Allow code review bot to publish review on private projects
What does this MR do and why?
When we execute duo code review on a private project, we call DraftNotes::PublishService
and it checks if user can create_note
. We only want to allow that if the executing user is allowed to create note in a private project.
To do that, we check the permission of the executing user instead. If it's allowed to do so, we allow the publishing of review. If not, we don't publish the review.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #469692
Edited by Patrick Bajao