Fix bug in group security dashboard

ee/app/helpers/groups/security_features_helper.rb

@@ -2,7 +2,7 @@
 
 module Groups::SecurityFeaturesHelper
   def group_level_security_dashboard_available?(group)
-    group.feature_available?(:security_dashboard)
+    can?(current_user, :read_group_security_dashboard, group)
   end
 
   def group_level_compliance_dashboard_available?(group)

ee/spec/helpers/groups/security_features_helper_spec.rb

@@ -9,18 +9,19 @@ RSpec.describe Groups::SecurityFeaturesHelper do
   let_it_be(:user, refind: true) { create(:user) }
 
   before do
+    allow(helper).to receive(:can?) { |*args| Ability.allowed?(*args) }
     allow(helper).to receive(:current_user).and_return(user)
   end
 
   describe '#group_level_security_dashboard_available?' do
-    where(:security_dashboard_feature_enabled, :result) do
-      true  | true
+    where(:read_group_security_dashboard_permission, :result) do
       false | false
+      true  | true
     end
 
     with_them do
       before do
-        stub_licensed_features(security_dashboard: security_dashboard_feature_enabled)
+        allow(helper).to receive(:can?).with(user, :read_group_security_dashboard, group).and_return(read_group_security_dashboard_permission)
       end
 
       it 'returns the expected result' do

ee/spec/views/layouts/nav/sidebar/_group.html.haml_spec.rb

@@ -109,6 +109,12 @@ RSpec.describe 'layouts/nav/sidebar/_group' do
         stub_licensed_features(security_dashboard: true)
       end
 
+      context 'when the user has access to Compliance dashboard' do
+        before do
+          group.add_developer(user)
+          allow(view).to receive(:current_user).and_return(user)
+        end
+
         it 'is visible' do
           render
 
@@ -116,6 +122,7 @@ RSpec.describe 'layouts/nav/sidebar/_group' do
           expect(rendered).to have_link 'Security'
         end
       end
+    end
 
     context 'when compliance dashboard feature is enabled' do
       before do