Merge branch '30917-wiki-is-not-searchable' into 'master'

[CE Backport + ES implementation]Resolve "Wiki is not searchable with Guest permissions"

See merge request !1964

app/helpers/projects_helper.rb

@@ -85,6 +85,12 @@ module ProjectsHelper
     @nav_tabs ||= get_project_nav_tabs(@project, current_user)
   end
 
+  def project_search_tabs?(tab)
+    abilities = Array(search_tab_ability_map[tab])
+
+    abilities.any? { |ability| can?(current_user, ability, @project) }
+  end
+
   def project_nav_tab?(name)
     project_nav_tabs.include? name
   end
@@ -203,7 +209,17 @@ module ProjectsHelper
       nav_tabs << :container_registry
     end
 
-    tab_ability_map = {
+    tab_ability_map.each do |tab, ability|
+      if can?(current_user, ability, project)
+        nav_tabs << tab
+      end
+    end
+
+    nav_tabs.flatten
+  end
+
+  def tab_ability_map
+    {
       environments: :read_environment,
       milestones:   :read_milestone,
       pipelines:    :read_pipeline,
@@ -215,14 +231,15 @@ module ProjectsHelper
       team:         :read_project_member,
       wiki:         :read_wiki
     }
-
-    tab_ability_map.each do |tab, ability|
-      if can?(current_user, ability, project)
-        nav_tabs << tab
-      end
   end
 
-    nav_tabs.flatten
+  def search_tab_ability_map
+    @search_tab_ability_map ||= tab_ability_map.merge(
+      blobs:          :download_code,
+      commits:        :download_code,
+      merge_requests: :read_merge_request,
+      notes:          [:read_merge_request, :download_code, :read_issue, :read_project_snippet]
+    )
   end
 
   def project_lfs_status(project)

app/services/search_service.rb

@@ -12,7 +12,7 @@ class SearchService
     @project =
       if params[:project_id].present?
         the_project = Project.find_by(id: params[:project_id])
-        can?(current_user, :download_code, the_project) ? the_project : nil
+        can?(current_user, :read_project, the_project) ? the_project : nil
       else
         nil
       end

app/views/search/_category.html.haml

@@ -3,36 +3,43 @@
   .fade-right= icon('angle-right')
   %ul.nav-links.search-filter.scrolling-tabs
     - if @project
+      - if project_search_tabs?(:blobs)
         %li{ class: active_when(@scope == 'blobs') }
           = link_to search_filter_path(scope: 'blobs') do
             Code
             %span.badge
               = @search_results.blobs_count
+      - if project_search_tabs?(:issues)
         %li{ class: active_when(@scope == 'issues') }
           = link_to search_filter_path(scope: 'issues') do
             Issues
             %span.badge
               = @search_results.issues_count
+      - if project_search_tabs?(:merge_requests)
         %li{ class: active_when(@scope == 'merge_requests') }
           = link_to search_filter_path(scope: 'merge_requests') do
             Merge requests
             %span.badge
               = @search_results.merge_requests_count
+      - if project_search_tabs?(:milestones)
         %li{ class: active_when(@scope == 'milestones') }
           = link_to search_filter_path(scope: 'milestones') do
             Milestones
             %span.badge
               = @search_results.milestones_count
+      - if project_search_tabs?(:notes)
         %li{ class: active_when(@scope == 'notes') }
           = link_to search_filter_path(scope: 'notes') do
             Comments
             %span.badge
               = @search_results.notes_count
+      - if project_search_tabs?(:wiki)
         %li{ class: active_when(@scope == 'wiki_blobs') }
           = link_to search_filter_path(scope: 'wiki_blobs') do
             Wiki
             %span.badge
               = @search_results.wiki_blobs_count
+      - if project_search_tabs?(:commits)
         %li{ class: active_when(@scope == 'commits') }
           = link_to search_filter_path(scope: 'commits') do
             Commits

changelogs/unreleased/30917-wiki-is-not-searchable-with-guest-permissions.yml

+---
+title: 'Fix: Wiki is not searchable with Guest permissions'
+merge_request:
+author:

lib/gitlab/elastic/project_search_results.rb

@@ -69,6 +69,8 @@ module Gitlab
       end
 
       def wiki_blobs
+        return Kaminari.paginate_array([]) unless Ability.allowed?(@current_user, :read_wiki, project)
+
         if project.wiki_enabled? && !project.wiki.empty? && query.present?
           project.wiki.search(
             query,

lib/gitlab/elastic/search_results.rb

@@ -187,19 +187,21 @@ module Gitlab
       end
 
       def wiki_filter
-        blob_filter(:wiki_access_level)
+        blob_filter(:wiki_access_level, visible_for_guests: true)
       end
 
       def repository_filter
         blob_filter(:repository_access_level)
       end
 
-      def blob_filter(project_feature_name)
+      def blob_filter(project_feature_name, visible_for_guests: false)
+        project_ids = visible_for_guests ? limit_project_ids : non_guest_project_ids
+
         conditions =
-          if non_guest_project_ids == :any
+          if project_ids == :any
             [{ exists: { field: "id" } }]
           else
-            [{ terms: { id: non_guest_project_ids } }]
+            [{ terms: { id: project_ids } }]
           end
 
         if public_and_internal_projects

spec/elastic_integration/global_search_spec.rb

 require 'spec_helper'
 
 describe 'GlobalSearch' do
-  let(:features) { %i(issues merge_requests repository builds) }
+  let(:features) { %i(issues merge_requests repository builds wiki) }
   let(:admin) { create :user, admin: true }
   let(:auditor) {create :user, auditor: true }
   let(:non_member) { create :user }
@@ -130,11 +130,13 @@ describe 'GlobalSearch' do
     Sidekiq::Testing.inline! do
       create :issue, title: 'term', project: project
       create :merge_request, title: 'term', target_project: project, source_project: project
+      project.wiki.create_page('index_page', 'term')
 
       project.project_feature.update!(feature_settings) if feature_settings
 
       project.repository.index_blobs
       project.repository.index_commits
+      project.wiki.index_blobs
 
       Gitlab::Elastic::Helper.refresh_index
     end
@@ -149,6 +151,7 @@ describe 'GlobalSearch' do
     results = search(user, 'term')
     expect(results.issues_count).to eq(0)
     expect(results.merge_requests_count).to eq(0)
+    expect(results.wiki_blobs_count).to eq(0)
     expect(search(user, 'def').blobs_count).to eq(0)
     expect(search(user, 'add').commits_count).to eq(0)
   end
@@ -157,6 +160,7 @@ describe 'GlobalSearch' do
     results = search(user, 'term')
     expect(results.issues_count).not_to eq(0)
     expect(results.merge_requests_count).not_to eq(0)
+    expect(results.wiki_blobs_count).not_to eq(0)
     expect(search(user, 'def').blobs_count).not_to eq(0)
     expect(search(user, 'add').commits_count).not_to eq(0)
   end
@@ -164,6 +168,7 @@ describe 'GlobalSearch' do
   def expect_non_code_items_to_be_found(user)
     results = search(guest, 'term')
     expect(results.issues_count).not_to eq(0)
+    expect(results.wiki_blobs_count).not_to eq(0)
     expect(results.merge_requests_count).to eq(0)
     expect(search(guest, 'def').blobs_count).to eq(0)
     expect(search(guest, 'add').commits_count).to eq(0)

spec/lib/gitlab/elastic/project_search_results_spec.rb

@@ -61,6 +61,23 @@ describe Gitlab::Elastic::ProjectSearchResults, lib: true do
       result1 = Gitlab::Elastic::ProjectSearchResults.new(user, 'initial', project.id)
       expect(result1.commits_count).to eq(1)
     end
+
+    context 'visibility checks' do
+      it 'shows wiki for guests' do
+        project = create :empty_project, :public
+        guest = create :user
+        project.add_guest(guest)
+
+        # Wiki
+        project.wiki.create_page('index_page', 'term')
+        project.wiki.index_blobs
+
+        Gitlab::Elastic::Helper.refresh_index
+
+        result = Gitlab::Elastic::ProjectSearchResults.new(guest, 'term', project.id)
+        expect(result.wiki_blobs_count).to eq(1)
+      end
+    end
   end
 
   describe "search for commits in non-default branch" do

spec/lib/gitlab/elastic/search_results_spec.rb

@@ -419,6 +419,14 @@ describe Gitlab::Elastic::SearchResults, lib: true do
       expect(results.wiki_blobs_count).to eq 1
     end
 
+    it 'finds wiki blobs for guest' do
+      project_1.add_guest(user)
+      blobs = results.objects('wiki_blobs')
+
+      expect(blobs.first["_source"]["blob"]["content"]).to include("term")
+      expect(results.wiki_blobs_count).to eq 1
+    end
+
     it 'finds wiki blobs from public projects only' do
       project_2 = create :project, :private
       project_2.wiki.create_page('index_page', 'term')

spec/lib/gitlab/project_search_results_spec.rb

@@ -123,8 +123,8 @@ describe Gitlab::ProjectSearchResults, lib: true do
     context 'when wiki is internal' do
       let(:project) { create(:project, :public, :wiki_private) }
 
-      it 'finds wiki blobs for members' do
-        project.add_reporter(user)
+      it 'finds wiki blobs for guest' do
+        project.add_guest(user)
 
         is_expected.not_to be_empty
       end

spec/services/search_service_spec.rb

@@ -26,6 +26,15 @@ describe SearchService, services: true do
 
         expect(project).to eq accessible_project
       end
+
+      it 'returns the project for guests' do
+        search_project = create :empty_project
+        search_project.add_guest(user)
+
+        project = SearchService.new(user, project_id: search_project.id).project
+
+        expect(project).to eq search_project
+      end
     end
 
     context 'when the project is not accessible' do