Hide version info from unauthorized users

Merge branch 'security-instance-version-publicly-disclosed-17-4' into '17-4-stable-ee'

See merge request gitlab-org/security/gitlab!4500

Changelog: security

app/assets/javascripts/super_sidebar/components/help_center.vue

@@ -48,19 +48,7 @@ export default {
   },
   computed: {
     itemGroups() {
-      return {
-        versionCheck: {
-          items: [
-            {
-              text: this.$options.i18n.version,
-              href: helpPagePath('update/index'),
-              version: `${this.sidebarData.gitlab_version.major}.${this.sidebarData.gitlab_version.minor}`,
-              extraAttrs: {
-                ...this.trackingAttrs('version_help_dropdown'),
-              },
-            },
-          ],
-        },
+      const groups = {
         helpLinks: {
           items: [
             {
@@ -158,6 +146,23 @@ export default {
           ].filter(Boolean),
         },
       };
+
+      if (this.sidebarData.show_version_check) {
+        groups.versionCheck = {
+          items: [
+            {
+              text: this.$options.i18n.version,
+              href: helpPagePath('update/index'),
+              version: `${this.sidebarData.gitlab_version.major}.${this.sidebarData.gitlab_version.minor}`,
+              extraAttrs: {
+                ...this.trackingAttrs('version_help_dropdown'),
+              },
+            },
+          ],
+        };
+      }
+
+      return groups;
     },
     updateSeverity() {
       return this.sidebarData.gitlab_version_check?.severity;

app/helpers/sidebars_helper.rb

@@ -43,7 +43,7 @@ def super_sidebar_context(user, group:, project:, panel:, panel_type:) # rubocop
   end
   def super_sidebar_logged_out_context(panel:, panel_type:) # rubocop:disable Metrics/AbcSize
-    {
+    super_sidebar_instance_version_data.merge(super_sidebar_whats_new_data).merge({
       is_logged_in: false,
       context_switcher_links: context_switcher_links,
       current_menu_items: panel.super_sidebar_menu_items,
@@ -51,16 +51,12 @@ def super_sidebar_logged_out_context(panel:, panel_type:) # rubocop:disable Metr
       support_path: support_url,
       docs_path: help_docs_path,
       display_whats_new: display_whats_new?,
-      whats_new_most_recent_release_items_count: whats_new_most_recent_release_items_count,
-      whats_new_version_digest: whats_new_version_digest,
       show_version_check: show_version_check?,
-      gitlab_version: Gitlab.version_info,
-      gitlab_version_check: gitlab_version_check,
       search: search_data,
       panel_type: panel_type,
       shortcut_links: shortcut_links,
       terms: terms_link
-    }
+    })
   end
   def super_sidebar_logged_in_context(user, group:, project:, panel:, panel_type:) # rubocop:disable Metrics/AbcSize
@@ -120,6 +116,24 @@ def super_sidebar_logged_in_context(user, group:, project:, panel:, panel_type:)
     })
   end
+  def super_sidebar_instance_version_data
+    return {} unless show_version_check?
+
+    {
+      gitlab_version: Gitlab.version_info,
+      gitlab_version_check: gitlab_version_check
+    }
+  end
+
+  def super_sidebar_whats_new_data
+    return {} unless display_whats_new?
+
+    {
+      whats_new_most_recent_release_items_count: whats_new_most_recent_release_items_count,
+      whats_new_version_digest: whats_new_version_digest
+    }
+  end
+
   def work_items_modal_data(group)
     return unless group && group.id

spec/helpers/sidebars_helper_spec.rb

@@ -221,6 +221,58 @@
       it { is_expected.to include({ is_admin: true }) }
     end
+    describe "what's new information" do
+      context 'when display_whats_new? is true' do
+        before do
+          allow(helper).to receive(:display_whats_new?).and_return(true)
+        end
+
+        it do
+          is_expected.to include({
+            whats_new_most_recent_release_items_count: helper.whats_new_most_recent_release_items_count,
+            whats_new_version_digest: helper.whats_new_version_digest
+          })
+        end
+      end
+
+      context 'when display_whats_new? is false' do
+        before do
+          allow(helper).to receive(:display_whats_new?).and_return(false)
+        end
+
+        it do
+          is_expected.not_to have_key(:whats_new_most_recent_release_items_count)
+          is_expected.not_to have_key(:whats_new_version_digest)
+        end
+      end
+    end
+
+    describe 'instance version information' do
+      context 'when show_version_check? is true' do
+        before do
+          allow(helper).to receive(:show_version_check?).and_return(true)
+        end
+
+        it do
+          is_expected.to include({
+            gitlab_version: Gitlab.version_info,
+            gitlab_version_check: helper.gitlab_version_check
+          })
+        end
+      end
+
+      context 'when show_version_check? is false' do
+        before do
+          allow(helper).to receive(:show_version_check?).and_return(false)
+        end
+
+        it do
+          is_expected.not_to have_key(:gitlab_version)
+          is_expected.not_to have_key(:gitlab_version_check)
+        end
+      end
+    end
+
     describe "shortcut links" do
       describe "as the anonymous user" do
         let_it_be(:user) { nil }

spec/support/shared_examples/helpers/super_sidebar_shared_examples.rb

@@ -7,11 +7,7 @@
       current_context_header: nil,
       support_path: helper.support_url,
       display_whats_new: helper.display_whats_new?,
-      whats_new_most_recent_release_items_count: helper.whats_new_most_recent_release_items_count,
-      whats_new_version_digest: helper.whats_new_version_digest,
       show_version_check: helper.show_version_check?,
-      gitlab_version: Gitlab.version_info,
-      gitlab_version_check: helper.gitlab_version_check,
       search: {
         search_path: search_path,
         issues_path: issues_dashboard_path,