Guest users unable to see build output in private project despite public pipelines being enabled
Our docs state that if public pipelines setting is enabled (the default) then, in private projects, any member (guest or higher) can view the pipelines and access the job details (output logs and artifacts).
Testing this in v11.5.1-ee, this is not the case.
Steps to reproduce
Reproduced on v11.5.1-ee:
- Create a private project
- Check that public pipelines are enabled at Settings > CI/CD > General pipelines (it's enabled by default, but double check)
- Add a user as a Guest (customer reported this for external guest users, but I tested with a regular Guest user too)
- Run a CI pipeline
- Impersonate or log in as the guest user
- Observe the guest user can't view build logs
The customer said this was working back in July, so I spun up an instance on v11.0 (released June) and permission behaved as expected. The guest user was able to view build logs.
What is the current bug behavior?
Guest user can't view build logs.
- the buttons that should lead to job logs on both the Pipelines and Jobs pages are not clickable by users with the Guest role
What is the expected correct behavior?
Guest users should be able to view build logs.
- the buttons that lead to job logs on the Pipelines and Jobs pages should be clickable by users with the Guest role
Access policies are defined in https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/policies/project_policy.rb but I have not yet tracked down the specific change between v11.0 and v 11.5.1 that caused this.
Zendesk ticket: https://gitlab.zendesk.com/agent/tickets/109770 (internal-only link)