Merge branch '346510-fix-anonymous-searches-restriction' into 'master'

Fix global anonymous searches restriction

See merge request gitlab-org/gitlab!75875

app/controllers/search_controller.rb

@@ -150,7 +150,7 @@ class SearchController < ApplicationController
   end
 
   def block_anonymous_global_searches
-    return if params[:project_id].present? || params[:group_id].present?
+    return unless search_service.global_search?
     return if current_user
     return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops)
 
@@ -160,7 +160,7 @@ class SearchController < ApplicationController
   end
 
   def check_scope_global_search_enabled
-    return if params[:project_id].present? || params[:group_id].present?
+    return unless search_service.global_search?
 
     search_allowed = case params[:scope]
                      when 'blobs'

app/services/search_service.rb

@@ -45,6 +45,10 @@ class SearchService
     # overridden in EE
   end
 
+  def global_search?
+    project.blank? && group.blank?
+  end
+
   def show_snippets?
     return @show_snippets if defined?(@show_snippets)
 

spec/controllers/search_controller_spec.rb

@@ -172,6 +172,12 @@ RSpec.describe SearchController do
 
               expect(response).to redirect_to new_user_session_path
             end
+
+            it 'redirects to login page when trying to circumvent the restriction' do
+              get :show, params: { scope: 'projects', project_id: non_existing_record_id, search: '*' }
+
+              expect(response).to redirect_to new_user_session_path
+            end
           end
 
           context 'for authenticated user' do