Moved subgroups don't inherit new permissions
Summary
When I move a group (or subgroup) to be a child of an existing group, permissions aren't updated to inherit the permissions of the new location.
Steps to reproduce
- Have a group (let's call it
subgroup1) with some projects with private visibility - Have a target group (let's call it
target1) - Have a user (
user1) with no access tosubgroup1and maintainer access totarget1 - Therefore
user1currently does not see the projects insubgroup1 - Move the group
subgroup1intotarget1 - Now
user1should have access to projects insubgroup1, but hasn't
Example Project
No example project, since I don't want to create more users on GitLab.com.
What is the current bug behavior?
When transferring groups into another group, permissions from the old location are retained(?).
What is the expected correct behavior?
When transferring groups into another group, permissions should be updated accordingly.
Relevant logs and/or screenshots
Imagine an empty group named subgroup1 here...
Output of checks
Checks?
Results of GitLab environment info
Expand for output related to GitLab environment info
System information
System: Debian 8.11
Proxy: HTTPS_PROXY: yes
no_proxy: yes
NO_PROXY: yes
https_proxy: yes
http_proxy: yes
ftp_proxy: yes
FTP_PROXY: yes
HTTP_PROXY: yes
Current User: git
Using RVM: no
Ruby Version: 2.4.4p296
Gem Version: 2.7.6
Bundler Version:1.16.2
Rake Version: 12.3.1
Redis Version: 3.2.11
Git Version: 2.18.0
Sidekiq Version:5.1.3
Go Version: unknown
GitLab information
Version: 11.2.1-ee
Revision: df8846c
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
DB Version: 9.6.8
URL: https://REDACTED
HTTP Clone URL: https://REDACTED
SSH Clone URL: REDACTED
Elasticsearch: no
Geo: no
Using LDAP: yes
Using Omniauth: no
GitLab Shell
Version: 8.1.1
Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab Shell ...GitLab Shell version >= 8.1.1 ? ... OK (8.1.1) Repo base directory exists? default... yes Repo storage directories are symlinks? default... no Repo paths owned by git:root, or git:git? default... yes Repo paths access is drwxrws---? default... yes hooks directories in repos are links: ... 232/76 ... repository is empty 158/79 ... ok 245/81 ... ok 249/84 ... repository is empty Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Redis available via internal API: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Reply by email is disabled in config/gitlab.yml Checking LDAP ...
Server: ldapmain LDAP authentication... Success LDAP users with access to your GitLab server (only showing the first 100 results) YEAH, NO.
Checking LDAP ... Finished
Checking GitLab ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 232/76 ... yes 158/79 ... yes 245/81 ... yes 249/84 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.3.5 ? ... yes (2.4.4) Git version >= 2.9.5 ? ... yes (2.18.0) Git user has default SSH configuration? ... yes Active users: ... 20 Elasticsearch version 5.1 - 5.5? ... skipped (elasticsearch is disabled)
Checking GitLab ... Finished
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)