Projects members tab should follow visibility levels

app/models/ability.rb

@@ -154,17 +154,9 @@ class Ability
       end
     end
 
-    def project_member_rules(team, user)
-      all_members_rules = []
-
-      #Rules only for members which does not include public behavior
-      all_members_rules << :read_members_list if team.members.include?(user)
-      all_members_rules
-    end
-
     def project_team_rules(team, user)
       # Rules based on role in project
-      filtered_rules = if team.master?(user)
+      if team.master?(user)
         project_master_rules
       elsif team.developer?(user)
         project_dev_rules
@@ -173,8 +165,6 @@ class Ability
       elsif team.guest?(user)
         project_guest_rules
       end
-
-      Array(filtered_rules) + project_member_rules(team, user)
     end
 
     def public_project_rules
@@ -199,7 +189,8 @@ class Ability
         :create_project,
         :create_issue,
         :create_note,
-        :upload_file
+        :upload_file,
+        :read_members_list
       ]
     end
 

spec/controllers/projects/project_members_controller_spec.rb

@@ -48,7 +48,7 @@ describe Projects::ProjectMembersController do
   end
 
   describe 'index' do
-    let(:project) { create(:project, :internal) }
+    let(:project) { create(:project, :private) }
 
     context 'when user is member' do
       let(:member) { create(:user) }
@@ -59,18 +59,7 @@ describe Projects::ProjectMembersController do
         get :index, namespace_id: project.namespace.to_param, project_id: project.to_param
       end
 
-       it { expect(response.status).to eq(200) }
-    end
-
-    context 'when user is not member' do
-      let(:not_member) { create(:user) }
-
-      before do
-        sign_in(not_member)
-        get :index, namespace_id: project.namespace.to_param, project_id: project.to_param
-      end
-
-      it { expect(response.status).to eq(403) }
+      it { expect(response.status).to eq(200) }
     end
   end
 end

spec/features/security/project/internal_access_spec.rb

@@ -101,12 +101,12 @@ describe "Internal Project Access", feature: true  do
     it { is_expected.to be_allowed_for :admin }
     it { is_expected.to be_allowed_for owner }
     it { is_expected.to be_allowed_for master }
-    it { is_expected.to be_denied_for developer }
-    it { is_expected.to be_denied_for reporter }
-    it { is_expected.to be_denied_for guest }
-    it { is_expected.to be_denied_for :user }
-    it { is_expected.to be_denied_for :external }
+    it { is_expected.to be_allowed_for developer }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_allowed_for guest }
+    it { is_expected.to be_allowed_for :user }
     it { is_expected.to be_denied_for :visitor }
+    it { is_expected.to be_denied_for :external }
   end
 
   describe "GET /:project_path/blob" do

spec/features/security/project/private_access_spec.rb

@@ -101,9 +101,9 @@ describe "Private Project Access", feature: true  do
     it { is_expected.to be_allowed_for :admin }
     it { is_expected.to be_allowed_for owner }
     it { is_expected.to be_allowed_for master }
-    it { is_expected.to be_denied_for developer }
-    it { is_expected.to be_denied_for reporter }
-    it { is_expected.to be_denied_for guest }
+    it { is_expected.to be_allowed_for developer }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_allowed_for guest }
     it { is_expected.to be_denied_for :user }
     it { is_expected.to be_denied_for :external }
     it { is_expected.to be_denied_for :visitor }

spec/features/security/project/public_access_spec.rb

@@ -101,12 +101,12 @@ describe "Public Project Access", feature: true  do
     it { is_expected.to be_allowed_for :admin }
     it { is_expected.to be_allowed_for owner }
     it { is_expected.to be_allowed_for master }
-    it { is_expected.to be_denied_for developer }
-    it { is_expected.to be_denied_for reporter }
-    it { is_expected.to be_denied_for guest }
-    it { is_expected.to be_denied_for :user }
-    it { is_expected.to be_denied_for :external }
-    it { is_expected.to be_denied_for :visitor }
+    it { is_expected.to be_allowed_for developer }
+    it { is_expected.to be_allowed_for reporter }
+    it { is_expected.to be_allowed_for guest }
+    it { is_expected.to be_allowed_for :user }
+    it { is_expected.to be_allowed_for :visitor }
+    it { is_expected.to be_allowed_for :external }
   end
 
   describe "GET /:project_path/builds" do