From 3cccd102ba543e02725d247893729e5c73b38295 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 20 Apr 2022 10:00:54 +0000
Subject: Add latest changes from gitlab-org/gitlab@14-10-stable-ee

---
 app/policies/alert_management/alert_policy.rb | 12 ++++++++++--
 app/policies/environment_policy.rb            |  6 +++---
 app/policies/project_member_policy.rb         |  7 +++++--
 app/policies/project_policy.rb                |  4 ++++
 app/policies/suggestion_policy.rb             |  4 ++--
 app/policies/user_policy.rb                   |  1 +
 6 files changed, 25 insertions(+), 9 deletions(-)

(limited to 'app/policies')

diff --git a/app/policies/alert_management/alert_policy.rb b/app/policies/alert_management/alert_policy.rb
index e2383921c82..9b6ce72851c 100644
--- a/app/policies/alert_management/alert_policy.rb
+++ b/app/policies/alert_management/alert_policy.rb
@@ -3,7 +3,15 @@
 module AlertManagement
   class AlertPolicy < ::BasePolicy
     delegate { @subject.project }
+
+    rule { can?(:read_alert_management_alert) }.policy do
+      enable :read_alert_management_metric_image
+    end
+
+    rule { can?(:update_alert_management_alert) }.policy do
+      enable :upload_alert_management_metric_image
+      enable :update_alert_management_metric_image
+      enable :destroy_alert_management_metric_image
+    end
   end
 end
-
-AlertManagement::AlertPolicy.prepend_mod
diff --git a/app/policies/environment_policy.rb b/app/policies/environment_policy.rb
index e9e3517b3da..72db6d31764 100644
--- a/app/policies/environment_policy.rb
+++ b/app/policies/environment_policy.rb
@@ -4,12 +4,12 @@ class EnvironmentPolicy < BasePolicy
   delegate { @subject.project }
 
   condition(:stop_with_deployment_allowed) do
-    @subject.stop_action_available? &&
-      can?(:create_deployment) && can?(:update_build, @subject.stop_action)
+    @subject.stop_actions_available? &&
+      can?(:create_deployment) && can?(:update_build, @subject.stop_actions.last)
   end
 
   condition(:stop_with_update_allowed) do
-    !@subject.stop_action_available? && can?(:update_environment, @subject)
+    !@subject.stop_actions_available? && can?(:update_environment, @subject)
   end
 
   condition(:stopped) do
diff --git a/app/policies/project_member_policy.rb b/app/policies/project_member_policy.rb
index 91f1eb35506..40ba30fce5e 100644
--- a/app/policies/project_member_policy.rb
+++ b/app/policies/project_member_policy.rb
@@ -3,13 +3,16 @@
 class ProjectMemberPolicy < BasePolicy
   delegate { @subject.project }
 
-  condition(:target_is_owner, scope: :subject) { @subject.user == @subject.project.owner }
+  condition(:target_is_holder_of_the_personal_namespace, scope: :subject) do
+    @subject.project.personal_namespace_holder?(@subject.user)
+  end
+
   condition(:target_is_self) { @user && @subject.user == @user }
   condition(:project_bot) { @subject.user&.project_bot? }
 
   rule { anonymous }.prevent_all
 
-  rule { target_is_owner }.policy do
+  rule { target_is_holder_of_the_personal_namespace }.policy do
     prevent :update_project_member
     prevent :destroy_project_member
   end
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 2ffafb79134..a417ea35673 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -728,6 +728,10 @@ class ProjectPolicy < BasePolicy
     enable :create_resource_access_tokens
   end
 
+  rule { can?(:admin_project) }.policy do
+    enable :read_usage_quotas
+  end
+
   rule { can?(:project_bot_access) }.policy do
     prevent :create_resource_access_tokens
   end
diff --git a/app/policies/suggestion_policy.rb b/app/policies/suggestion_policy.rb
index 4c84c8ba690..3c273dc6d39 100644
--- a/app/policies/suggestion_policy.rb
+++ b/app/policies/suggestion_policy.rb
@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
 class SuggestionPolicy < BasePolicy
-  delegate { @subject.project }
+  delegate { @subject.source_project }
 
   condition(:can_push_to_branch) do
-    Gitlab::UserAccess.new(@user, container: @subject.project).can_push_to_branch?(@subject.branch)
+    Gitlab::UserAccess.new(@user, container: @subject.source_project).can_push_to_branch?(@subject.branch)
   end
 
   rule { can_push_to_branch }.enable :apply_suggestion
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index de99cbffb6f..f62ccef826c 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -25,6 +25,7 @@ class UserPolicy < BasePolicy
     enable :update_user_status
     enable :create_saved_replies
     enable :update_saved_replies
+    enable :destroy_saved_replies
     enable :read_user_personal_access_tokens
     enable :read_group_count
     enable :read_user_groups
-- 
cgit v1.2.3