Rename :full_private_access policy ability to :read_all_resources

app/models/user.rb

@@ -1454,7 +1454,7 @@ class User < ApplicationRecord
   # Does the user have access to all private groups & projects?
   # Overridden in EE to also check auditor?
   def full_private_access?
-    can?(:full_private_access)
+    can?(:read_all_resources)
   end
 
   def update_two_factor_requirement

app/policies/base_policy.rb

@@ -36,11 +36,11 @@ class BasePolicy < DeclarativePolicy::Base
     ::Gitlab::ExternalAuthorization.perform_check?
   end
 
-  rule { external_authorization_enabled & ~can?(:full_private_access) }.policy do
+  rule { external_authorization_enabled & ~can?(:read_all_resources) }.policy do
     prevent :read_cross_project
   end
 
-  rule { admin }.enable :full_private_access
+  rule { admin }.enable :read_all_resources
 
   rule { default }.enable :read_cross_project
 end

app/policies/personal_snippet_policy.rb

@@ -30,5 +30,5 @@ class PersonalSnippetPolicy < BasePolicy
 
   rule { can?(:create_note) }.enable :award_emoji
 
-  rule { can?(:full_private_access) }.enable :read_personal_snippet
+  rule { can?(:read_all_resources) }.enable :read_personal_snippet
 end

app/policies/project_snippet_policy.rb

@@ -28,7 +28,7 @@ class ProjectSnippetPolicy < BasePolicy
     all?(private_snippet | (internal_snippet & external_user),
          ~project.guest,
          ~is_author,
-         ~can?(:full_private_access))
+         ~can?(:read_all_resources))
   end.prevent :read_project_snippet
 
   rule { internal_snippet & ~is_author & ~admin }.policy do

ee/app/policies/ee/base_policy.rb

@@ -20,7 +20,7 @@ module EE
       with_scope :global
       condition(:license_block) { License.block_changes? }
 
-      rule { auditor }.enable :full_private_access
+      rule { auditor }.enable :read_all_resources
     end
   end
 end

ee/spec/models/issue_spec.rb

@@ -144,7 +144,7 @@ describe Issue do
 
     describe 'when a user cannot read cross project' do
       it 'only returns issues within the same project' do
-        expect(Ability).to receive(:allowed?).with(user, :full_private_access, :global).and_call_original
+        expect(Ability).to receive(:allowed?).with(user, :read_all_resources, :global).and_call_original
         expect(Ability).to receive(:allowed?).with(user, :read_cross_project).and_return(false)
 
         expect(authorized_issue_a.related_issues(user))

ee/spec/policies/base_policy_spec.rb

@@ -21,9 +21,9 @@ describe BasePolicy, :do_not_mock_admin_mode do
     end
   end
 
-  describe 'full private access' do
+  describe 'read all resources' do
     it 'allows auditors' do
-      is_expected.to be_allowed(:full_private_access)
+      is_expected.to be_allowed(:read_all_resources)
     end
   end
 end

spec/policies/base_policy_spec.rb

@@ -60,7 +60,7 @@ describe BasePolicy, :do_not_mock_admin_mode do
 
     subject { described_class.new(current_user, nil) }
 
-    it { is_expected.not_to be_allowed(:full_private_access) }
+    it { is_expected.not_to be_allowed(:read_all_resources) }
 
     context 'for admins' do
       let(:current_user) { build(:admin) }
@@ -68,11 +68,11 @@ describe BasePolicy, :do_not_mock_admin_mode do
       it 'allowed when in admin mode' do
         enable_admin_mode!(current_user)
 
-        is_expected.to be_allowed(:full_private_access)
+        is_expected.to be_allowed(:read_all_resources)
       end
 
       it 'prevented when not in admin mode' do
-        is_expected.not_to be_allowed(:full_private_access)
+        is_expected.not_to be_allowed(:read_all_resources)
       end
     end
   end