1 files changed, 12 insertions, 3 deletions

diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 87573c9ad13..d81db357162 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -47,6 +47,9 @@ class ProjectPolicy < BasePolicy
   desc "Project is archived"
   condition(:archived, scope: :subject, score: 0) { project.archived? }
 
+  desc "Project is in the process of being deleted"
+  condition(:pending_delete) { project.pending_delete? }
+
   condition(:default_issues_tracker, scope: :subject) { project.default_issues_tracker? }
 
   desc "Container registry is disabled"
@@ -248,7 +251,7 @@ class ProjectPolicy < BasePolicy
     enable :read_insights
   end
 
-  rule { can?(:guest_access) & can?(:create_issue) }.enable :create_incident
+  rule { can?(:reporter_access) & can?(:create_issue) }.enable :create_incident
 
   # These abilities are not allowed to admins that are not members of the project,
   # that's why they are defined separately.
@@ -439,7 +442,7 @@ class ProjectPolicy < BasePolicy
     enable :destroy_freeze_period
     enable :admin_feature_flags_client
     enable :update_runners_registration_token
-    enable :manage_project_google_cloud
+    enable :admin_project_google_cloud
   end
 
   rule { public_project & metrics_dashboard_allowed }.policy do
@@ -457,7 +460,13 @@ class ProjectPolicy < BasePolicy
     prevent(*readonly_abilities)
 
     readonly_features.each do |feature|
-      prevent(*create_update_admin_destroy(feature))
+      prevent(*create_update_admin(feature))
+    end
+  end
+
+  rule { archived & ~pending_delete }.policy do
+    readonly_features.each do |feature|
+      prevent(:"destroy_#{feature}")
     end
   end