Align web IDE access permissions across features and components

Summary

At the moment, you can access the web IDE through several places in the UI (clicking the Web IDE button) but also directly using the URL. In several places of the UI, we check that the user can fork the project and also create a merge request on it.

Nevertheless, when we access the web IDE directly, we just check for read permissions.

There is no security problem since every action is checked against the user but we should be consistent whether showing the web IDE or an error.

Steps to reproduce

• Create a public project
• With a user who is not a member of the project, click the "Web IDE" button (an error message will appear)
• With the same user, access directly the web IDE url for that project (no error will appear).

What is the current bug behavior?

Different access policies used for accessing the same resource, the web IDE.

What is the expected correct behavior?

We use the same behavior for accessing the web IDE.

Possible fixes

Instead of spreading the access rights checkings, I would create the policy access_web_ide or read_web_ide and there I would add all the necessary access rights needed to access the web IDE.

Then we would have to replace the existing checks and use that one. I have identified the following files to change (but there can be more):

• https://gitlab.com/gitlab-org/gitlab/blob/master/app%2Fcontrollers%2Fprojects%2Fusage_ping_controller.rb#L6
• https://gitlab.com/gitlab-org/gitlab/blob/master/app/controllers/ide_controller.rb#L6
• https://gitlab.com/gitlab-org/gitlab/blob/master/app/views/projects/tree/_tree_header.html.haml#L87
• https://gitlab.com/gitlab-org/gitlab/blob/master/app/views/projects/blob/_header.html.haml#L16

/cc @dsatcher @phikai