port UserPolicy

2 files changed, 11 insertions, 11 deletions

diff --git a/app/models/ability.rb b/app/models/ability.rb
index 7c4210f0706..fe171cd1a8b 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -73,7 +73,6 @@ class Ability
 
     def abilities_by_subject_class(user:, subject:)
       case subject
-      when User then user_abilities
       when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)
       else []
       end + global_abilities(user)
@@ -85,17 +84,11 @@ class Ability
         ProjectPolicy.abilities(nil, subject.project)
       elsif subject.respond_to?(:group)
         GroupPolicy.abilities(nil, subject.group)
-      elsif subject.is_a?(User)
-        anonymous_user_abilities
       else
         []
       end
     end
 
-    def anonymous_user_abilities
-      [:read_user] unless restricted_public_level?
-    end
-
     def global_abilities(user)
       rules = []
       rules << :create_group if user.can_create_group
@@ -136,10 +129,6 @@ class Ability
       rules
     end
 
-    def user_abilities
-      [:read_user]
-    end
-
     def restricted_public_level?
       current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
     end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
new file mode 100644
index 00000000000..03a2499e263
--- /dev/null
+++ b/app/policies/user_policy.rb
@@ -0,0 +1,11 @@
+class UserPolicy < BasePolicy
+  include Gitlab::CurrentSettings
+
+  def rules
+    can! :read_user if @user || !restricted_public_level?
+  end
+
+  def restricted_public_level?
+    current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
+  end
+end