Skip to content
Snippets Groups Projects
Select Git revision
  • 521264-vue3-migration-devops_adoption_overview_table_spec
  • 510851-policies-integration-tests-skip-ci
  • jnnkl-multi-thread-integration
  • check-tag-rules-when-deleting-container-images
  • gems_checksum_lock
  • 521041/aslota-rename-custom-status-widget-to-status-widget
  • master default protected
  • rails-next protected
  • ruby-next protected
  • alvin-master-patch-446b
  • overdue-finalize-background-migration--backfill-protected-environment-deploy-access-levels-protected-environment-group-id
  • 511232-add-severity-override-metadata-to-mr-widget-calls
  • 515996-add-immutable-to-tag-rules
  • cherryhan-master-patch-bd7d
  • issue_419332
  • graphql-security-dashboard
  • gkatz_add_vulnerability_namespace_stats_table
  • ysiev-vulnerability-namespace-statistics-update-service
  • 509046-unauthorized-access-to-reading-branch
  • gkatz_add_namespace_statistics_adjustment_service
  • v17.7.6-ee protected
  • v17.8.4-ee protected
  • v17.9.1-ee protected
  • v17.8.3-ee protected
  • v17.7.5-ee protected
  • v17.9.0-ee protected
  • v17.9.0-rc42-ee protected
  • v17.6.5-ee protected
  • v17.7.4-ee protected
  • v17.8.2-ee protected
  • v17.6.4-ee protected
  • v17.7.3-ee protected
  • v17.8.1-ee protected
  • v17.8.0-ee protected
  • v17.7.2-ee protected
  • v17.8.0-rc42-ee protected
  • v17.5.5-ee protected
  • v17.6.3-ee protected
  • v17.7.1-ee protected
  • v17.7.0-ee protected
40 results

group_finder.rb

  • Vasilii Iakliushin's avatar
    9d607b26
    Fix subgroup support for approval rules · 9d607b26
    Vasilii Iakliushin authored and Adam Hegyi's avatar Adam Hegyi committed 
    Contributes to #371106

**Problem**

We had a problem with inherited permissions for subgroups. Users
couldn't see appovers for groups if they don't have a direct membership
in them. It was fixed in scope of
!91598.

However, there is a similar invalid check that filters subgroups with
inherited permissions out.

**Solution**

* `public_or_visible_to_user` method doesn't correctly support subgroup
permissions. Instead we can verify if user has an access to the group.
* Add `accessible_to_user` scope that correctly supports subgroups

Changelog: fixed
EE: true
    9d607b26
    History
    Fix subgroup support for approval rules
    Vasilii Iakliushin authored and Adam Hegyi's avatar Adam Hegyi committed 
    Contributes to #371106

**Problem**

We had a problem with inherited permissions for subgroups. Users
couldn't see appovers for groups if they don't have a direct membership
in them. It was fixed in scope of
!91598.

However, there is a similar invalid check that filters subgroups with
inherited permissions out.

**Solution**

* `public_or_visible_to_user` method doesn't correctly support subgroup
permissions. Instead we can verify if user has an access to the group.
* Add `accessible_to_user` scope that correctly supports subgroups

Changelog: fixed
EE: true
Code owners
Assign users and groups as approvers for specific file changes. Learn more.