Merge branch 'allow-owner-to-run-ci-builds' into 'master'

Allow owners to fetch source code in CI builds

Due to different way of handling owners of a project, they were not allowed to fetch CI sources for project.

This adds a separate code path for handling owners, that are not admins.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23437

See merge request !6943

1 files changed, 8 insertions, 4 deletions

diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index fbb3d4507d6..1ee31023e26 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -2,11 +2,11 @@ class ProjectPolicy < BasePolicy
   def rules
     team_access!(user)
 
-    owner = user.admin? ||
-            project.owner == user ||
+    owner = project.owner == user ||
             (project.group && project.group.has_owner?(user))
 
-    owner_access! if owner
+    owner_access! if user.admin? || owner
+    team_member_owner_access! if owner
 
     if project.public? || (project.internal? && !user.external?)
       guest_access!
@@ -16,7 +16,7 @@ class ProjectPolicy < BasePolicy
       can! :read_build if project.public_builds?
 
       if project.request_access_enabled &&
-         !(owner || project.team.member?(user) || project_group_member?(user))
+         !(owner || user.admin? || project.team.member?(user) || project_group_member?(user))
         can! :request_access
       end
     end
@@ -135,6 +135,10 @@ class ProjectPolicy < BasePolicy
     can! :destroy_issue
   end
 
+  def team_member_owner_access!
+    team_member_reporter_access!
+  end
+
   # Push abilities on the users team role
   def team_access!(user)
     access = project.team.max_member_access(user.id)