Add latest changes from gitlab-org/gitlab@13-2-stable-ee

1 files changed, 17 insertions, 0 deletions

diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index b1b52d62b85..62f66093875 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -42,6 +42,14 @@ class GroupPolicy < BasePolicy
     @subject.subgroup_creation_level == ::Gitlab::Access::MAINTAINER_SUBGROUP_ACCESS
   end
 
+  condition(:design_management_enabled) do
+    group_projects_for(user: @user, group: @subject, only_owned: false).any? { |p| p.design_management_enabled? }
+  end
+
+  rule { design_management_enabled }.policy do
+    enable :read_design_activity
+  end
+
   rule { public_group }.policy do
     enable :read_group
     enable :read_package
@@ -59,6 +67,10 @@ class GroupPolicy < BasePolicy
     enable :update_max_artifacts_size
   end
 
+  rule { can?(:read_all_resources) }.policy do
+    enable :read_confidential_issues
+  end
+
   rule { has_projects }.policy do
     enable :read_group
   end
@@ -70,6 +82,10 @@ class GroupPolicy < BasePolicy
     enable :read_board
   end
 
+  rule { ~can?(:read_group) }.policy do
+    prevent :read_design_activity
+  end
+
   rule { has_access }.enable :read_namespace
 
   rule { developer }.policy do
@@ -87,6 +103,7 @@ class GroupPolicy < BasePolicy
     enable :admin_list
     enable :admin_issue
     enable :read_metrics_dashboard_annotation
+    enable :read_prometheus
   end
 
   rule { maintainer }.policy do