diff --git a/app/models/ability.rb b/app/models/ability.rb
index 6e727ca7b5693c7f113b270ed1bc2c82ba84e6fb..b4a9adb5ffcca528aab633c2438c2bbe672471b9 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -246,20 +246,16 @@ class Ability
[:issue, :note, :project_snippet, :personal_snippet, :merge_request].each do |name|
define_method "#{name}_abilities" do |user, subject|
- if subject.author == user || user.is_admin?
- rules = [
+ if user.is_admin?
+ [
:"read_#{name}",
- :"write_#{name}",
- :"modify_#{name}",
+ :"update_#{name}",
:"admin_#{name}"
]
- rules.push(:change_visibility_level) if subject.is_a?(Snippet)
- rules
- elsif subject.respond_to?(:assignee) && subject.assignee == user
+ elsif subject.author == user || (subject.respond_to?(:assignee) && subject.assignee == user)
[
:"read_#{name}",
- :"write_#{name}",
- :"modify_#{name}",
+ :"update_#{name}",
]
else
if subject.respond_to?(:project) && subject.project
@@ -299,8 +295,8 @@ class Ability
def named_abilities(name)
[
:"read_#{name}",
- :"write_#{name}",
- :"modify_#{name}",
+ :"create_#{name}",
+ :"update_#{name}",
:"admin_#{name}"
]
end
diff --git a/app/services/update_snippet_service.rb b/app/services/update_snippet_service.rb
index 9d181c2d2aba1d3edaaa84cbe37c129105feea2a..e9328bb7323a3daafaf406d98c1be86334fa74b3 100644
--- a/app/services/update_snippet_service.rb
+++ b/app/services/update_snippet_service.rb
@@ -9,9 +9,9 @@ class UpdateSnippetService < BaseService
def execute
# check that user is allowed to set specified visibility_level
new_visibility = params[:visibility_level]
+
if new_visibility && new_visibility.to_i != snippet.visibility_level
- unless can?(current_user, :change_visibility_level, snippet) &&
- Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
+ unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
deny_visibility_level(snippet, new_visibility)
return snippet
end