Fix scope to handle private guest permission

Guest are blocked to certain feature when project is private,
therefore the scope would filter additionally with REPORTER level.

2 files changed, 14 insertions, 1 deletions

diff --git a/app/models/project.rb b/app/models/project.rb
index f4aa336fbcd..f319c5b1d9f 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -517,7 +517,13 @@ class Project < ApplicationRecord
 
   # This scope returns projects where user has access to both the project and the feature.
   def self.filter_by_feature_visibility(feature, user)
-    with_feature_available_for_user(feature, user).public_or_visible_to_user(user)
+    scope = with_feature_available_for_user(feature, user)
+
+    if ProjectFeature.guest_allowed_on_private_project?(feature)
+      scope.public_or_visible_to_user(user)
+    else
+      scope.public_or_visible_to_user(user, Gitlab::Access::REPORTER)
+    end
   end
 
   scope :active, -> { joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC') }
diff --git a/app/models/project_feature.rb b/app/models/project_feature.rb
index 2013f620b5b..564e531c320 100644
--- a/app/models/project_feature.rb
+++ b/app/models/project_feature.rb
@@ -24,6 +24,7 @@ class ProjectFeature < ApplicationRecord
 
   FEATURES = %i(issues merge_requests wiki snippets builds repository pages).freeze
   PRIVATE_FEATURES_MIN_ACCESS_LEVEL = { merge_requests: Gitlab::Access::REPORTER }.freeze
+  FEATURES_ALLOWED_BY_GUEST_ON_PRIVATE_PROJECT = %i(issues wiki).freeze
   STRING_OPTIONS = HashWithIndifferentAccess.new({
     'disabled' => DISABLED,
     'private'  => PRIVATE,
@@ -45,6 +46,12 @@ class ProjectFeature < ApplicationRecord
       "#{table}.#{attribute}"
     end
 
+    def guest_allowed_on_private_project?(feature)
+      feature = ensure_feature!(feature)
+
+      FEATURES_ALLOWED_BY_GUEST_ON_PRIVATE_PROJECT.include?(feature)
+    end
+
     def required_minimum_access_level(feature)
       feature = ensure_feature!(feature)