Move EE prepend/include calls to the end of models

This moves all instances of `prepend EE::Something` and `include
EE::Something` in models to the last line of the corresponding model.
This pushes EE specific code further down the files, reducing the
likelihood of developers running into merge conflicts.

app/models/appearance.rb

@@ -6,8 +6,6 @@ class Appearance < ActiveRecord::Base
   include ObjectStorage::BackgroundMove
   include WithUploads
 
-  prepend EE::Appearance
-
   cache_markdown_field :description
   cache_markdown_field :new_project_guidelines
 
@@ -31,3 +29,5 @@ class Appearance < ActiveRecord::Base
     end
   end
 end
+
+Appearance.prepend(EE::Appearance)

app/models/application_setting.rb

@@ -7,8 +7,6 @@ class ApplicationSetting < ActiveRecord::Base
   include IgnorableColumn
   include ChronicDurationAttribute
 
-  prepend EE::ApplicationSetting
-
   add_authentication_token_field :runners_registration_token
   add_authentication_token_field :health_check_access_token
 
@@ -489,3 +487,5 @@ class ApplicationSetting < ActiveRecord::Base
     Gitlab::PerformanceBar.expire_allowed_user_ids_cache
   end
 end
+
+ApplicationSetting.prepend(EE::ApplicationSetting)

app/models/audit_event.rb

 # frozen_string_literal: true
 
 class AuditEvent < ActiveRecord::Base
-  prepend EE::AuditEvent
-
   serialize :details, Hash # rubocop:disable Cop/ActiveRecordSerialize
 
   belongs_to :user, foreign_key: :author_id
@@ -21,3 +19,5 @@ class AuditEvent < ActiveRecord::Base
     self.user.name
   end
 end
+
+AuditEvent.prepend(EE::AuditEvent)

app/models/blob.rb

@@ -2,7 +2,6 @@
 
 # Blob is a Rails-specific wrapper around Gitlab::Git::Blob, SnippetBlob and Ci::ArtifactBlob
 class Blob < SimpleDelegator
-  prepend EE::Blob
   include Presentable
   include BlobLanguageFromGitAttributes
 
@@ -250,3 +249,5 @@ class Blob < SimpleDelegator
     classes.find { |viewer_class| viewer_class.can_render?(self, verify_binary: verify_binary) }
   end
 end
+
+Blob.prepend(EE::Blob)

app/models/board.rb

 # frozen_string_literal: true
 
 class Board < ActiveRecord::Base
-  prepend EE::Board
-
   belongs_to :group
   belongs_to :project
 
@@ -35,3 +33,5 @@ class Board < ActiveRecord::Base
     false
   end
 end
+
+Board.prepend(EE::Board)

app/models/broadcast_message.rb

 # frozen_string_literal: true
 
 class BroadcastMessage < ActiveRecord::Base
-  prepend EE::BroadcastMessage
   include CacheMarkdownField
   include Sortable
 
@@ -71,3 +70,5 @@ class BroadcastMessage < ActiveRecord::Base
     Rails.cache.delete(CACHE_KEY)
   end
 end
+
+BroadcastMessage.prepend(EE::BroadcastMessage)

app/models/ci/build.rb

@@ -10,7 +10,6 @@ module Ci
     include Importable
     include Gitlab::Utils::StrongMemoize
     include Deployable
-    prepend EE::Ci::Build
 
     belongs_to :project, inverse_of: :builds
     belongs_to :runner
@@ -930,3 +929,5 @@ module Ci
     end
   end
 end
+
+Ci::Build.prepend(EE::Ci::Build)

app/models/ci/job_artifact.rb

@@ -2,8 +2,6 @@
 
 module Ci
   class JobArtifact < ActiveRecord::Base
-    prepend EE::Ci::JobArtifact
-
     include AfterCommitQueue
     include ObjectStorage::BackgroundMove
     extend Gitlab::Ci::Model
@@ -192,3 +190,5 @@ module Ci
     end
   end
 end
+
+Ci::JobArtifact.prepend(EE::Ci::JobArtifact)

app/models/ci/runner.rb

@@ -8,8 +8,6 @@ module Ci
     include RedisCacheable
     include ChronicDurationAttribute
     include FromUnion
-    prepend EE::Ci::Runner
-
     enum access_level: {
       not_protected: 0,
       ref_protected: 1
@@ -321,3 +319,5 @@ module Ci
     end
   end
 end
+
+Ci::Runner.prepend(EE::Ci::Runner)

app/models/clusters/applications/prometheus.rb

@@ -14,8 +14,6 @@ module Clusters
       include ::Clusters::Concerns::ApplicationVersion
       include ::Clusters::Concerns::ApplicationData
 
-      prepend EE::Clusters::Applications::Prometheus
-
       default_value_for :version, VERSION
 
       state_machine :status do
@@ -79,3 +77,5 @@ module Clusters
     end
   end
 end
+
+Clusters::Applications::Prometheus.prepend(EE::Clusters::Applications::Prometheus)

app/models/clusters/cluster.rb

@@ -2,8 +2,6 @@
 
 module Clusters
   class Cluster < ActiveRecord::Base
-    prepend EE::Clusters::Cluster
-
     include Presentable
     include Gitlab::Utils::StrongMemoize
 
@@ -174,3 +172,5 @@ module Clusters
     end
   end
 end
+
+Clusters::Cluster.prepend(EE::Clusters::Cluster)

app/models/clusters/platforms/kubernetes.rb

@@ -8,8 +8,6 @@ module Clusters
       include EnumWithNil
       include AfterCommitQueue
 
-      prepend EE::KubernetesService
-
       RESERVED_NAMESPACES = %w(gitlab-managed-apps).freeze
 
       self.table_name = 'cluster_platforms_kubernetes'
@@ -240,3 +238,5 @@ module Clusters
     end
   end
 end
+
+Clusters::Platforms::Kubernetes.prepend(EE::KubernetesService)

app/models/concerns/issuable.rb

@@ -24,8 +24,6 @@ module Issuable
   include CreatedAtFilterable
   include UpdatedAtFilterable
 
-  prepend EE::Issuable
-
   # This object is used to gather issuable meta data for displaying
   # upvotes, downvotes, notes and closing merge requests count for issues and merge requests
   # lists avoiding n+1 queries and improving performance.
@@ -371,3 +369,8 @@ module Issuable
     old_title != title
   end
 end
+
+# We have to prepend into Issuable::ClassMethods, as otherwise the methods
+# defined in EE::Issuable will available on Issuable, and not
+# Issuable::ClassMethods (= what in turn is exposed to classes).
+Issuable::ClassMethods.prepend(EE::Issuable)

app/models/concerns/mentionable.rb

@@ -10,8 +10,6 @@
 module Mentionable
   extend ActiveSupport::Concern
 
-  prepend EE::Mentionable
-
   class_methods do
     # Indicate which attributes of the Mentionable to search for GFM references.
     def attr_mentionable(attr, options = {})
@@ -171,3 +169,5 @@ module Mentionable
     {}
   end
 end
+
+Mentionable.prepend(EE::Mentionable)

app/models/concerns/mentionable/reference_regexes.rb

@@ -2,7 +2,6 @@
 
 module Mentionable
   module ReferenceRegexes
-    prepend EE::Mentionable::ReferenceRegexes
     extend Gitlab::Utils::StrongMemoize
 
     def self.reference_pattern(link_patterns, issue_pattern)
@@ -35,3 +34,5 @@ module Mentionable
     end
   end
 end
+
+Mentionable::ReferenceRegexes.prepend(EE::Mentionable::ReferenceRegexes)

app/models/concerns/noteable.rb

 # frozen_string_literal: true
 
 module Noteable
-  prepend EE::Noteable
-
   # Names of all implementers of `Noteable` that support resolvable notes.
   RESOLVABLE_TYPES = %w(MergeRequest).freeze
 
@@ -104,3 +102,5 @@ module Noteable
     )
   end
 end
+
+Noteable.prepend(EE::Noteable)

app/models/concerns/participable.rb

@@ -25,8 +25,6 @@
 #     users = issue.participants
 module Participable
   extend ActiveSupport::Concern
-  prepend EE::Participable
-
   class_methods do
     # Adds a list of participant attributes. Attributes can either be symbols or
     # Procs.
@@ -113,3 +111,5 @@ module Participable
     end
   end
 end
+
+Participable.prepend(EE::Participable)

app/models/concerns/prometheus_adapter.rb

@@ -5,7 +5,7 @@ module PrometheusAdapter
 
   included do
     include ReactiveCaching
-    prepend EE::PrometheusAdapter
+    prepend EE::PrometheusAdapter # We can't prepend outside of this model due to the use of `included`, so this must stay here.
 
     self.reactive_cache_key = ->(adapter) { [adapter.class.model_name.singular, adapter.id] }
     self.reactive_cache_lease_timeout = 30.seconds

app/models/concerns/protected_ref.rb

@@ -67,3 +67,9 @@ module ProtectedRef
     @ref_matcher ||= RefMatcher.new(self.name)
   end
 end
+
+# Prepending a module into a concern doesn't work very well for class methods,
+# since these are defined in a ClassMethods constant. As such, we prepend the
+# module directly into ProtectedRef::ClassMethods, instead of prepending it into
+# ProtectedRef.
+ProtectedRef::ClassMethods.prepend(EE::ProtectedRef)

app/models/concerns/protected_ref_access.rb

@@ -2,9 +2,6 @@
 
 module ProtectedRefAccess
   extend ActiveSupport::Concern
-  include EE::ProtectedRefAccess::Scopes
-  prepend EE::ProtectedRefAccess
-
   HUMAN_ACCESS_LEVELS = {
     Gitlab::Access::MAINTAINER => "Maintainers".freeze,
     Gitlab::Access::DEVELOPER => "Developers + Maintainers".freeze,
@@ -53,3 +50,13 @@ module ProtectedRefAccess
       project.team.max_member_access(user.id) >= access_level
   end
 end
+
+ProtectedRefAccess.include(EE::ProtectedRefAccess::Scopes)
+ProtectedRefAccess.prepend(EE::ProtectedRefAccess)
+
+# When using `prepend` (or `include` for that matter), the `ClassMethods`
+# constants are not merged. This means that `class_methods` in
+# `EE::ProtectedRefAccess` would be ignored.
+#
+# To work around this, we prepend the `ClassMethods` constant manually.
+ProtectedRefAccess::ClassMethods.prepend(EE::ProtectedRefAccess::ClassMethods)

app/models/discussion_note.rb

@@ -4,7 +4,7 @@
 #
 # A note of this type can be resolvable.
 class DiscussionNote < Note
-  prepend EE::DiscussionNote
+  prepend EE::DiscussionNote # This prepend must stay here because the `validates` below depends on it.
 
   # Names of all implementers of `Noteable` that support discussions.
   def self.noteable_types

app/models/environment.rb

 # frozen_string_literal: true
 
 class Environment < ActiveRecord::Base
-  prepend EE::Environment
-
   # Used to generate random suffixes for the slug
   LETTERS = 'a'..'z'
   NUMBERS = '0'..'9'
@@ -250,3 +248,5 @@ class Environment < ActiveRecord::Base
     (0..5).map { SUFFIX_CHARS.sample }.join
   end
 end
+
+Environment.prepend(EE::Environment)

app/models/epic.rb

@@ -3,8 +3,6 @@
 # Placeholder class for model that is implemented in EE
 # It reserves '&' as a reference prefix, but the table does not exists in CE
 class Epic < ActiveRecord::Base
-  prepend EE::Epic
-
   def self.link_reference_pattern
     nil
   end
@@ -17,3 +15,5 @@ class Epic < ActiveRecord::Base
     '&amp;'
   end
 end
+
+Epic.prepend(EE::Epic)

app/models/group.rb

@@ -3,8 +3,6 @@
 require 'carrierwave/orm/activerecord'
 
 class Group < Namespace
-  prepend EE::Group
-
   include Gitlab::ConfigHelper
   include AfterCommitQueue
   include AccessRequestable
@@ -432,3 +430,5 @@ class Group < Namespace
     errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.")
   end
 end
+
+Group.prepend(EE::Group)

app/models/identity.rb

 # frozen_string_literal: true
 
 class Identity < ActiveRecord::Base
-  prepend EE::Identity
-
   include Sortable
   include CaseSensitivity
 
@@ -48,3 +46,5 @@ class Identity < ActiveRecord::Base
     user.user_synced_attributes_metadata&.destroy
   end
 end
+
+Identity.prepend(EE::Identity)

app/models/issue_assignee.rb

 # frozen_string_literal: true
 
 class IssueAssignee < ActiveRecord::Base
-  prepend EE::IssueAssignee
-
   belongs_to :issue
   belongs_to :assignee, class_name: "User", foreign_key: :user_id
 end
+
+IssueAssignee.prepend(EE::IssueAssignee)

app/models/legacy_diff_note.rb

@@ -7,7 +7,6 @@
 #
 # A note of this type is never resolvable.
 class LegacyDiffNote < Note
-  prepend EE::LegacyDiffNote
   include NoteOnDiff
 
   serialize :st_diff # rubocop:disable Cop/ActiveRecordSerialize
@@ -112,3 +111,5 @@ class LegacyDiffNote < Note
     diffs.find { |d| d.new_path == self.diff.new_path }
   end
 end
+
+LegacyDiffNote.prepend(EE::LegacyDiffNote)

app/models/lfs_object.rb

 # frozen_string_literal: true
 
 class LfsObject < ActiveRecord::Base
-  prepend EE::LfsObject
   include AfterCommitQueue
   include ObjectStorage::BackgroundMove
 
@@ -42,3 +41,5 @@ class LfsObject < ActiveRecord::Base
     Digest::SHA256.file(path).hexdigest
   end
 end
+
+LfsObject.prepend(EE::LfsObject)

app/models/namespace.rb

 # frozen_string_literal: true
 
 class Namespace < ActiveRecord::Base
-  prepend EE::Namespace
   include CacheMarkdownField
   include Sortable
   include Gitlab::ShellAdapter
@@ -311,3 +310,5 @@ class Namespace < ActiveRecord::Base
     end
   end
 end
+
+Namespace.prepend(EE::Namespace)

app/models/note.rb

@@ -5,8 +5,6 @@
 # A note of this type is never resolvable.
 class Note < ActiveRecord::Base
   extend ActiveModel::Naming
-  prepend EE::Note
-
   include Participable
   include Mentionable
   include Awardable
@@ -491,3 +489,5 @@ class Note < ActiveRecord::Base
     system_note_metadata&.cross_reference_types&.include?(system_note_metadata&.action)
   end
 end
+
+Note.prepend(EE::Note)

app/models/notification_setting.rb

 # frozen_string_literal: true
 
 class NotificationSetting < ActiveRecord::Base
-  prepend EE::NotificationSetting
   include IgnorableColumn
 
   ignore_column :events
@@ -88,3 +87,5 @@ class NotificationSetting < ActiveRecord::Base
     respond_to?(event) && !!public_send(event) # rubocop:disable GitlabSecurity/PublicSend
   end
 end
+
+NotificationSetting.prepend(EE::NotificationSetting)

app/models/personal_snippet.rb

 # frozen_string_literal: true
 
 class PersonalSnippet < Snippet
-  prepend EE::PersonalSnippet
-
   include WithUploads
 end
+
+PersonalSnippet.prepend(EE::PersonalSnippet)

app/models/project.rb

@@ -33,8 +33,6 @@ class Project < ActiveRecord::Base
   extend Gitlab::Cache::RequestCache
 
   # EE specific modules
-  prepend EE::Project
-
   extend Gitlab::ConfigHelper
 
   BoardLimitExceeded = Class.new(StandardError)
@@ -2211,3 +2209,5 @@ class Project < ActiveRecord::Base
     @services_templates ||= Service.where(template: true)
   end
 end
+
+Project.prepend(EE::Project)

app/models/project_import_state.rb

@@ -5,8 +5,6 @@ class ProjectImportState < ActiveRecord::Base
 
   self.table_name = "project_mirror_data"
 
-  prepend EE::ProjectImportState
-
   belongs_to :project, inverse_of: :import_state
 
   validates :project, presence: true
@@ -72,3 +70,5 @@ class ProjectImportState < ActiveRecord::Base
     @errors = original_errors
   end
 end
+
+ProjectImportState.prepend(EE::ProjectImportState)

app/models/project_services/kubernetes_service.rb

@@ -9,8 +9,6 @@ class KubernetesService < DeploymentService
   include Gitlab::Kubernetes
   include ReactiveCaching
 
-  prepend EE::KubernetesService
-
   self.reactive_cache_key = ->(service) { [service.class.model_name.singular, service.project_id] }
 
   # Namespace defaults to the project path, but can be overridden in case that
@@ -254,3 +252,5 @@ class KubernetesService < DeploymentService
     end
   end
 end
+
+KubernetesService.prepend(EE::KubernetesService)

app/models/project_services/slack_slash_commands_service.rb

 # frozen_string_literal: true
 
 class SlackSlashCommandsService < SlashCommandsService
-  prepend EE::SlackSlashCommandsService
   include TriggersHelper
 
   def title
@@ -29,3 +28,5 @@ class SlackSlashCommandsService < SlashCommandsService
     Slack::Notifier::LinkFormatter.format(text) if text
   end
 end
+
+SlackSlashCommandsService.prepend(EE::SlackSlashCommandsService)

app/models/project_snippet.rb

 # frozen_string_literal: true
 
 class ProjectSnippet < Snippet
-  prepend EE::ProjectSnippet
-
   belongs_to :project
   belongs_to :author, class_name: "User"
 
@@ -14,3 +12,5 @@ class ProjectSnippet < Snippet
   participant :author
   participant :notes_with_associations
 end
+
+ProjectSnippet.prepend(EE::ProjectSnippet)

app/models/project_team.rb

@@ -3,8 +3,6 @@
 class ProjectTeam
   include BulkMemberAccessLoad
 
-  prepend EE::ProjectTeam
-
   attr_accessor :project
 
   def initialize(project)
@@ -194,3 +192,5 @@ class ProjectTeam
     project.group
   end
 end
+
+ProjectTeam.prepend(EE::ProjectTeam)

app/models/prometheus_metric.rb

 # frozen_string_literal: true
 
 class PrometheusMetric < ActiveRecord::Base
-  prepend EE::PrometheusMetric
-
   belongs_to :project, validate: true, inverse_of: :prometheus_metrics
 
   enum group: {
@@ -89,3 +87,5 @@ class PrometheusMetric < ActiveRecord::Base
     end
   end
 end
+
+PrometheusMetric.prepend(EE::PrometheusMetric)

app/models/protected_branch.rb

@@ -3,9 +3,6 @@
 class ProtectedBranch < ActiveRecord::Base
   include Gitlab::ShellAdapter
   include ProtectedRef
-  prepend EE::ProtectedRef
-  prepend EE::ProtectedBranch
-
   protected_ref_access_levels :merge, :push
 
   def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
@@ -31,3 +28,5 @@ class ProtectedBranch < ActiveRecord::Base
       Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE
   end
 end
+
+ProtectedBranch.prepend(EE::ProtectedBranch)

app/models/protected_tag.rb

@@ -3,8 +3,6 @@
 class ProtectedTag < ActiveRecord::Base
   include Gitlab::ShellAdapter
   include ProtectedRef
-  include EE::ProtectedRef
-
   validates :name, uniqueness: { scope: :project_id }
 
   protected_ref_access_levels :create

app/models/remote_mirror.rb

@@ -3,8 +3,6 @@
 class RemoteMirror < ActiveRecord::Base
   include AfterCommitQueue
 
-  prepend EE::RemoteMirror
-
   PROTECTED_BACKOFF_DELAY   = 1.minute
   UNPROTECTED_BACKOFF_DELAY = 5.minutes
 
@@ -229,3 +227,5 @@ class RemoteMirror < ActiveRecord::Base
     url_changed? || encrypted_credentials_changed?
   end
 end
+
+RemoteMirror.prepend(EE::RemoteMirror)

app/models/repository.rb

@@ -22,7 +22,6 @@ class Repository
   include Gitlab::ShellAdapter
   include Gitlab::RepositoryCacheAdapter
 
-  prepend EE::Repository
   include Elastic::RepositoriesSearch
 
   attr_accessor :full_path, :disk_path, :project, :is_wiki
@@ -1088,3 +1087,5 @@ class Repository
     Gitlab::Git::Repository.new(project.repository_storage, disk_path + '.git', Gitlab::GlRepository.gl_repository(project, is_wiki))
   end
 end
+
+Repository.prepend(EE::Repository)

app/models/resource_label_event.rb

@@ -3,7 +3,6 @@
 # This model is not used yet, it will be used for:
 # https://gitlab.com/gitlab-org/gitlab-ce/issues/48483
 class ResourceLabelEvent < ActiveRecord::Base
-  prepend EE::ResourceLabelEvent
   include Importable
   include Gitlab::Utils::StrongMemoize
   include CacheMarkdownField
@@ -123,3 +122,5 @@ class ResourceLabelEvent < ActiveRecord::Base
     issuable.project || issuable.group
   end
 end
+
+ResourceLabelEvent.prepend(EE::ResourceLabelEvent)

app/models/service.rb

@@ -3,7 +3,6 @@
 # To add new service you should build a class inherited from Service
 # and implement a set of methods
 class Service < ActiveRecord::Base
-  prepend EE::Service
   include Sortable
   include Importable
   include ProjectServicesLoggable
@@ -349,3 +348,5 @@ class Service < ActiveRecord::Base
     activated? && !importing?
   end
 end
+
+Service.prepend(EE::Service)

app/models/system_note_metadata.rb

 # frozen_string_literal: true
 
 class SystemNoteMetadata < ActiveRecord::Base
-  prepend EE::SystemNoteMetadata
-
   # These notes's action text might contain a reference that is external.
   # We should always force a deep validation upon references that are found
   # in this note type.
@@ -34,3 +32,5 @@ class SystemNoteMetadata < ActiveRecord::Base
     TYPES_WITH_CROSS_REFERENCES
   end
 end
+
+SystemNoteMetadata.prepend(EE::SystemNoteMetadata)

app/models/todo.rb

 # frozen_string_literal: true
 
 class Todo < ActiveRecord::Base
-  prepend EE::Todo
   include Sortable
   include FromUnion
 
@@ -192,3 +191,5 @@ class Todo < ActiveRecord::Base
     project.repository.keep_around(self.commit_id)
   end
 end
+
+Todo.prepend(EE::Todo)

app/models/upload.rb

 # frozen_string_literal: true
 
 class Upload < ActiveRecord::Base
-  prepend EE::Upload
-
   # Upper limit for foreground checksum processing
   CHECKSUM_THRESHOLD = 100.megabytes
 
@@ -108,3 +106,5 @@ class Upload < ActiveRecord::Base
     super&.to_sym
   end
 end
+
+Upload.prepend(EE::Upload)

ee/app/models/concerns/ee/issuable.rb

@@ -4,17 +4,15 @@ module EE
   module Issuable
     extend ActiveSupport::Concern
 
-    class_methods do
-      def labels_hash
-        issue_labels = Hash.new { |h, k| h[k] = [] }
+    def labels_hash
+      issue_labels = Hash.new { |h, k| h[k] = [] }
 
-        relation = unscoped.where(id: self.select(:id)).eager_load(:labels)
-        relation.pluck(:id, 'labels.title').each do |issue_id, label|
-          issue_labels[issue_id] << label
-        end
-
-        issue_labels
+      relation = unscoped.where(id: self.select(:id)).eager_load(:labels)
+      relation.pluck(:id, 'labels.title').each do |issue_id, label|
+        issue_labels[issue_id] << label
       end
+
+      issue_labels
     end
   end
 end

ee/app/models/concerns/ee/protected_ref.rb

 module EE
   module ProtectedRef
-    extend ActiveSupport::Concern
+    def protected_ref_access_levels(*types)
+      types.each do |type|
+        # We need to set `inverse_of` to make sure the `belongs_to`-object is set
+        # when creating children using `accepts_nested_attributes_for`.
+        #
+        # If we don't `protected_branch` or `protected_tag` would be empty and
+        # `project` cannot be delegated to it, which in turn would cause validations
+        # to fail.
+        has_many :"#{type}_access_levels", inverse_of: self.model_name.singular
 
-    class_methods do
-      def protected_ref_access_levels(*types)
-        types.each do |type|
-          # We need to set `inverse_of` to make sure the `belongs_to`-object is set
-          # when creating children using `accepts_nested_attributes_for`.
-          #
-          # If we don't `protected_branch` or `protected_tag` would be empty and
-          # `project` cannot be delegated to it, which in turn would cause validations
-          # to fail.
-          has_many :"#{type}_access_levels", inverse_of: self.model_name.singular
+        accepts_nested_attributes_for :"#{type}_access_levels", allow_destroy: true
 
-          accepts_nested_attributes_for :"#{type}_access_levels", allow_destroy: true
+        # Overwrite the validation for access levels
+        #
+        # EE Needs to allow more access levels in the relation:
+        # - 1 for each user/group
+        # - 1 with the `access_level` (Maintainer, Developer)
+        validates :"#{type}_access_levels", length: { is: 1 }, if: -> { false }
 
-          # Overwrite the validation for access levels
-          #
-          # EE Needs to allow more access levels in the relation:
-          # - 1 for each user/group
-          # - 1 with the `access_level` (Maintainer, Developer)
-          validates :"#{type}_access_levels", length: { is: 1 }, if: -> { false }
-
-          # Returns access levels that grant the specified access type to the given user / group.
-          access_level_class = const_get("#{type}_access_level".classify)
-          protected_type = self.model_name.singular
-          scope(
-            :"#{type}_access_by_user",
-            -> (user) do
-              access_level_class.joins(protected_type.to_sym)
-                .where("#{protected_type}_id" => self.ids)
-                .merge(access_level_class.by_user(user))
-            end
-          )
-          scope(
-            :"#{type}_access_by_group",
-            -> (group) do
-              access_level_class.joins(protected_type.to_sym)
-                .where("#{protected_type}_id" => self.ids)
-                .merge(access_level_class.by_group(group))
-            end
-          )
-        end
+        # Returns access levels that grant the specified access type to the given user / group.
+        access_level_class = const_get("#{type}_access_level".classify)
+        protected_type = self.model_name.singular
+        scope(
+          :"#{type}_access_by_user",
+          -> (user) do
+            access_level_class.joins(protected_type.to_sym)
+              .where("#{protected_type}_id" => self.ids)
+              .merge(access_level_class.by_user(user))
+          end
+        )
+        scope(
+          :"#{type}_access_by_group",
+          -> (group) do
+            access_level_class.joins(protected_type.to_sym)
+              .where("#{protected_type}_id" => self.ids)
+              .merge(access_level_class.by_group(group))
+          end
+        )
       end
     end
   end