From 0653e08efd039a5905f3fa4f6e9cef9f5d2f799c Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 20 Sep 2021 13:18:24 +0000
Subject: Add latest changes from gitlab-org/gitlab@14-3-stable-ee

---
 app/policies/group_policy.rb | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'app/policies/group_policy.rb')

diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index 1d0aa54c1c0..7abffd2c352 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -89,6 +89,7 @@ class GroupPolicy < BasePolicy
   rule { guest }.policy do
     enable :read_group
     enable :upload_file
+    enable :guest_access
   end
 
   rule { admin }.policy do
@@ -111,8 +112,13 @@ class GroupPolicy < BasePolicy
     enable :read_issue_board
     enable :read_group_member
     enable :read_custom_emoji
+    enable :read_counts
+    enable :read_organization
+    enable :read_contact
   end
 
+  rule { ~public_group & ~has_access }.prevent :read_counts
+
   rule { ~can?(:read_group) }.policy do
     prevent :read_design_activity
   end
@@ -127,6 +133,7 @@ class GroupPolicy < BasePolicy
     enable :create_custom_emoji
     enable :create_package
     enable :create_package_settings
+    enable :developer_access
   end
 
   rule { reporter }.policy do
@@ -140,6 +147,7 @@ class GroupPolicy < BasePolicy
     enable :read_prometheus
     enable :read_package
     enable :read_package_settings
+    enable :admin_organization
   end
 
   rule { maintainer }.policy do
@@ -155,6 +163,7 @@ class GroupPolicy < BasePolicy
     enable :read_deploy_token
     enable :create_jira_connect_subscription
     enable :update_runners_registration_token
+    enable :maintainer_access
   end
 
   rule { owner }.policy do
@@ -170,6 +179,7 @@ class GroupPolicy < BasePolicy
     enable :update_default_branch_protection
     enable :create_deploy_token
     enable :destroy_deploy_token
+    enable :owner_access
   end
 
   rule { can?(:read_nested_project_resources) }.policy do
@@ -223,8 +233,9 @@ class GroupPolicy < BasePolicy
   rule { dependency_proxy_access_allowed & dependency_proxy_available }
     .enable :read_dependency_proxy
 
-  rule { developer & dependency_proxy_available }
-    .enable :admin_dependency_proxy
+  rule { developer & dependency_proxy_available }.policy do
+    enable :admin_dependency_proxy
+  end
 
   rule { can?(:admin_group) & resource_access_token_feature_available }.policy do
     enable :read_resource_access_tokens
-- 
cgit v1.2.3