Merge branch 'fp-fix-catalog-resource-anonymous-access' into 'master'

Fix 500 error when accessing resources as anonymous user See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138527 Merged-by: Avielle Wolfe <awolfe@gitlab.com> Approved-by: Kasia Misirli <kmisirli@gitlab.com> Approved-by: Avielle Wolfe <awolfe@gitlab.com> Reviewed-by: Kasia Misirli <kmisirli@gitlab.com> Co-authored-by: Kasia Misirli <kmisirli@gitlab.com> Co-authored-by: Fabio Pitino <fpitino@gitlab.com>

Merge branch 'fp-fix-catalog-resource-anonymous-access' into 'master'
cf85510e · Avielle Wolfe · 4d24058e · 6290b55e · cf85510e · cf85510e
--- a/app/models/ci/catalog/listing.rb
+++ b/app/models/ci/catalog/listing.rb
@@ -35,7 +35,7 @@ def find_resource(id:)
        return unless resource.present?
        return unless resource.published?
-        return unless current_user.can?(:read_code, resource.project)
+        return unless Ability.allowed?(current_user, :read_code, resource.project)
        resource
      end

--- a/spec/models/ci/catalog/listing_spec.rb
+++ b/spec/models/ci/catalog/listing_spec.rb
@@ -185,11 +185,11 @@
  end
  describe '#find_resource' do
+    let_it_be(:accessible_resource) { create(:ci_catalog_resource, :published, project: public_project) }
    subject { list.find_resource(id: id) }
    context 'when the resource is published and visible to the user' do
-      let_it_be(:accessible_resource) { create(:ci_catalog_resource, :published, project: public_project) }
      let(:id) { accessible_resource.id }
      it 'fetches the resource' do
@@ -200,9 +200,7 @@
    context 'when the resource is not found' do
      let(:id) { 'not-an-id' }
-      it 'returns nil' do
+      it { is_expected.to be_nil }
-        is_expected.to be_nil
-      end
    end
    context 'when the resource is not published' do
@@ -210,9 +208,7 @@
      let(:id) { draft_resource.id }
-      it 'returns nil' do
+      it { is_expected.to be_nil }
-        is_expected.to be_nil
-      end
    end
    context "when the current user cannot read code on the resource's project" do
@@ -220,8 +216,25 @@
      let(:id) { inaccessible_resource.id }
-      it 'returns nil' do
+      it { is_expected.to be_nil }
-        is_expected.to be_nil
+    end
+    context 'when the current user is anonymous' do
+      let(:user) { nil }
+      context 'when the resource is public' do
+        let(:id) { accessible_resource.id }
+        it 'fetches the public resource' do
+          is_expected.to eq(accessible_resource)
+        end
+      end
+      context 'when the resource is internal' do
+        let(:internal_resource) { create(:ci_catalog_resource, :published, project: internal_project) }
+        let(:id) { internal_resource.id }
+        it { is_expected.to be_nil }
      end
    end
  end