Gitlab project API returns incorrect permissions when there are nested groups.
Summary
The gitlab instance in my organization is using nested groups. There is a parent group called example
, which contains (among others) a group called nested
, and this group nested
contains a project called frontend
.
There is also a user (called ci
) that is an Owner of the group example
, and me, master of the group example/nested
My problem is that the API reports the user ci
as having no rights on the project frontend
, even though he can do everything because he's an owner of the parent group.
Steps to reproduce
Given my example above :
- Call the project api with the access token of the
ci
user.
GET /api/v4/projects/<project id> Private-Token:<token>
...
"permissions": {
"group_access": null,
"project_access": null,
}
...
- Call the project api with the access token of a user that is a member of the
nested
group.
GET /api/v4/projects/<project id> Private-Token:<token>
...
"permissions": {
"group_access": {
"access_level": 40,
"notification_level": 3
},
"project_access": null,
}
...
What is the current bug behavior?
The member of the parent group is reported as having no rights on the project
What is the expected correct behavior?
The member of the parent group should have existing "group_access" with the owner permissions.
Edited by 🤖 GitLab Bot 🤖