Remove the `comment_personal_snippet` permission
What does this MR do?
In https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2794 we added create_note
for consistency, but didn't complete the refactor as it was a security patch. This is now entirely handled by create_note
:
- Project snippets prevent
create_note
. - Uploads already only support routing for personal snippets.
This simplifies some policies and access checks, too!
Does this MR meet the acceptance criteria?
Conformity
Performance and testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56688.