Add latest changes from gitlab-org/gitlab@master

3 files changed, 63 insertions, 34 deletions

diff --git a/app/policies/concerns/crud_policy_helpers.rb b/app/policies/concerns/crud_policy_helpers.rb
index d8521ca22cc..029c196cc5f 100644
--- a/app/policies/concerns/crud_policy_helpers.rb
+++ b/app/policies/concerns/crud_policy_helpers.rb
@@ -13,10 +13,16 @@ module CrudPolicyHelpers
 
     def create_update_admin_destroy(name)
       [
+        *create_update_admin(name),
+        :"destroy_#{name}"
+      ]
+    end
+
+    def create_update_admin(name)
+      [
         :"create_#{name}",
         :"update_#{name}",
-        :"admin_#{name}",
-        :"destroy_#{name}"
+        :"admin_#{name}"
       ]
     end
   end
diff --git a/app/policies/concerns/readonly_abilities.rb b/app/policies/concerns/readonly_abilities.rb
new file mode 100644
index 00000000000..a267e963541
--- /dev/null
+++ b/app/policies/concerns/readonly_abilities.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module ReadonlyAbilities
+  extend ActiveSupport::Concern
+
+  READONLY_ABILITIES = %i[
+    admin_tag
+    push_code
+    push_to_delete_protected_branch
+    request_access
+    upload_file
+    resolve_note
+    create_merge_request_from
+    create_merge_request_in
+    award_emoji
+  ].freeze
+
+  READONLY_FEATURES = %i[
+    issue
+    list
+    merge_request
+    label
+    milestone
+    snippet
+    wiki
+    design
+    note
+    pipeline
+    pipeline_schedule
+    build
+    trigger
+    environment
+    deployment
+    commit_status
+    container_image
+    pages
+    cluster
+    release
+  ].freeze
+
+  class_methods do
+    def readonly_abilities
+      READONLY_ABILITIES
+    end
+
+    def readonly_features
+      READONLY_FEATURES
+    end
+  end
+end
+
+ReadonlyAbilities::ClassMethods.prepend_if_ee('EE::ReadonlyAbilities::ClassMethods')
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 5989b42786f..38507a5ea78 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -2,29 +2,7 @@
 
 class ProjectPolicy < BasePolicy
   include CrudPolicyHelpers
-
-  READONLY_FEATURES_WHEN_ARCHIVED = %i[
-    issue
-    list
-    merge_request
-    label
-    milestone
-    snippet
-    wiki
-    design
-    note
-    pipeline
-    pipeline_schedule
-    build
-    trigger
-    environment
-    deployment
-    commit_status
-    container_image
-    pages
-    cluster
-    release
-  ].freeze
+  include ReadonlyAbilities
 
   desc "User is a project owner"
   condition :owner do
@@ -411,16 +389,9 @@ class ProjectPolicy < BasePolicy
   rule { can?(:push_code) }.enable :admin_tag
 
   rule { archived }.policy do
-    prevent :push_code
-    prevent :push_to_delete_protected_branch
-    prevent :request_access
-    prevent :upload_file
-    prevent :resolve_note
-    prevent :create_merge_request_from
-    prevent :create_merge_request_in
-    prevent :award_emoji
+    prevent(*readonly_abilities)
 
-    READONLY_FEATURES_WHEN_ARCHIVED.each do |feature|
+    readonly_features.each do |feature|
       prevent(*create_update_admin_destroy(feature))
     end
   end