Dry up routable lookups. Fixes #30317

Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all.

1 files changed, 4 insertions, 13 deletions

diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb
index 209d8b1a08a..2157a56dea2 100644
--- a/app/controllers/groups/application_controller.rb
+++ b/app/controllers/groups/application_controller.rb
@@ -9,20 +9,11 @@ class Groups::ApplicationController < ApplicationController
   private
 
   def group
-    unless @group
-      given_path = params[:group_id] || params[:id]
-      @group = Group.find_by_full_path(given_path, follow_redirects: request.get?)
-
-      if @group && can?(current_user, :read_group, @group)
-        ensure_canonical_path(@group, given_path)
-      else
-        @group = nil
-
-        route_not_found
-      end
-    end
+    @group ||= find_routable!(Group, requested_full_path)
+  end
 
-    @group
+  def requested_full_path
+    params[:group_id] || params[:id]
   end
 
   def group_projects