Enable update_(build|pipeline) for maintainers
Why was this MR needed?
When a maintainer is allowed to push to forked project, also :update_commit_status permission is needed, otherwise maintainer can not retry failed pipelines and builds.
The problem is that app/services/ci/retry_pipeline_service.rb
and app/services/ci/retry_build_service.rb
check policy against build
object and BuildPolicy
inherits from CommitStatusPolicy
which requires update_commit_status
permission to enable also update_build
permission.
Instead of having update_build
and update_pipeline
enabled per project, these permissions are enabled for maintainer per build
or pipeline
if maintainer can push to the specific branch.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Tests added for this feature/bug
What are the relevant issue numbers?
Closes #45905 (closed)
Edited by Jan Provaznik