Allow a member to have an access level equal to parent group
Suppose you have this configuration:
- Subgroup
hello/world
- Subgroup
hello/mergers
. - Project
hello/world/my-project
has invited grouphello/world
to access protected branches. - The rule allows the group to merge but no one can push.
- User
newuser
has Owner access to the parent grouphello
.
Previously, there was no way for the user newuser
to be added to the
hello/mergers
group since the validation only allowed a user to be
added at a higher access level.
Since membership in a subgroup confers certain access rights, such as being able to merge or push code to protected branches, we have to loosen the validation and allow someone to be added at an equal level granted by the parent group.
Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/11323
EE port: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/11983
Edited by Stan Hu