Add code comments

x-pack/plugins/reporting/server/routes/common/authorized_user_pre_routing.ts

@@ -37,7 +37,7 @@ export const authorizedUserPreRouting = <P, Q, B>(
     try {
       let user: ReportingRequestUser = false;
       if (securitySetup && securitySetup.license.isEnabled()) {
-        // find the authenticated user, or null if security is not enabled
+        // find the authenticated user, only if license is enabled
         user = getUser(req, securityService);
         if (!user) {
           // security is enabled but the user is null

x-pack/plugins/reporting/server/routes/common/get_user.ts

@@ -8,5 +8,6 @@
 import { KibanaRequest, SecurityServiceStart } from '@kbn/core/server';
 
 export function getUser(request: KibanaRequest, securityService: SecurityServiceStart) {
+  // securityService from core start will always be present
   return securityService.authc.getCurrentUser(request) ?? false;
 }

x-pack/plugins/reporting/server/routes/internal/management/integration_tests/jobs.test.ts

@@ -175,7 +175,7 @@ describe(`Reporting Job Management Routes: Internal`, () => {
             ...licensingMock.createStart(),
             license$: new BehaviorSubject({ isActive: true, isAvailable: true, type: 'gold' }),
           },
-          security: { authc: { getCurrentUser: () => undefined } },
+          security: { authc: { getCurrentUser: () => undefined } }, // security comes from core here
         },
         mockConfigSchema
       );