Prevents non-team members to see data on AI Agents
What does this MR do and why?
While we have not properly implemented feature access control for ai agents (#440955), we should be more strict on non-project member users from seeing data. This MR disables :read_ai_agents
from non-team members of a project (:write_ai_agents
already required at least reporter role)
How to set up and validate locally
Example below:
- In rails console
Feature.enable(:agent_registry) user = User.last project = Project.first project_policy = ProjectPolicy.new(user, project) project.member?(user) # => false project_policy.debug(:read_ai_agents) # enabled should be false