Remove the `comment_personal_snippet` permission (!27999) · Merge requests · GitLab.org / GitLab FOSS · GitLab

Sean McGivern requested to merge remove-comment-personal-snippet-permission into master May 02, 2019

What does this MR do?

In https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2794 we added create_note for consistency, but didn't complete the refactor as it was a security patch. This is now entirely handled by create_note:

Project snippets prevent create_note.
Uploads already only support routing for personal snippets.

This simplifies some policies and access checks, too!

Does this MR meet the acceptance criteria?

Conformity

Performance and testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56688.