Skip to content

Bulk editing group issues only works with owner access level

Summary

Bulk editing issues at a group level should behave like bulk editing at a project level https://docs.gitlab.com/ee/user/project/bulk_editing.html#bulk-editing-issues-and-merge-requests and be available for permission level of Reporter or higher.

Currently, it's only working for the Owner permission level and will display a 404 (Not Found) error for lower levels.

Steps to reproduce

  • Sign in as a user with permission level Reporter, Developer, or Maintainer for a certain group.
  • Go that group's list of issues, select multiple and apply a milestone in the sidebar
  • This should display an authorization error

Example Project

(If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report)

(If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version)

What is the current bug behavior?

It's not possible to update multiple group issues with access level Reporter, Developer or Maintainer

What is the expected correct behavior?

I should be possible to update multiple group issues with access level Reporter or higher.

(What you should see instead)

Relevant logs and/or screenshots

Screenshot_2019-07-18_at_13.44.36

Output of checks

(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)

Results of GitLab environment info

Expand for output related to GitLab environment info 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:env:info)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

Removing :authorize_admin_group! from Groups::BulkUpdateController as we are already checking for permissions before calling method bilk_update here https://gitlab.com/gitlab-org/gitlab-ee/blob/master/app/controllers/concerns/issuable_actions.rb#L9