Merge branch '276388-fix-confidential-quick-action-permissions' into 'master'

Fix permission check for confidential quick action

See merge request gitlab-org/gitlab!73515

lib/gitlab/quick_actions/issue_actions.rb

@@ -172,7 +172,7 @@ module Gitlab
         condition do
           quick_action_target.issue_type_supports?(:confidentiality) &&
             !quick_action_target.confidential? &&
-            current_user.can?(:"admin_#{quick_action_target.to_ability_name}", quick_action_target)
+            current_user.can?(:set_confidentiality, quick_action_target)
         end
         command :confidential do
           @updates[:confidential] = true

spec/services/quick_actions/interpret_service_spec.rb

@@ -1326,14 +1326,25 @@ RSpec.describe QuickActions::InterpretService do
       let(:issuable) { issue }
     end
 
-    it_behaves_like 'confidential command' do
-      let(:content) { '/confidential' }
-      let(:issuable) { issue }
-    end
+    context '/confidential' do
+      it_behaves_like 'confidential command' do
+        let(:content) { '/confidential' }
+        let(:issuable) { issue }
+      end
+
+      it_behaves_like 'confidential command' do
+        let(:content) { '/confidential' }
+        let(:issuable) { create(:incident, project: project) }
+      end
+
+      context 'when non-member is creating a new issue' do
+        let(:service) { described_class.new(project, create(:user)) }
 
-    it_behaves_like 'confidential command' do
-      let(:content) { '/confidential' }
-      let(:issuable) { create(:incident, project: project) }
+        it_behaves_like 'confidential command' do
+          let(:content) { '/confidential' }
+          let(:issuable) { build(:issue, project: project) }
+        end
+      end
     end
 
     it_behaves_like 'lock command' do