GroupPolicy should inherits from NamespacePolicy

The following discussion from gitlab-ce!32012 should be addressed:

@nolith started a discussion: (+2 comments)

Writing this policy @smcgivern and I realized that this activates a different set of policies based on the kind of namespace.

A namespace can be a user namespace (Namespace model) or a Group. So the policy is delegated to a NamespacePolicy or GroupPolicy.

At first we thought to alway delegate Group policy to Namespace Policy (with delegate { @subject.become(Namespace) }) but it failed because ownership definition is not the same.

The intent of this comment is to open a follow-up issue to better model Group/Namespace Policies.

An option could be to implement owned_by?(user) in both Group and Namespace in order to remove ownership definition from the policies and delegate id to the models.
@smcgivern comment

Looking at this again, one option would be to use inheritance instead of delegation: class GroupPolicy < NamespacePolicy.

We'd then have #is_owner? as an instance method and override that in GroupPolicy.

I think the intent of these policies is not to diverge, but as this MR shows, that doesn't actually happen right now.

Edited Sep 29, 2025 by 🤖 GitLab Bot 🤖