Code fixes

app/controllers/projects/project_members_controller.rb

 class Projects::ProjectMembersController < Projects::ApplicationController
   # Authorize
   before_action :authorize_admin_project_member!, except: :leave
-  before_action :authorize_read_project_members, only: :index
 
   def index
     @project_members = @project.project_members
@@ -113,10 +112,4 @@ class Projects::ProjectMembersController < Projects::ApplicationController
   def member_params
     params.require(:project_member).permit(:user_id, :access_level)
   end
-
-  private
-
-  def authorize_read_project_members
-    can?(current_user, :read_project_members, @project)
-  end
 end

app/controllers/users_controller.rb

 class UsersController < ApplicationController
   skip_before_action :authenticate_user!
-  before_action :set_user, except: [:show]
+  before_action :user
   before_action :authorize_read_user!, only: [:show]
 
   def show
@@ -77,26 +77,25 @@ class UsersController < ApplicationController
   private
 
   def authorize_read_user!
-    set_user
-    render_404 unless can?(current_user, :read_user, @user)
+    render_404 unless can?(current_user, :read_user, user)
   end
 
-  def set_user
-    @user = User.find_by_username!(params[:username])
+  def user
+    @user ||= User.find_by_username!(params[:username])
   end
 
   def contributed_projects
-    ContributedProjectsFinder.new(@user).execute(current_user)
+    ContributedProjectsFinder.new(user).execute(current_user)
   end
 
   def contributions_calendar
     @contributions_calendar ||= Gitlab::ContributionsCalendar.
-      new(contributed_projects, @user)
+      new(contributed_projects, user)
   end
 
   def load_events
     # Get user activity feed for projects common for both users
-    @events = @user.recent_events.
+    @events = user.recent_events.
       merge(projects_for_current_user).
       references(:project).
       with_associations.
@@ -105,16 +104,16 @@ class UsersController < ApplicationController
 
   def load_projects
     @projects =
-      PersonalProjectsFinder.new(@user).execute(current_user)
+      PersonalProjectsFinder.new(user).execute(current_user)
       .page(params[:page])
   end
 
   def load_contributed_projects
-    @contributed_projects = contributed_projects.joined(@user)
+    @contributed_projects = contributed_projects.joined(user)
   end
 
   def load_groups
-    @groups = JoinedGroupsFinder.new(@user).execute(current_user)
+    @groups = JoinedGroupsFinder.new(user).execute(current_user)
   end
 
   def projects_for_current_user

app/models/ability.rb

 class Ability
-
   class << self
     def allowed(user, subject)
       return anonymous_abilities(user, subject) if user.nil?
@@ -58,7 +57,6 @@ class Ability
           :read_label,
           :read_milestone,
           :read_project_snippet,
-          :read_project_member,
           :read_merge_request,
           :read_note,
           :read_commit_status,
@@ -71,8 +69,6 @@ class Ability
         # Allow to read issues by anonymous user if issue is not confidential
         rules << :read_issue unless subject.is_a?(Issue) && subject.confidential?
 
-        rules << :read_project_member unless restricted_public_level?
-
         rules - project_disabled_features_rules(project)
       else
         []
@@ -96,9 +92,8 @@ class Ability
               end
 
       if group
-        rules << [:read_group] if group.public?
-
-        rules << [:read_group_members] unless restricted_public_level?
+        rules << :read_group if group.public?
+        rules << :read_group_members unless restricted_public_level?
       end
 
       rules
@@ -156,7 +151,6 @@ class Ability
           rules -= project_archived_rules
         end
 
-        rules << :read_project_members
         rules - project_disabled_features_rules(project)
       end
     end

app/views/layouts/nav/_project.html.haml

@@ -77,7 +77,7 @@
           Merge Requests
           %span.count.merge_counter= number_with_delimiter(@project.merge_requests.opened.count)
 
-  - if project_nav_tab?(:settings) && can?(current_user, :read_project_members, @project)
+  - if project_nav_tab?(:settings)
     = nav_link(controller: [:project_members, :teams]) do
       = link_to namespace_project_project_members_path(@project.namespace, @project), title: 'Members', class: 'team-tab tab' do
         = icon('users fw')

spec/controllers/users_controller_spec.rb

@@ -41,7 +41,7 @@ describe UsersController do
       end
     end
 
-    context 'When public visibility level is restricted' do
+    context 'when public visibility level is restricted' do
       before do
         stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
       end