[EE] Allow a member to have an access level equal to parent group (!11983) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-allow-equal-level-in-subgroup-membership-ee into master Apr 30, 2019

Allow a member to have an access level equal to parent group

Suppose you have this configuration:

Subgroup hello/world
Subgroup hello/mergers.
Project hello/world/my-project has invited group hello/world to access protected branches.
The rule allows the group to merge but no one can push.
User newuser has Owner access to the parent group hello.

Previously, there was no way for the user newuser to be added to the hello/mergers group since the validation only allowed a user to be added at a higher access level.

Since membership in a subgroup confers certain access rights, such as being able to merge or push code to protected branches, we have to loosen the validation and allow someone to be added at an equal level granted by the parent group.

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/11323

CE port: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/27913

Edited Apr 30, 2019 by Stan Hu

[EE] Allow a member to have an access level equal to parent group

Merge request reports