Feature Flag Clients Return 403 When Repository is Set to Only Project Members

Summary

When project repository permissions are set to Only Project Members (ProjectFeature::PRIVATE / 10), then Unleash clients receive a 403 from the feature flags API.

Steps to reproduce

Set a project to have the following visibility settings and save the project:

Screen_Shot_2020-09-22_at_4.03.08_PM

Use an Unleash client to request feature flags from the project. The client will receive a 403.

Example Project

What is the current bug behavior?

The Unleash client will receive a 403 from the unleash API.

What is the expected correct behavior?

The Unleash client should receive a 2XX response with the list of feature flags.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes