From b21f2bd4bf194e4194313a8eff54823c5716bcd4 Mon Sep 17 00:00:00 2001
From: Dmytro Biryukov <dbiryukov@gitlab.com>
Date: Mon, 14 Oct 2024 15:34:54 +0200
Subject: [PATCH] Remove FF prevent_job_token_admin_permissions

Changelog: changed
---
 app/policies/base_policy.rb                      |  2 +-
 .../prevent_job_token_admin_permissions.yml      |  9 ---------
 spec/policies/base_policy_spec.rb                | 16 ----------------
 3 files changed, 1 insertion(+), 26 deletions(-)
 delete mode 100644 config/feature_flags/development/prevent_job_token_admin_permissions.yml

diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb
index 8688988122c2c..98c99b8d85a10 100644
--- a/app/policies/base_policy.rb
+++ b/app/policies/base_policy.rb
@@ -4,7 +4,7 @@ class BasePolicy < DeclarativePolicy::Base
   desc "User is an instance admin"
   with_options scope: :user, score: 0
   condition(:admin) do
-    next false if ::Feature.enabled?(:prevent_job_token_admin_permissions, @user) && @user&.from_ci_job_token?
+    next false if @user&.from_ci_job_token?
 
     if Gitlab::CurrentSettings.admin_mode
       Gitlab::Auth::CurrentUserMode.new(@user).admin_mode?
diff --git a/config/feature_flags/development/prevent_job_token_admin_permissions.yml b/config/feature_flags/development/prevent_job_token_admin_permissions.yml
deleted file mode 100644
index 0ecb9168f56ea..0000000000000
--- a/config/feature_flags/development/prevent_job_token_admin_permissions.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-name: prevent_job_token_admin_permissions
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/167449
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/474775
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/495627
-milestone: '17.5'
-type: development
-group: group::pipeline security
-default_enabled: false
diff --git a/spec/policies/base_policy_spec.rb b/spec/policies/base_policy_spec.rb
index 4479de40e69dd..cb3de5c72a0cf 100644
--- a/spec/policies/base_policy_spec.rb
+++ b/spec/policies/base_policy_spec.rb
@@ -58,22 +58,6 @@ def policy
         it 'prevents when user is admin' do
           is_expected.to be_disallowed(ability)
         end
-
-        context 'and feature flag prevent_job_token_admin_permissions is disabled' do
-          before do
-            stub_feature_flags(prevent_job_token_admin_permissions: false)
-          end
-
-          it 'does not prevent settings in admin mode' do
-            allow(Gitlab::CurrentSettings).to receive(:admin_mode).and_return(true)
-
-            is_expected.to be_allowed(ability)
-          end
-
-          it 'allows when user is admin' do
-            is_expected.to be_allowed(ability)
-          end
-        end
       end
 
       it 'prevented when not in admin mode' do
-- 
GitLab