Fix project member access for group links
What does this MR do?
Among other things, ensure that users who have access to a project through a group link can see confidential issues.
Are there points in the code the reviewer needs to double check?
I tried to keep the change as minimal as possible.
Why was this MR needed?
ProjectTeam#find_member doesn't take group links into account. It was
used in two places:
- An admin view - it can stay here.
ProjectTeam#member?, which is often used to decide if a user has access to view something.
This second part broke confidential issues viewing.
up delegating to
Project#authorized_for_user?, which does consider
group links, so users with access to the project via a group link could
see confidential issues on the index page. However,
ProjectTeam#member?, so the same user couldn't view the issue when
going to it directly.
Does this MR meet the acceptance criteria?
- Added for this feature/bug
- All builds are passing
- Conform by the merge request performance guides
- Conform by the style guides
Branch has no merge conflicts with
master(if it does - rebase it please)
- Squashed related commits together
What are the relevant issue numbers?
Closes #23872 (closed).