Remove the `comment_personal_snippet` permissionremove-comment-personal-snippet-permission

This is now entirely handled by `create_note`:

1. Project snippets prevent `create_note`.
2. Uploads already only support routing for personal snippets.

This simplifies some policies and access checks, too!

2 files changed, 34 insertions, 19 deletions

diff --git a/spec/policies/personal_snippet_policy_spec.rb b/spec/policies/personal_snippet_policy_spec.rb
index a38e0dbd797..097000ceb6a 100644
--- a/spec/policies/personal_snippet_policy_spec.rb
+++ b/spec/policies/personal_snippet_policy_spec.rb
@@ -14,13 +14,6 @@ describe PersonalSnippetPolicy do
     ]
   end
 
-  let(:comment_permissions) do
-    [
-      :comment_personal_snippet,
-      :create_note
-    ]
-  end
-
   def permissions(user)
     described_class.new(user, snippet)
   end
@@ -33,7 +26,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to be_disallowed(*comment_permissions)
+        is_expected.to be_disallowed(:create_note)
         is_expected.to be_disallowed(:award_emoji)
         is_expected.to be_disallowed(*author_permissions)
       end
@@ -44,7 +37,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to be_allowed(*comment_permissions)
+        is_expected.to be_allowed(:create_note)
         is_expected.to be_allowed(:award_emoji)
         is_expected.to be_disallowed(*author_permissions)
       end
@@ -55,7 +48,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to be_allowed(*comment_permissions)
+        is_expected.to be_allowed(:create_note)
         is_expected.to be_allowed(:award_emoji)
         is_expected.to be_allowed(*author_permissions)
       end
@@ -70,7 +63,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.to be_disallowed(*comment_permissions)
+        is_expected.to be_disallowed(:create_note)
         is_expected.to be_disallowed(:award_emoji)
         is_expected.to be_disallowed(*author_permissions)
       end
@@ -81,7 +74,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to be_allowed(*comment_permissions)
+        is_expected.to be_allowed(:create_note)
         is_expected.to be_allowed(:award_emoji)
         is_expected.to be_disallowed(*author_permissions)
       end
@@ -92,7 +85,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.to be_disallowed(*comment_permissions)
+        is_expected.to be_disallowed(:create_note)
         is_expected.to be_disallowed(:award_emoji)
         is_expected.to be_disallowed(*author_permissions)
       end
@@ -103,7 +96,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to be_allowed(*comment_permissions)
+        is_expected.to be_allowed(:create_note)
         is_expected.to be_allowed(:award_emoji)
         is_expected.to be_allowed(*author_permissions)
       end
@@ -118,7 +111,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.to be_disallowed(*comment_permissions)
+        is_expected.to be_disallowed(:create_note)
         is_expected.to be_disallowed(:award_emoji)
         is_expected.to be_disallowed(*author_permissions)
       end
@@ -129,7 +122,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.to be_disallowed(*comment_permissions)
+        is_expected.to be_disallowed(:create_note)
         is_expected.to be_disallowed(:award_emoji)
         is_expected.to be_disallowed(*author_permissions)
       end
@@ -140,7 +133,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to be_disallowed(:comment_personal_snippet)
+        is_expected.to be_disallowed(:create_note)
         is_expected.to be_disallowed(:award_emoji)
         is_expected.to be_disallowed(*author_permissions)
       end
@@ -151,7 +144,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_disallowed(:read_personal_snippet)
-        is_expected.to be_disallowed(*comment_permissions)
+        is_expected.to be_disallowed(:create_note)
         is_expected.to be_disallowed(:award_emoji)
         is_expected.to be_disallowed(*author_permissions)
       end
@@ -162,7 +155,7 @@ describe PersonalSnippetPolicy do
 
       it do
         is_expected.to be_allowed(:read_personal_snippet)
-        is_expected.to be_allowed(*comment_permissions)
+        is_expected.to be_allowed(:create_note)
         is_expected.to be_allowed(:award_emoji)
         is_expected.to be_allowed(*author_permissions)
       end
diff --git a/spec/routing/uploads_routing_spec.rb b/spec/routing/uploads_routing_spec.rb
new file mode 100644
index 00000000000..6a041ffdd6c
--- /dev/null
+++ b/spec/routing/uploads_routing_spec.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Uploads', 'routing' do
+  it 'allows creating uploads for personal snippets' do
+    expect(post('/uploads/personal_snippet?id=1')).to route_to(
+      controller: 'uploads',
+      action: 'create',
+      model: 'personal_snippet',
+      id: '1'
+    )
+  end
+
+  it 'does not allow creating uploads for other models' do
+    UploadsController::MODEL_CLASSES.keys.compact.each do |model|
+      next if model == 'personal_snippet'
+
+      expect(post("/uploads/#{model}?id=1")).not_to be_routable
+    end
+  end
+end