Instance administrator / auditor can't view private personal snippets
Summary
Instance administrator is unable to view personal snippets through the UI or API when their visibility level is set to "private"
Steps to reproduce
- As a normal user, create a private personal snippet from the
/snippets/new
page. - As an instance administrator, attempt to view the snippet
Example Project
Log in as a GitLab.com administrator and try to view https://gitlab.com/snippets/1740018
What is the current bug behavior?
Instance adminstrator is unable to view snippet
What is the expected correct behavior?
Instance administrator should be able to see everything, including this snippet
Output of checks
This bug happens on GitLab.com
Possible fixes
The problem lies in the policy for personal snippets: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/policies/personal_snippet_policy.rb
Unlike the project snippet policy: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/policies/project_snippet_policy.rb - there is no provision made for admins.
This is a minor annoyance if you're an instance administrator investigating, say, claims that a private personal snippet on your instance contains something illegal. So I think we should fix it for this or the next release - it shouldn't be a lot of work.
I don't think this needs to be confidential.