Merge branch 'fp-fix-catalog-resource-anonymous-access' into 'master'

Fix 500 error when accessing resources as anonymous user

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138527



Merged-by: Avielle Wolfe <awolfe@gitlab.com>
Approved-by: Kasia Misirli <kmisirli@gitlab.com>
Approved-by: Avielle Wolfe <awolfe@gitlab.com>
Reviewed-by: Kasia Misirli <kmisirli@gitlab.com>
Co-authored-by: Kasia Misirli <kmisirli@gitlab.com>
Co-authored-by: Fabio Pitino <fpitino@gitlab.com>

app/models/ci/catalog/listing.rb

@@ -35,7 +35,7 @@ def find_resource(id:)
 
         return unless resource.present?
         return unless resource.published?
-        return unless current_user.can?(:read_code, resource.project)
+        return unless Ability.allowed?(current_user, :read_code, resource.project)
 
         resource
       end

spec/models/ci/catalog/listing_spec.rb

@@ -185,11 +185,11 @@
   end
 
   describe '#find_resource' do
+    let_it_be(:accessible_resource) { create(:ci_catalog_resource, :published, project: public_project) }
+
     subject { list.find_resource(id: id) }
 
     context 'when the resource is published and visible to the user' do
-      let_it_be(:accessible_resource) { create(:ci_catalog_resource, :published, project: public_project) }
-
       let(:id) { accessible_resource.id }
 
       it 'fetches the resource' do
@@ -200,9 +200,7 @@
     context 'when the resource is not found' do
       let(:id) { 'not-an-id' }
 
-      it 'returns nil' do
-        is_expected.to be_nil
-      end
+      it { is_expected.to be_nil }
     end
 
     context 'when the resource is not published' do
@@ -210,9 +208,7 @@
 
       let(:id) { draft_resource.id }
 
-      it 'returns nil' do
-        is_expected.to be_nil
-      end
+      it { is_expected.to be_nil }
     end
 
     context "when the current user cannot read code on the resource's project" do
@@ -220,8 +216,25 @@
 
       let(:id) { inaccessible_resource.id }
 
-      it 'returns nil' do
-        is_expected.to be_nil
+      it { is_expected.to be_nil }
+    end
+
+    context 'when the current user is anonymous' do
+      let(:user) { nil }
+
+      context 'when the resource is public' do
+        let(:id) { accessible_resource.id }
+
+        it 'fetches the public resource' do
+          is_expected.to eq(accessible_resource)
+        end
+      end
+
+      context 'when the resource is internal' do
+        let(:internal_resource) { create(:ci_catalog_resource, :published, project: internal_project) }
+        let(:id) { internal_resource.id }
+
+        it { is_expected.to be_nil }
       end
     end
   end