Extract EE-specific lines from MRs controller

Move access checks to their own method so they can be overridden, and
port an EE-only method to exist in CE too, with an EE-specific override.

app/controllers/projects/merge_requests_controller.rb

@@ -11,7 +11,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   prepend ::EE::Projects::MergeRequestsController
 
   skip_before_action :merge_request, only: [:index, :bulk_update]
-  before_action :whitelist_query_limiting_ee, only: [:merge, :show]
   before_action :whitelist_query_limiting, only: [:assign_related_issues, :update]
   before_action :authorize_update_issuable!, only: [:close, :edit, :update, :remove_wip, :sort]
   before_action :set_issuables_index, only: [:index]
@@ -171,8 +170,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   end
 
   def merge
-    return access_denied! unless @merge_request.can_be_merged_by?(current_user)
-    return render_404 unless @merge_request.approved?
+    access_check_result = merge_access_check
+
+    return access_check_result if access_check_result
 
     status = merge!
 
@@ -260,9 +260,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
       return :failed
     end
 
-    merge_request_service = ::MergeRequests::MergeService.new(@project, current_user, merge_params)
+    merge_service = ::MergeRequests::MergeService.new(@project, current_user, merge_params)
 
-    unless merge_request_service.hooks_validation_pass?(@merge_request)
+    unless merge_service.hooks_validation_pass?(@merge_request)
       return :hook_validation_error
     end
 
@@ -328,13 +328,12 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
     access_denied! unless access_check
   end
 
+  def merge_access_check
+    access_denied! unless @merge_request.can_be_merged_by?(current_user)
+  end
+
   def whitelist_query_limiting
     # Also see https://gitlab.com/gitlab-org/gitlab-ce/issues/42441
     Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42438')
   end
-
-  def whitelist_query_limiting_ee
-    # Also see https://gitlab.com/gitlab-org/gitlab-ee/issues/4793
-    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4792')
-  end
 end

app/services/merge_requests/merge_service.rb

@@ -51,6 +51,11 @@ module MergeRequests
       end
     end
 
+    # Overridden in EE.
+    def hooks_validation_pass?(_merge_request)
+      true
+    end
+
     private
 
     def error_check!

ee/app/controllers/ee/projects/merge_requests_controller.rb

@@ -5,6 +5,11 @@ module EE
 
       APPROVAL_RENDERING_ACTIONS = [:approve, :approvals, :unapprove].freeze
 
+      prepended do
+        before_action :whitelist_query_limiting_ee_merge, only: [:merge]
+        before_action :whitelist_query_limiting_ee_show, only: [:show]
+      end
+
       def approve
         unless merge_request.can_approve?(current_user)
           return render_404
@@ -59,6 +64,23 @@ module EE
           end
         end
       end
+
+      private
+
+      def merge_access_check
+        super_result = super
+
+        return super_result if super_result
+        return render_404 unless @merge_request.approved?
+      end
+
+      def whitelist_query_limiting_ee_merge
+        ::Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4792')
+      end
+
+      def whitelist_query_limiting_ee_show
+        ::Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4793')
+      end
     end
   end
 end

ee/app/services/ee/merge_requests/merge_service.rb

@@ -10,6 +10,7 @@ module EE
         super
       end
 
+      override :hooks_validation_pass?
       def hooks_validation_pass?(merge_request)
         # handle_merge_error needs this. We should move that to a separate
         # object instead of relying on the order of method calls.