From 32009535b90601035671366165a2f248a63e37a0 Mon Sep 17 00:00:00 2001
From: Eduardo Bonet <ebonet@gitlab.com>
Date: Thu, 8 Feb 2024 17:23:58 +0000
Subject: [PATCH] Prevents non-team members to see data on AI Agents

---
 ee/app/policies/ee/project_policy.rb    | 4 ++--
 ee/spec/policies/project_policy_spec.rb | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ee/app/policies/ee/project_policy.rb b/ee/app/policies/ee/project_policy.rb
index 32f12f7db02b8..528f636a53493 100644
--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -894,11 +894,11 @@ module ProjectPolicy
 
       rule { ai_available & generate_cube_query_enabled }.enable :generate_cube_query
 
-      rule { agent_registry_enabled }.policy do
+      rule { guest & agent_registry_enabled }.policy do
         enable :read_ai_agents
       end
 
-      rule { can?(:reporter_access) & agent_registry_enabled }.policy do
+      rule { reporter & agent_registry_enabled }.policy do
         enable :write_ai_agents
       end
 
diff --git a/ee/spec/policies/project_policy_spec.rb b/ee/spec/policies/project_policy_spec.rb
index 05507381b362f..a50ed33037776 100644
--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -3325,7 +3325,7 @@ def create_member_role(member, abilities = member_role_abilities)
       true  | true  | ref(:owner)      | true
       true  | true  | ref(:reporter)   | true
       true  | true  | ref(:guest)      | true
-      true  | true  | ref(:non_member) | true
+      true  | true  | ref(:non_member) | false
       true  | false | ref(:owner)      | false
       true  | false | ref(:reporter)   | false
       true  | false | ref(:guest)      | false
-- 
GitLab