Merge branch '30917-wiki-is-not-searchable-with-guest-permissions' into 'master'

Resolve "Wiki is not searchable with Guest permissions"

Closes #30917

See merge request !11613

6 files changed, 83 insertions, 46 deletions

diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index 7b7c03142c4..654aa1a6533 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -85,6 +85,12 @@ module ProjectsHelper
     @nav_tabs ||= get_project_nav_tabs(@project, current_user)
   end
 
+  def project_search_tabs?(tab)
+    abilities = Array(search_tab_ability_map[tab])
+
+    abilities.any? { |ability| can?(current_user, ability, @project) }
+  end
+
   def project_nav_tab?(name)
     project_nav_tabs.include? name
   end
@@ -204,7 +210,17 @@ module ProjectsHelper
       nav_tabs << :container_registry
     end
 
-    tab_ability_map = {
+    tab_ability_map.each do |tab, ability|
+      if can?(current_user, ability, project)
+        nav_tabs << tab
+      end
+    end
+
+    nav_tabs.flatten
+  end
+
+  def tab_ability_map
+    {
       environments: :read_environment,
       milestones:   :read_milestone,
       pipelines:    :read_pipeline,
@@ -216,14 +232,15 @@ module ProjectsHelper
       team:         :read_project_member,
       wiki:         :read_wiki
     }
+  end
 
-    tab_ability_map.each do |tab, ability|
-      if can?(current_user, ability, project)
-        nav_tabs << tab
-      end
-    end
-
-    nav_tabs.flatten
+  def search_tab_ability_map
+    @search_tab_ability_map ||= tab_ability_map.merge(
+      blobs:          :download_code,
+      commits:        :download_code,
+      merge_requests: :read_merge_request,
+      notes:          [:read_merge_request, :download_code, :read_issue, :read_project_snippet]
+    )
   end
 
   def project_lfs_status(project)
diff --git a/app/services/search_service.rb b/app/services/search_service.rb
index 22736c71725..1d4d03a8b7d 100644
--- a/app/services/search_service.rb
+++ b/app/services/search_service.rb
@@ -12,7 +12,7 @@ class SearchService
     @project =
       if params[:project_id].present?
         the_project = Project.find_by(id: params[:project_id])
-        can?(current_user, :download_code, the_project) ? the_project : nil
+        can?(current_user, :read_project, the_project) ? the_project : nil
       else
         nil
       end
diff --git a/app/views/search/_category.html.haml b/app/views/search/_category.html.haml
index 059a0d1ac78..314d8e9cb25 100644
--- a/app/views/search/_category.html.haml
+++ b/app/views/search/_category.html.haml
@@ -3,41 +3,48 @@
   .fade-right= icon('angle-right')
   %ul.nav-links.search-filter.scrolling-tabs
     - if @project
-      %li{ class: active_when(@scope == 'blobs') }
-        = link_to search_filter_path(scope: 'blobs') do
-          Code
-          %span.badge
-            = @search_results.blobs_count
-      %li{ class: active_when(@scope == 'issues') }
-        = link_to search_filter_path(scope: 'issues') do
-          Issues
-          %span.badge
-            = @search_results.issues_count
-      %li{ class: active_when(@scope == 'merge_requests') }
-        = link_to search_filter_path(scope: 'merge_requests') do
-          Merge requests
-          %span.badge
-            = @search_results.merge_requests_count
-      %li{ class: active_when(@scope == 'milestones') }
-        = link_to search_filter_path(scope: 'milestones') do
-          Milestones
-          %span.badge
-            = @search_results.milestones_count
-      %li{ class: active_when(@scope == 'notes') }
-        = link_to search_filter_path(scope: 'notes') do
-          Comments
-          %span.badge
-            = @search_results.notes_count
-      %li{ class: active_when(@scope == 'wiki_blobs') }
-        = link_to search_filter_path(scope: 'wiki_blobs') do
-          Wiki
-          %span.badge
-            = @search_results.wiki_blobs_count
-      %li{ class: active_when(@scope == 'commits') }
-        = link_to search_filter_path(scope: 'commits') do
-          Commits
-          %span.badge
-            = @search_results.commits_count
+      - if project_search_tabs?(:blobs)
+        %li{ class: active_when(@scope == 'blobs') }
+          = link_to search_filter_path(scope: 'blobs') do
+            Code
+            %span.badge
+              = @search_results.blobs_count
+      - if project_search_tabs?(:issues)
+        %li{ class: active_when(@scope == 'issues') }
+          = link_to search_filter_path(scope: 'issues') do
+            Issues
+            %span.badge
+              = @search_results.issues_count
+      - if project_search_tabs?(:merge_requests)
+        %li{ class: active_when(@scope == 'merge_requests') }
+          = link_to search_filter_path(scope: 'merge_requests') do
+            Merge requests
+            %span.badge
+              = @search_results.merge_requests_count
+      - if project_search_tabs?(:milestones)
+        %li{ class: active_when(@scope == 'milestones') }
+          = link_to search_filter_path(scope: 'milestones') do
+            Milestones
+            %span.badge
+              = @search_results.milestones_count
+      - if project_search_tabs?(:notes)
+        %li{ class: active_when(@scope == 'notes') }
+          = link_to search_filter_path(scope: 'notes') do
+            Comments
+            %span.badge
+              = @search_results.notes_count
+      - if project_search_tabs?(:wiki)
+        %li{ class: active_when(@scope == 'wiki_blobs') }
+          = link_to search_filter_path(scope: 'wiki_blobs') do
+            Wiki
+            %span.badge
+              = @search_results.wiki_blobs_count
+      - if project_search_tabs?(:commits)
+        %li{ class: active_when(@scope == 'commits') }
+          = link_to search_filter_path(scope: 'commits') do
+            Commits
+            %span.badge
+              = @search_results.commits_count
 
     - elsif @show_snippets
       %li{ class: active_when(@scope == 'snippet_blobs') }
diff --git a/changelogs/unreleased/30917-wiki-is-not-searchable-with-guest-permissions.yml b/changelogs/unreleased/30917-wiki-is-not-searchable-with-guest-permissions.yml
new file mode 100644
index 00000000000..c9bd2dc465e
--- /dev/null
+++ b/changelogs/unreleased/30917-wiki-is-not-searchable-with-guest-permissions.yml
@@ -0,0 +1,4 @@
+---
+title: 'Fix: Wiki is not searchable with Guest permissions'
+merge_request:
+author:
diff --git a/spec/lib/gitlab/project_search_results_spec.rb b/spec/lib/gitlab/project_search_results_spec.rb
index 1b8690ba613..3d22784909d 100644
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
@@ -123,8 +123,8 @@ describe Gitlab::ProjectSearchResults, lib: true do
     context 'when wiki is internal' do
       let(:project) { create(:project, :public, :wiki_private) }
 
-      it 'finds wiki blobs for members' do
-        project.add_reporter(user)
+      it 'finds wiki blobs for guest' do
+        project.add_guest(user)
 
         is_expected.not_to be_empty
       end
diff --git a/spec/services/search_service_spec.rb b/spec/services/search_service_spec.rb
index 2112f1cf9ea..5cf989105d0 100644
--- a/spec/services/search_service_spec.rb
+++ b/spec/services/search_service_spec.rb
@@ -26,6 +26,15 @@ describe SearchService, services: true do
 
         expect(project).to eq accessible_project
       end
+
+      it 'returns the project for guests' do
+        search_project = create :empty_project
+        search_project.add_guest(user)
+
+        project = SearchService.new(user, project_id: search_project.id).project
+
+        expect(project).to eq search_project
+      end
     end
 
     context 'when the project is not accessible' do