Cleanup redundant access control evaluation

During a security audit of Gerrit, Julien Tinnes identified that this
conditional is redundant with the else block, and can be removed.  So
drop it from the code to simplify the logic.

Change-Id: I917f88e63ade3ebf0bc18575fc84f8d2885032e9
Suggested-by: Julien Tinnes
Signed-off-by: Shawn O. Pearce <sop@google.com>

gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java

@@ -157,13 +157,9 @@ public class ProjectControl {
 
     for (final RefRight pr : state.getLocalRights(actionId)) {
       if (groups.contains(pr.getAccountGroupId())) {
-        if (val < 0 && pr.getMaxValue() > 0) {
-          val = pr.getMaxValue();
-        } else {
         val = Math.max(pr.getMaxValue(), val);
       }
     }
-    }
 
     if (val == Integer.MIN_VALUE && actionId.canInheritFromWildProject()) {
       for (final RefRight pr : state.getInheritedRights(actionId)) {

gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java

@@ -241,20 +241,9 @@ public class RefControl {
 
     for (RefRight right : filterMostSpecific(allRights)) {
       if (groups.contains(right.getAccountGroupId())) {
-        if (val < 0 && right.getMaxValue() > 0) {
-          // If one of the user's groups had denied them access, but
-          // this group grants them access, prefer the grant over
-          // the denial. We have to break the tie somehow and we
-          // prefer being "more open" to being "more closed".
-          //
-          val = right.getMaxValue();
-        } else {
-          // Otherwise we use the largest value we can get.
-          //
         val = Math.max(right.getMaxValue(), val);
       }
     }
-    }
     return val >= level;
   }