Simplify project snippets visibility levels
While I improved Elasticsearch feature for Snippets I noticed that there are tons of settings that might confuse users. There are:
- User role in a team
- Project visibility level
- Project feature visibility level
- ProjectSnippet visibility level.
It's totally unclear what the impact these settings have on Snippet visibility. Theoretically, all four settings should be taken into account. In practice it's messy as well.
Given some private project has snippets enabled ("only team members" feature visibility) and the snippet itself is public. In this case if I have a link to that particular snippet and I'm not a member of the project I can't see it. And what is more ridiculous is that my request will be rejected not because of snippets policy check, but because of can?(current_user, :read_project, @project)
. This solution can be buggy because it seem like no one understands how it should work at all. I think we should simplify it.
Options:
- Remove visibility level for ProjectSnippets and rely on feature visibility only.
- Remove Snippets feature visibility level in project settings and leave "Enable/Disable only". Also leave only two visibility levels for Project Snippets "Private" and "Public". In this case we should rely on project visibility and Snippets visibility. If project is private, snippet's visibility level make no sense. If project is public we don't show private snippets to public.
And the last but not least, if my project is private why would I need those tabs?:
/cc @smcgivern @stanhu