8 @@
  include GraphqlHelpers
  include MergeTrainsHelpers

-  let_it_be(:target_project) { create(:project, :repository) }
+  let_it_be(:private_project) { create(:project, :repository) }
+  let(:target_project) { private_project }
  let(:car_fields) do
    <<~QUERY
      nodes {
@@ -66,16 +67,16 @@
  end

  before_all do
-    target_project.ci_cd_settings.update!(merge_trains_enabled: true)
-    target_project.add_reporter(reporter)
-    target_project.add_guest(guest)
-    target_project.add_maintainer(maintainer)
-    create_merge_request_on_train(project: target_project, author: maintainer)
-    create_merge_request_on_train(project: target_project, source_branch: 'branch-1', author: maintainer)
-    create_merge_request_on_train(project: target_project, source_branch: 'branch-2', status: :merged,
+    private_project.ci_cd_settings.update!(merge_trains_enabled: true)
+    private_project.add_reporter(reporter)
+    private_project.add_guest(guest)
+    private_project.add_maintainer(maintainer)
+    create_merge_request_on_train(project: private_project, author: maintainer)
+    create_merge_request_on_train(project: private_project, source_branch: 'branch-1', author: maintainer)
+    create_merge_request_on_train(project: private_project, source_branch: 'branch-2', status: :merged,
      author: maintainer)
-    create_merge_request_on_train(project: target_project, target_branch: 'feature-1', author: maintainer)
-    create_merge_request_on_train(project: target_project, target_branch: 'feature-2', status: :merged,
+    create_merge_request_on_train(project: private_project, target_branch: 'feature-1', author: maintainer)
+    create_merge_request_on_train(project: private_project, target_branch: 'feature-2', status: :merged,
      author: maintainer)
    create(:merge_train_car, target_project: create(:project), target_branch: 'master')
  end
@@ -108,6 +109,7 @@

    it 'returns a resource not available error' do
      post_query
+
      expect_graphql_errors_to_include(
        "The resource that you are attempting to access does not exist " \
          "or you don't have permission to perform this action"
@@ -130,6 +132,50 @@
    end
  end

+  context 'when logged out' do
+    let(:user) { nil }
+
+    context 'with a public project' do
+      let_it_be(:public_project) { create(:project, :public) }
+      let(:target_project) { public_project }
+
+      before_all do
+        public_project.ci_cd_settings.update!(merge_trains_enabled: true)
+        create_merge_request_on_train(project: public_project, author: maintainer)
+        create_merge_request_on_train(project: public_project, target_branch: 'feature-1', author: maintainer)
+      end
+
+      it_behaves_like 'fetches the requested trains' do
+        let(:expected_branches) { %w[master feature-1] }
+
+        before do
+          public_project.project_feature.update!(merge_requests_access_level: ProjectFeature::ENABLED)
+        end
+      end
+
+      context 'when merge request access level is PRIVATE' do
+        it 'returns a resource not available error' do
+          public_project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE)
+
+          post_query
+
+          expect_graphql_errors_to_include(
+            "The resource that you are attempting to access does not exist " \
+              "or you don't have permission to perform this action"
+          )
+        end
+      end
+    end
+
+    context 'with a private project' do
+      it 'returns nil for project' do
+        post_query
+
+        expect(graphql_data_at(:project)).to be_nil
+      end
+    end
+  end
+
  context 'when the user has the right permissions' do
    context 'when only the project is provided' do
      it_behaves_like 'fetches the requested trains' do