From 7415e2cc961b718147e5c6a532eddf41d5be9771 Mon Sep 17 00:00:00 2001
From: Tetiana Chupryna <tchupryna@gitlab.com>
Date: Mon, 23 Nov 2020 20:13:30 +0200
Subject: [PATCH] Remove redundant check for creating forks

When we create merge_request feedback we need to be sure
that user can create merge_request.
We don't need check if user can create merge request from fork.
Users with permissions lower than Developer can't create
feedback anyway because of the check in ProjectPolicy
---
 ee/app/policies/vulnerabilities/feedback_policy.rb       | 3 +--
 ee/spec/policies/vulnerabilities/feedback_policy_spec.rb | 5 ++---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/ee/app/policies/vulnerabilities/feedback_policy.rb b/ee/app/policies/vulnerabilities/feedback_policy.rb
index 6f025ea1bd90c..bd2d30039698b 100644
--- a/ee/app/policies/vulnerabilities/feedback_policy.rb
+++ b/ee/app/policies/vulnerabilities/feedback_policy.rb
@@ -11,8 +11,7 @@ class FeedbackPolicy < BasePolicy
     rule { issue & ~can?(:create_issue) }.prevent :create_vulnerability_feedback
 
     rule do
-      merge_request &
-        (~can?(:create_merge_request_in) | ~can?(:create_merge_request_from))
+      merge_request & ~can?(:create_merge_request_in)
     end.prevent :create_vulnerability_feedback
 
     rule { ~dismissal }.prevent :destroy_vulnerability_feedback, :update_vulnerability_feedback
diff --git a/ee/spec/policies/vulnerabilities/feedback_policy_spec.rb b/ee/spec/policies/vulnerabilities/feedback_policy_spec.rb
index d8708223a8b1d..dc3ee62fdc4e7 100644
--- a/ee/spec/policies/vulnerabilities/feedback_policy_spec.rb
+++ b/ee/spec/policies/vulnerabilities/feedback_policy_spec.rb
@@ -56,8 +56,8 @@
         end
       end
 
-      context 'when user does not have permission to create merge_request from project' do
-        # guest can create merge request IN but not FROM
+      context 'when user does not have developer permission' do
+        # guest can create merge request IN
         let(:guest) { create(:user) }
 
         subject { described_class.new(guest, vulnerability_feedback) }
@@ -68,7 +68,6 @@
 
         it 'does not allow to create merge request feedback' do
           is_expected.to be_allowed(:create_merge_request_in)
-          is_expected.to be_disallowed(:create_merge_request_from)
           is_expected.to be_disallowed(:create_vulnerability_feedback)
         end
       end
-- 
GitLab