Owners of groups, cannot see their own group's member roles.
Overview
We are facing an issue in groups that have LDAP sync enabled, where nobody (not even owners or admins) can see the member roles. This affects both the group's member pages and the group details in the admin panel. This is apparently due to this capability being removed for all users, including admins: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/app/models/ability.rb#L394 (https://gitlab.com/gitlab-org/gitlab-ee/blob/master/app/models/ability.rb#L394)
We have submitted https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/614 (https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/614) to at least fix the situation in the admin panel, so that our helpdesk can see the roles of members of LDAP-synced groups and help users who face permission issues.
But the problem remains for owners of the group, who cannot see their own group's member roles. This is probably not the intended behaviour, and we would like to file a bug report regarding this.
Reproduce:
- Create a GitLab group
- Add LDAP sync
- Visit the group members page as the group's owner
Expected
Owner can see member roles
Actual
Roles are not shown
//cc @jacobvosmaer-gitlab