Allow federation of Atlassian users
Problem to solve
(This work is an iteration on the work done in #220872 (closed) . Review that issue for additional background.)
Now that we have a list of issues, we need to be able to expand the functionality by displaying more data, and allowing our user to interact with it (e.g. comment, change status, etc.)
However, currently we only store a single set of credentials in the Jira integration, which is also typically an admin user. This means that, without individual user credentials, all actions would be taken as the same admin user. Additionally, it may be possible for individual users to view content that is beyond their permissions in Jira, which presents potential security problems.
Intended users
The persona this targets is a version of Sasha (Software Developer), but one whose company has invested in the Atlassian suite. Their work is being tracked by other personas (PdMs, PjMs, Designers, etc) in Jira, but they wish to work in GitLab full-time.
Note: future iterations may expand beyond this persona, but this MVC is tightly focused on serving this particular usecase.
User experience goal
The user should be able to federate their Jira account, allowing them to connect that account with their GitLab profile.
Which consists of the following user stories:
- As a developer, I want to be able to federate my Jira account with my GitLab profile, so I can see Jira content.
- As a developer who has federated, I want to be able to revoke this federation for security reasons.
Proposal
To achieve this goal, we'll extend the integration with Jira to address these specific user stories. We'll add:
- A section to the /profile page that allows a user to add other accounts.
- Add a
Connect your Atlassian Account
button to that page that
We'll add a detail view that displays the full content of a single issue (allowing you to filter them and search), and from that view, a user can click on an individual issue to see the details of it -- just like they would normally.
Availability & Testing
What risks does this change pose to our availability?
This is low risk feature for GitLab.com availability.
How might it affect the quality of the product?
This feature will not affect existing product quality.
What additional test coverage or changes to tests will be needed?
Unit tests for model and controllers and feature tests for OAuth signin using mocks.
Ensure following scenarios are covered:
-
When no existing Atlassian identities present, the user sees "Connect your Atlassian Account" button. When they connect their Atlassian account, new identities are created and
refresh_token
(token
?) is added to the database. -
When existing Atlassian identities are present, the user sees that their account has already been connected and they don't see the "Connect your Atlassian Account" button.
-
When existing Atlassian identities are present, the user is able to unlink/remove the connected Atlassian account, which also removes the Atlassian identities and tokens from the db. User is then able to reconnect their account.
-
When the user is unable to connect their Atlassian account due to bad credentials, appropriate message is shown to the user when (if) redirected back to GitLab. No identities or tokens are created in the db in this case.
No end-to-end tests would be added since the integration involves Atlassian Cloud and we avoid e2e test that would involving live 3rd party services.
Will it require cross-browser testing?
This should not be necessary since the feature is not heavy on the UI.