Do not allow project members to be created at 'owner' level
Zendesk issue: https://gitlab.zendesk.com/agent/tickets/26954
Projects only allow 'Guest', 'Reporter', 'Developer' and 'Master' roles. However, we haven't enforced this at the controller level or in the API - we only limited what was displayed in the dropdown. As a result, a GitLab.com user was able to set their access to '50' or 'Owner' for a bunch of projects via the API. Underneath, we don't actually assign any privileges to that role so the user lost access to all those projects.
To-Do:
-
Enforce in the controller -
Enforce in the API -
Write a migration to move all existing project members that have 'Owner'/50 access level to 'Master'/40.