Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc32

1 files changed, 11 insertions, 1 deletions

diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 87ee7d201e4..59e2d617bf7 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -104,6 +104,9 @@ class ProjectPolicy < BasePolicy
   with_scope :subject
   condition(:service_desk_enabled) { @subject.service_desk_enabled? }
 
+  with_scope :subject
+  condition(:resource_access_token_available) { resource_access_token_available? }
+
   # We aren't checking `:read_issue` or `:read_merge_request` in this case
   # because it could be possible for a user to see an issuable-iid
   # (`:read_issue_iid` or `:read_merge_request_iid`) but then wouldn't be
@@ -237,7 +240,6 @@ class ProjectPolicy < BasePolicy
     enable :read_merge_request
     enable :read_sentry_issue
     enable :update_sentry_issue
-    enable :read_incidents
     enable :read_prometheus
     enable :read_metrics_dashboard_annotation
     enable :metrics_dashboard
@@ -589,6 +591,10 @@ class ProjectPolicy < BasePolicy
     prevent :read_project
   end
 
+  rule { resource_access_token_available & can?(:admin_project) }.policy do
+    enable :admin_resource_access_tokens
+  end
+
   private
 
   def user_is_user?
@@ -663,6 +669,10 @@ class ProjectPolicy < BasePolicy
     end
   end
 
+  def resource_access_token_available?
+    true
+  end
+
   def project
     @subject
   end