Remove member_access from project policy

Jayrequested to merge
jswain_remove_member_access_from_project_policy into master

What does this MR do and why?

Follow up to Enable Guest+ users to execute custom agents in... (!214918 - merged)

After conversing with the Authz team we realized that introducing yet another permission (member_access) could add more confusion to engineers and refactoring project policy to not enable guest_access for non-members when public is the actual fix we want.

This MR is the compromise that we found before doing the larger refactor while still keeping our codebase reasonable.

  • call project.member? directly
  • remove redundant enabled permissions

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Jay

Merge request reports