8 files changed, 20 insertions, 55 deletions
diff --git a/app/assets/stylesheets/startup/startup-dark.scss b/app/assets/stylesheets/startup/startup-dark.scss
index d0189a72311..c9fd9eef0b8 100644
--- a/app/assets/stylesheets/startup/startup-dark.scss
+++ b/app/assets/stylesheets/startup/startup-dark.scss
@@ -149,10 +149,6 @@ h1 {
   color: transparent;
   text-shadow: 0 0 0 #fafafa;
 }
-.form-control::-ms-input-placeholder {
-  color: #bfbfbf;
-  opacity: 1;
-}
 .form-control::placeholder {
   color: #bfbfbf;
   opacity: 1;
@@ -179,7 +175,6 @@ h1 {
   color: #fafafa;
   text-align: center;
   vertical-align: middle;
-  -moz-user-select: none;
   user-select: none;
   background-color: transparent;
   border: 1px solid transparent;
@@ -630,9 +625,6 @@ input {
   border-radius: 4px;
   padding: 6px 10px;
 }
-.form-control::-ms-input-placeholder {
-  color: #868686;
-}
 .form-control::placeholder {
   color: #868686;
 }
@@ -1474,7 +1466,6 @@ svg.s16 {
   top: 4px;
 }
 .search .search-input-wrap .search-icon {
-  -moz-user-select: none;
   user-select: none;
 }
 .search .search-input-wrap .clear-icon {
@@ -1688,9 +1679,6 @@ body.gl-dark
 body.gl-dark .search form {
   background-color: rgba(250, 250, 250, 0.2);
 }
-body.gl-dark .search .search-input::-ms-input-placeholder {
-  color: rgba(250, 250, 250, 0.8);
-}
 body.gl-dark .search .search-input::placeholder {
   color: rgba(250, 250, 250, 0.8);
 }
diff --git a/app/assets/stylesheets/startup/startup-general.scss b/app/assets/stylesheets/startup/startup-general.scss
index ca8e4db31f8..b3545c53836 100644
--- a/app/assets/stylesheets/startup/startup-general.scss
+++ b/app/assets/stylesheets/startup/startup-general.scss
@@ -130,10 +130,6 @@ h1 {
   color: transparent;
   text-shadow: 0 0 0 #303030;
 }
-.form-control::-ms-input-placeholder {
-  color: #5e5e5e;
-  opacity: 1;
-}
 .form-control::placeholder {
   color: #5e5e5e;
   opacity: 1;
@@ -160,7 +156,6 @@ h1 {
   color: #303030;
   text-align: center;
   vertical-align: middle;
-  -moz-user-select: none;
   user-select: none;
   background-color: transparent;
   border: 1px solid transparent;
@@ -611,9 +606,6 @@ input {
   border-radius: 4px;
   padding: 6px 10px;
 }
-.form-control::-ms-input-placeholder {
-  color: #868686;
-}
 .form-control::placeholder {
   color: #868686;
 }
@@ -1455,7 +1447,6 @@ svg.s16 {
   top: 4px;
 }
 .search .search-input-wrap .search-icon {
-  -moz-user-select: none;
   user-select: none;
 }
 .search .search-input-wrap .clear-icon {
diff --git a/app/assets/stylesheets/startup/startup-signin.scss b/app/assets/stylesheets/startup/startup-signin.scss
index 34f1a7d26e4..070ab36e0b3 100644
--- a/app/assets/stylesheets/startup/startup-signin.scss
+++ b/app/assets/stylesheets/startup/startup-signin.scss
@@ -198,10 +198,6 @@ hr {
   color: transparent;
   text-shadow: 0 0 0 #303030;
 }
-.form-control::-ms-input-placeholder {
-  color: #5e5e5e;
-  opacity: 1;
-}
 .form-control::placeholder {
   color: #5e5e5e;
   opacity: 1;
@@ -229,7 +225,6 @@ hr {
   color: #303030;
   text-align: center;
   vertical-align: middle;
-  -moz-user-select: none;
   user-select: none;
   background-color: transparent;
   border: 1px solid transparent;
@@ -319,13 +314,6 @@ fieldset:disabled a.btn {
   appearance: none;
   -moz-appearance: none;
 }
-.gl-form-input:not(.form-control-plaintext):-moz-read-only,
-.gl-form-input.form-control:not(.form-control-plaintext):-moz-read-only {
-  background-color: #fafafa;
-  color: #868686;
-  box-shadow: inset 0 0 0 1px #dbdbdb;
-  cursor: not-allowed;
-}
 .gl-form-input:disabled,
 .gl-form-input:not(.form-control-plaintext):read-only,
 .gl-form-input.form-control:disabled,
@@ -335,10 +323,6 @@ fieldset:disabled a.btn {
   box-shadow: inset 0 0 0 1px #dbdbdb;
   cursor: not-allowed;
 }
-.gl-form-input::-ms-input-placeholder,
-.gl-form-input.form-control::-ms-input-placeholder {
-  color: #868686;
-}
 .gl-form-input::placeholder,
 .gl-form-input.form-control::placeholder {
   color: #868686;
@@ -495,7 +479,6 @@ hr {
   z-index: 1;
 }
 .flash-container.sticky {
-  position: -webkit-sticky;
   position: sticky;
   top: 48px;
   z-index: 251;
@@ -521,9 +504,6 @@ label.label-bold {
   border-radius: 4px;
   padding: 6px 10px;
 }
-.form-control::-ms-input-placeholder {
-  color: #868686;
-}
 .form-control::placeholder {
   color: #868686;
 }
diff --git a/app/graphql/mutations/release_asset_links/create.rb b/app/graphql/mutations/release_asset_links/create.rb
index 02704efb47c..ff9d98d2c0f 100644
--- a/app/graphql/mutations/release_asset_links/create.rb
+++ b/app/graphql/mutations/release_asset_links/create.rb
@@ -33,6 +33,10 @@ module Mutations
           return { link: nil, errors: [message] }
         end
 
+        unless Ability.allowed?(current_user, :update_release, release)
+          raise_resource_not_available_error!
+        end
+
         new_link = release.links.create(link_attrs)
 
         unless new_link.persisted?
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 3cb4644a60d..81131c7157c 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -158,6 +158,10 @@ class ProjectPolicy < BasePolicy
     ::Feature.enabled?(:build_service_proxy, @subject)
   end
 
+  condition(:respect_protected_tag_for_release_permissions) do
+    ::Feature.enabled?(:evalute_protected_tag_for_release_permissions, @subject, default_enabled: :yaml)
+  end
+
   condition(:user_defined_variables_allowed) do
     !@subject.restrict_user_defined_variables?
   end
@@ -649,6 +653,10 @@ class ProjectPolicy < BasePolicy
 
   rule { build_service_proxy_enabled }.enable :build_service_proxy_enabled
 
+  rule { respect_protected_tag_for_release_permissions & can?(:developer_access) }.policy do
+    enable :destroy_release
+  end
+
   rule { can?(:download_code) }.policy do
     enable :read_repository_graphs
   end
diff --git a/app/policies/release_policy.rb b/app/policies/release_policy.rb
index 6f99eb34bb3..bff80d83bef 100644
--- a/app/policies/release_policy.rb
+++ b/app/policies/release_policy.rb
@@ -13,21 +13,9 @@ class ReleasePolicy < BasePolicy
     ::Feature.enabled?(:evalute_protected_tag_for_release_permissions, @subject.project, default_enabled: :yaml)
   end
 
-  condition(:project_developer) do
-    can?(:developer_access, @subject.project)
-  end
-
   rule { respect_protected_tag & protected_tag }.policy do
     prevent :create_release
     prevent :update_release
     prevent :destroy_release
   end
-
-  # NOTE: Developer role (or above) can create, update and destroy release entries.
-  # When we remove the `evalute_protected_tag_for_release_permissions` feature flag,
-  # we should move `enable :destroy_release` to ProjectPolicy alongside with .
-  # See https://gitlab.com/gitlab-org/gitlab/-/issues/327505 for more information.
-  rule { respect_protected_tag & project_developer }.policy do
-    enable :destroy_release
-  end
 end
diff --git a/app/policies/releases/link_policy.rb b/app/policies/releases/link_policy.rb
index 4a662fafb2f..67a94733c7d 100644
--- a/app/policies/releases/link_policy.rb
+++ b/app/policies/releases/link_policy.rb
@@ -2,6 +2,6 @@
 
 module Releases
   class LinkPolicy < BasePolicy
-    delegate { @subject.release.project }
+    delegate { @subject.release }
   end
 end
diff --git a/app/services/releases/create_service.rb b/app/services/releases/create_service.rb
index 52d95872414..2aac5644b84 100644
--- a/app/services/releases/create_service.rb
+++ b/app/services/releases/create_service.rb
@@ -44,7 +44,13 @@ module Releases
     end
 
     def allowed?
-      Ability.allowed?(current_user, :create_release, project)
+      Ability.allowed?(current_user, :create_release, project) && can_create_tag?
+    end
+
+    def can_create_tag?
+      return true unless ::Feature.enabled?(:evalute_protected_tag_for_release_permissions, project, default_enabled: :yaml)
+
+      ::Gitlab::UserAccess.new(current_user, container: project).can_create_tag?(tag_name)
     end
 
     def create_release(tag, evidence_pipeline)