Hide What's New for unauthenticated users

Hide the What's New feature for unauthenticated users on self-managed
instances. This feature request came from users that were concerned of a
version info leak.

part of:
https://gitlab.com/gitlab-org/gitlab/-/issues/323492

app/helpers/whats_new_helper.rb

@@ -8,4 +8,8 @@ module WhatsNewHelper
   def whats_new_version_digest
     ReleaseHighlight.most_recent_version_digest
   end
+
+  def display_whats_new?
+    Gitlab.dev_env_org_or_com? || user_signed_in?
+  end
 end

app/views/layouts/header/_default.html.haml

@@ -120,7 +120,8 @@
         = sprite_icon('ellipsis_h', size: 12, css_class: 'more-icon js-navbar-toggle-right')
         = sprite_icon('close', size: 12, css_class: 'close-icon js-navbar-toggle-left')
 
-#whats-new-app{ data: { version_digest: whats_new_version_digest } }
+- if display_whats_new?
+  #whats-new-app{ data: { version_digest: whats_new_version_digest } }
 
 - if can?(current_user, :update_user_status, current_user)
   .js-set-status-modal-wrapper{ data: user_status_data }

app/views/layouts/header/_whats_new_dropdown_item.html.haml

-%li
-  %button.gl-justify-content-space-between.gl-align-items-center.js-whats-new-trigger{ type: 'button', class: 'gl-display-flex!' }
-    = _("What's new")
-    %span.js-whats-new-notification-count.whats-new-notification-count
-      = whats_new_most_recent_release_items_count
+- if display_whats_new?
+  %li
+    %button.gl-justify-content-space-between.gl-align-items-center.js-whats-new-trigger{ type: 'button', class: 'gl-display-flex!' }
+      = _("What's new")
+      %span.js-whats-new-notification-count.whats-new-notification-count
+        = whats_new_most_recent_release_items_count

changelogs/unreleased/jswain_whats_new_self_managed_authenticated.yml

+---
+title: Hide What's New for unauthenticated users
+merge_request: 59330
+author:
+type: changed

spec/features/whats_new_spec.rb

@@ -2,34 +2,60 @@
 
 require "spec_helper"
 
-RSpec.describe "renders a `whats new` dropdown item", :js do
+RSpec.describe "renders a `whats new` dropdown item" do
   let_it_be(:user) { create(:user) }
 
-  before do
-    sign_in(user)
-  end
+  context 'when not logged in' do
+    it 'and on .com it renders' do
+      allow(Gitlab).to receive(:com?).and_return(true)
 
-  it 'shows notification dot and count and removes it once viewed' do
-    visit root_dashboard_path
+      visit user_path(user)
 
-    page.within '.header-help' do
-      expect(page).to have_selector('.notification-dot', visible: true)
+      page.within '.header-help' do
+        find('.header-help-dropdown-toggle').click
 
-      find('.header-help-dropdown-toggle').click
+        expect(page).to have_button(text: "What's new")
+      end
+    end
+
+    it "doesn't render what's new" do
+      visit user_path(user)
 
-      expect(page).to have_button(text: "What's new")
-      expect(page).to have_selector('.js-whats-new-notification-count')
+      page.within '.header-help' do
+        find('.header-help-dropdown-toggle').click
+
+        expect(page).not_to have_button(text: "What's new")
+      end
+    end
+  end
 
-      find('button', text: "What's new").click
+  context 'when logged in', :js do
+    before do
+      sign_in(user)
     end
 
-    find('.whats-new-drawer .gl-drawer-close-button').click
-    find('.header-help-dropdown-toggle').click
+    it 'shows notification dot and count and removes it once viewed' do
+      visit root_dashboard_path
+
+      page.within '.header-help' do
+        expect(page).to have_selector('.notification-dot', visible: true)
+
+        find('.header-help-dropdown-toggle').click
+
+        expect(page).to have_button(text: "What's new")
+        expect(page).to have_selector('.js-whats-new-notification-count')
+
+        find('button', text: "What's new").click
+      end
+
+      find('.whats-new-drawer .gl-drawer-close-button').click
+      find('.header-help-dropdown-toggle').click
 
-    page.within '.header-help' do
-      expect(page).not_to have_selector('.notification-dot', visible: true)
-      expect(page).to have_button(text: "What's new")
-      expect(page).not_to have_selector('.js-whats-new-notification-count')
+      page.within '.header-help' do
+        expect(page).not_to have_selector('.notification-dot', visible: true)
+        expect(page).to have_button(text: "What's new")
+        expect(page).not_to have_selector('.js-whats-new-notification-count')
+      end
     end
   end
 end

spec/helpers/whats_new_helper_spec.rb

@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe WhatsNewHelper do
+  include Devise::Test::ControllerHelpers
+
   describe '#whats_new_version_digest' do
     let(:digest) { 'digest' }
 
@@ -32,4 +34,30 @@ RSpec.describe WhatsNewHelper do
       end
     end
   end
+
+  describe '#display_whats_new?' do
+    subject { helper.display_whats_new? }
+
+    it 'returns true when gitlab.com' do
+      allow(Gitlab).to receive(:dev_env_org_or_com?).and_return(true)
+
+      expect(subject).to be true
+    end
+
+    context 'when self-managed' do
+      before do
+        allow(Gitlab).to receive(:dev_env_org_or_com?).and_return(false)
+      end
+
+      it 'returns true if user is signed in' do
+        sign_in(create(:user))
+
+        expect(subject).to be true
+      end
+
+      it "returns false if user isn't signed in" do
+        expect(subject).to be false
+      end
+    end
+  end
 end