Add latest changes from gitlab-org/gitlab@13-9-stable-eev13.9.0-rc42

1 files changed, 12 insertions, 10 deletions

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 79af9c37378..0abb21c9831 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -119,11 +119,10 @@ module API
     def find_project!(id)
       project = find_project(id)
 
-      if can?(current_user, :read_project, project)
-        project
-      else
-        not_found!('Project')
-      end
+      return project if can?(current_user, :read_project, project)
+      return unauthorized! if authenticate_non_public?
+
+      not_found!('Project')
     end
 
     # rubocop: disable CodeReuse/ActiveRecord
@@ -139,11 +138,10 @@ module API
     def find_group!(id)
       group = find_group(id)
 
-      if can?(current_user, :read_group, group)
-        group
-      else
-        not_found!('Group')
-      end
+      return group if can?(current_user, :read_group, group)
+      return unauthorized! if authenticate_non_public?
+
+      not_found!('Group')
     end
 
     def check_namespace_access(namespace)
@@ -657,6 +655,10 @@ module API
       Gitlab::Shell.secret_token
     end
 
+    def authenticate_non_public?
+      route_authentication_setting[:authenticate_non_public] && !current_user
+    end
+
     def send_git_blob(repository, blob)
       env['api.format'] = :txt
       content_type 'text/plain'