Refactor feedback policy

ee/app/policies/ee/project_policy.rb

@@ -169,7 +169,7 @@ module EE
 
       rule { threat_monitoring_enabled & (auditor | can?(:developer_access)) }.enable :read_threat_monitoring
 
-      rule { can?(:read_project) & (can?(:read_merge_request) | can?(:read_build)) }.enable :read_vulnerability_feedback
+      rule { can?(:read_security_findings) }.enable :read_vulnerability_feedback
 
       rule { dependency_scanning_enabled & can?(:download_code) }.enable :read_dependencies
 

ee/spec/policies/project_policy_spec.rb

@@ -334,32 +334,10 @@ describe ProjectPolicy do
       let(:current_user) { admin }
       let(:project) { create(:project, :private, namespace: owner.namespace) }
 
-      context 'with admin' do
-        let(:current_user) { admin }
-
-        it { is_expected.to be_allowed(:read_vulnerability_feedback) }
-      end
-
-      context 'with owner' do
-        let(:current_user) { owner }
+      where(role: %w[admin owner maintainer developer reporter])
 
-        it { is_expected.to be_allowed(:read_vulnerability_feedback) }
-      end
-
-      context 'with maintainer' do
-        let(:current_user) { maintainer }
-
-        it { is_expected.to be_allowed(:read_vulnerability_feedback) }
-      end
-
-      context 'with developer' do
-        let(:current_user) { developer }
-
-        it { is_expected.to be_allowed(:read_vulnerability_feedback) }
-      end
-
-      context 'with reporter' do
-        let(:current_user) { reporter }
+      with_them do
+        let(:current_user) { public_send(role) }
 
         it { is_expected.to be_allowed(:read_vulnerability_feedback) }
       end
@@ -367,7 +345,7 @@ describe ProjectPolicy do
       context 'with guest' do
         let(:current_user) { guest }
 
-        it { is_expected.to be_allowed(:read_vulnerability_feedback) }
+        it { is_expected.to be_disallowed(:read_vulnerability_feedback) }
       end
 
       context 'with non member' do