* Prevent creating notes on inaccessible MRs
This applies the notes rules at the MR scope. Rather than adding extra
rules to the Project level policy, preventing :create_note here is
better since it only prevents creating notes on MRs.
* Prevent creating notes in inaccessible Issues
without this policy, non-team-members are allowed to comment on issues
even when the project has the private-issues policy set. This means that
without this change, users are allowed to comment on issues that they
cannot read.
* Add CHANGELOG entry
When a Merge request is merged, shows only the Report abuse menu item
in the dropdown menu instead of showing the close_reopen_report toggle
with an unusable Close button.
The Report abuse is still hidden when the author of the Merge request
is the current_user.
Hides the Reopen button on a closed and locked issue when the
issue.author is not the current_user
GitLab Bot