Add a migration to remove requesters that are owners of their project

Signed-off-by: Rémy Coutable <remy@rymai.me>

1 files changed, 12 insertions, 10 deletions

diff --git a/app/models/ability.rb b/app/models/ability.rb
index 2c0fd0338fd..eeb0ceba081 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -171,14 +171,9 @@ class Ability
           # Allow to read builds for internal projects
           rules << :read_build if project.public_builds?
 
-          group_member =
-            project.group &&
-            (
-              project.group.members.exists?(user_id: user.id) ||
-              project.group.requesters.exists?(user_id: user.id)
-            )
-
-          rules << :request_access unless owner || group_member || project.team.member?(user)
+          unless owner || project.team.member?(user) || project_group_member?(project, user)
+            rules << :request_access
+          end
         end
 
         if project.archived?
@@ -501,8 +496,7 @@ class Ability
       target_user = subject.user
       project = subject.project
 
-      # Allow owners that requested access to their own project to destroy themselves
-      if target_user != project.owner || subject.request?
+      unless target_user == project.owner
         can_manage = project_abilities(user, project).include?(:admin_project_member)
 
         if can_manage
@@ -582,5 +576,13 @@ class Ability
 
       rules
     end
+
+    def project_group_member?(project, user)
+      project.group &&
+      (
+        project.group.members.exists?(user_id: user.id) ||
+        project.group.requesters.exists?(user_id: user.id)
+      )
+    end
   end
 end