Allow a member to have an access level equal to parent group

Stan Hurequested to merge
sh-allow-equal-level-in-subgroup-membership into master

Suppose you have this configuration:

  1. Subgroup hello/world
  2. Subgroup hello/mergers.
  3. Project hello/world/my-project has invited group hello/world to access protected branches.
  4. The rule allows the group to merge but no one can push.
  5. User newuser has Owner access to the parent group hello.

Previously, there was no way for the user newuser to be added to the hello/mergers group since the validation only allowed a user to be added at a higher access level.

Since membership in a subgroup confers certain access rights, such as being able to merge or push code to protected branches, we have to loosen the validation and allow someone to be added at an equal level granted by the parent group.

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/11323

EE port: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/11983

Edited by Stan Hu

Merge request reports