1 files changed, 13 insertions, 4 deletions

diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index 64395f69c42..833d5b9bd34 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -75,6 +75,8 @@ class GroupPolicy < BasePolicy
   with_scope :subject
   condition(:has_project_with_service_desk_enabled) { @subject.has_project_with_service_desk_enabled? }
 
+  condition(:crm_enabled, score: 0, scope: :subject) { Feature.enabled?(:customer_relations, @subject) }
+
   rule { can?(:read_group) & design_management_enabled }.policy do
     enable :read_design_activity
   end
@@ -113,8 +115,8 @@ class GroupPolicy < BasePolicy
     enable :read_group_member
     enable :read_custom_emoji
     enable :read_counts
-    enable :read_organization
-    enable :read_contact
+    enable :read_crm_organization
+    enable :read_crm_contact
   end
 
   rule { ~public_group & ~has_access }.prevent :read_counts
@@ -134,8 +136,8 @@ class GroupPolicy < BasePolicy
     enable :create_package
     enable :create_package_settings
     enable :developer_access
-    enable :admin_organization
-    enable :admin_contact
+    enable :admin_crm_organization
+    enable :admin_crm_contact
   end
 
   rule { reporter }.policy do
@@ -252,6 +254,13 @@ class GroupPolicy < BasePolicy
     enable :read_label
   end
 
+  rule { ~crm_enabled }.policy do
+    prevent :read_crm_contact
+    prevent :read_crm_organization
+    prevent :admin_crm_contact
+    prevent :admin_crm_organization
+  end
+
   def access_level(for_any_session: false)
     return GroupMember::NO_ACCESS if @user.nil?
     return GroupMember::NO_ACCESS unless user_is_user?