Disable/remove the run pipeline option for non-project members

Description

It is ok if a admin cant run the pipeline - but why show the link to run it - if he is not allowed?

As i said - either allow an admin which is not member of the group to run the pipeline - or dont show the button to run a pipeline at all. (same as you do with every other user who hasn't the permission to run them)

Summary

An Admin User which is not member of the project can execute a Pipeline, but the Pipeline fails with You are not allowed to download code from this project.

As soon as the User is added as member of the project its working as intended.

Proposal

Disable/remove the run pipeline button for non-project members.

What is the current bug behavior?

Running with gitlab-runner 11.0.0 (5396d320)
  on Deploy Runner @rundeck.cwd.at d244b285
Using Shell executor...
Running on deploy...
Fetching changes...
HEAD ist jetzt bei 8e56127 Merge branch 'develop' into 'master'
remote: You are not allowed to download code from this project.
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@gitlab.cwd.at/namespace/project.git/': The requested URL returned error: 403
ERROR: Job failed: exit status 1

What is the expected correct behavior?

Running with gitlab-runner 11.0.0 (5396d320)
  on Deploy Runner @rundeck.cwd.at d244b285
Using Shell executor...
Running on deploy...
Fetching changes...
HEAD ist jetzt bei 8e56127 Merge branch 'develop' into 'master'
Checking out 8e56127b as 1.0.19...
Skipping Git submodules setup
$ dosomething

Results of GitLab environment info

Click to expand

System information
System:		Ubuntu 14.04
Proxy:		no
Current User:	git
Using RVM:	no
Ruby Version:	2.4.4p296
Gem Version:	2.7.6
Bundler Version:1.16.2
Rake Version:	12.3.1
Redis Version:	3.2.11
Git Version:	2.17.1
Sidekiq Version:5.1.3
Go Version:	unknown

GitLab information
Version:	11.0.3-ee
Revision:	f25aa33
Directory:	/opt/gitlab/embedded/service/gitlab-rails
DB Adapter:	postgresql
DB Version:	9.6.8
URL:		https://gitlab.cwd.at
HTTP Clone URL:	https://gitlab.cwd.at/some-group/some-project.git
SSH Clone URL:	git@gitlab.cwd.at:some-group/some-project.git
Elasticsearch:	yes
Geo:		no
Using LDAP:	no
Using Omniauth:	yes
Omniauth Providers: saml

GitLab Shell
Version:	7.1.4
Repository storage paths:
- default: 	/var/opt/gitlab/git-data/repositories
Hooks:		/opt/gitlab/embedded/service/gitlab-shell/hooks
Git:		/opt/gitlab/embedded/bin/git

Results of GitLab application Check

Click to expand

``` Checking GitLab Shell ...

GitLab Shell version >= 7.1.4 ? ... OK (7.1.4) Repo base directory exists? default... yes Repo storage directories are symlinks? default... no Repo paths owned by git:root, or git:git? default... yes Repo paths access is drwxrws---? default... yes hooks directories in repos are links: ... 6/3 ... ok 5/4 ... ok 5/5 ... ok 2/6 ... ok 4/7 ... ok 4/8 ... ok 4/9 ... ok 4/10 ... ok 4/11 ... ok 5/12 ... ok 7/13 ... ok 10/14 ... ok 5/15 ... ok 14/16 ... ok 17/18 ... ok 20/20 ... ok 20/21 ... ok 20/22 ... ok 20/23 ... ok 20/24 ... ok 21/25 ... ok 21/26 ... ok 17/27 ... ok 25/28 ... ok 27/29 ... ok 28/30 ... ok 28/31 ... ok 26/33 ... ok 28/34 ... ok 28/35 ... ok 28/36 ... ok 5/37 ... ok 28/38 ... ok 28/39 ... ok 28/40 ... ok 31/41 ... ok 31/43 ... ok 9/44 ... ok 32/45 ... ok 9/46 ... ok 9/47 ... ok 33/48 ... ok 38/49 ... ok 38/50 ... ok 33/51 ... ok 31/52 ... ok 36/54 ... ok 40/55 ... ok 5/56 ... ok 38/57 ... ok 31/58 ... ok 7/59 ... ok 31/60 ... ok 5/63 ... ok 46/64 ... ok 23/66 ... ok 47/68 ... ok 47/69 ... ok 16/70 ... ok 21/71 ... ok 49/72 ... ok 46/73 ... ok 38/74 ... ok 31/75 ... ok 31/79 ... ok 5/80 ... ok 5/81 ... ok 5/82 ... ok 50/83 ... ok 50/84 ... ok 50/85 ... ok 31/86 ... ok 5/87 ... ok 5/88 ... ok 31/89 ... ok 31/90 ... ok 31/91 ... ok 38/92 ... ok 52/93 ... ok 47/94 ... ok 49/95 ... ok 54/96 ... ok 172/97 ... ok 172/98 ... ok 172/99 ... ok 172/100 ... ok 172/101 ... ok 172/102 ... ok 172/103 ... ok 172/104 ... ok 16/105 ... ok 5/106 ... ok 172/107 ... ok 38/108 ... ok 50/109 ... ok 50/110 ... ok 50/111 ... ok 49/112 ... ok 5/114 ... ok 50/115 ... ok 47/117 ... ok 5/118 ... ok 50/119 ... ok 50/120 ... ok 5/121 ... ok 23/122 ... repository is empty 50/123 ... ok 47/124 ... ok 68/125 ... ok 50/126 ... ok 50/127 ... ok 47/128 ... ok 57/129 ... ok 16/130 ... ok 47/132 ... ok 9/133 ... ok 31/134 ... ok 31/135 ... ok 50/136 ... ok 47/137 ... ok 50/138 ... ok 50/139 ... ok 21/140 ... ok 50/141 ... ok 21/142 ... ok 50/143 ... ok 32/144 ... ok 47/146 ... ok 47/147 ... ok 9/148 ... ok 47/149 ... ok 9/150 ... ok 31/151 ... ok 50/152 ... ok 81/154 ... ok 81/155 ... ok 81/156 ... ok 57/157 ... ok 57/158 ... ok 57/159 ... ok 47/160 ... ok 85/162 ... ok 47/163 ... ok 172/164 ... ok 88/166 ... ok 89/167 ... ok 47/168 ... ok 21/169 ... ok 31/170 ... ok 91/171 ... ok 91/172 ... ok 91/173 ... repository is empty 16/174 ... ok 47/175 ... ok 96/176 ... ok 5/177 ... ok 5/178 ... ok 47/179 ... ok 2/180 ... repository is empty 70/181 ... ok 5/182 ... ok 5/183 ... ok 47/184 ... ok 47/185 ... ok 103/187 ... ok 31/188 ... ok 31/189 ... ok 45/190 ... ok 103/191 ... ok 16/193 ... repository is empty 31/194 ... ok 115/195 ... ok 152/196 ... ok 152/197 ... ok 103/198 ... ok 16/199 ... ok 45/200 ... ok 103/201 ... repository is empty 57/202 ... ok 16/203 ... ok 103/204 ... ok 47/205 ... ok 81/206 ... ok 16/207 ... ok 152/208 ... repository is empty 152/209 ... ok 47/210 ... ok 151/211 ... ok 151/212 ... ok 151/213 ... ok 151/214 ... ok 151/215 ... ok 172/216 ... ok 103/217 ... ok 16/218 ... ok 50/219 ... ok 16/220 ... ok 156/221 ... ok 16/222 ... repository is empty 16/224 ... ok 157/225 ... ok 157/226 ... ok 81/227 ... ok 16/228 ... ok 9/229 ... ok 31/232 ... ok 103/233 ... ok 5/234 ... ok 5/235 ... ok 9/236 ... ok 9/237 ... ok 179/238 ... ok 159/239 ... ok 160/240 ... ok 31/241 ... ok 165/242 ... ok 16/243 ... ok 166/244 ... ok 5/245 ... ok 16/246 ... ok 173/247 ... ok 172/248 ... ok 50/249 ... ok 16/250 ... ok 46/252 ... ok 2/253 ... ok 50/255 ... ok 151/256 ... ok 9/257 ... ok 16/258 ... ok 160/259 ... ok 81/260 ... ok 81/261 ... ok 81/262 ... ok 171/263 ... ok 174/264 ... ok 174/265 ... ok 174/266 ... ok 175/267 ... ok 174/268 ... ok 47/269 ... ok 174/270 ... ok 2/271 ... ok 174/272 ... ok 174/273 ... ok 160/274 ... ok 31/275 ... ok 50/276 ... ok 177/277 ... ok 160/279 ... ok 179/280 ... ok 16/281 ... ok 160/283 ... repository is empty 32/284 ... ok 166/285 ... ok 181/286 ... ok 182/287 ... ok 160/288 ... ok 160/289 ... ok 160/290 ... ok 160/291 ... ok 160/292 ... ok 160/293 ... ok 160/294 ... ok 160/295 ... ok 160/296 ... ok 160/297 ... ok 160/298 ... ok 160/299 ... ok 160/300 ... ok 160/301 ... ok 160/302 ... ok 160/303 ... ok 160/304 ... ok 160/305 ... ok 160/306 ... ok 160/307 ... ok Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Redis available via internal API: OK

Access to /var/opt/gitlab/.ssh/authorized_keys: OK gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking Reply by email ...

IMAP server credentials are correct? ... yes Init.d configured correctly? ... skipped MailRoom running? ... skipped

Checking Reply by email ... Finished

Checking LDAP ...

LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab ...

Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 6/3 ... yes 5/4 ... yes 5/5 ... yes 2/6 ... yes 4/7 ... yes 4/8 ... yes 4/9 ... yes 4/10 ... yes 4/11 ... yes 5/12 ... yes 7/13 ... yes 10/14 ... yes 5/15 ... yes 14/16 ... yes 17/18 ... yes 20/20 ... yes 20/21 ... yes 20/22 ... yes 20/23 ... yes 20/24 ... yes 21/25 ... yes 21/26 ... yes 17/27 ... yes 25/28 ... yes 27/29 ... yes 28/30 ... yes 28/31 ... yes 26/33 ... yes 28/34 ... yes 28/35 ... yes 28/36 ... yes 5/37 ... yes 28/38 ... yes 28/39 ... yes 28/40 ... yes 31/41 ... yes 31/43 ... yes 9/44 ... yes 32/45 ... yes 9/46 ... yes 9/47 ... yes 33/48 ... yes 38/49 ... yes 38/50 ... yes 33/51 ... yes 31/52 ... yes 36/54 ... yes 40/55 ... yes 5/56 ... yes 38/57 ... yes 31/58 ... yes 7/59 ... yes 31/60 ... yes 5/63 ... yes 46/64 ... yes 23/66 ... yes 47/68 ... yes 47/69 ... yes 16/70 ... yes 21/71 ... yes 49/72 ... yes 46/73 ... yes 38/74 ... yes 31/75 ... yes 31/79 ... yes 5/80 ... yes 5/81 ... yes 5/82 ... yes 50/83 ... yes 50/84 ... yes 50/85 ... yes 31/86 ... yes 5/87 ... yes 5/88 ... yes 31/89 ... yes 31/90 ... yes 31/91 ... yes 38/92 ... yes 52/93 ... yes 47/94 ... yes 49/95 ... yes 54/96 ... yes 172/97 ... yes 172/98 ... yes 172/99 ... yes 172/100 ... yes 172/101 ... yes 172/102 ... yes 172/103 ... yes 172/104 ... yes 16/105 ... yes 5/106 ... yes 172/107 ... yes 38/108 ... yes 50/109 ... yes 50/110 ... yes 50/111 ... yes 49/112 ... yes 5/114 ... yes 50/115 ... yes 47/117 ... yes 5/118 ... yes 50/119 ... yes 50/120 ... yes 5/121 ... yes 23/122 ... yes 50/123 ... yes 47/124 ... yes 68/125 ... yes 50/126 ... yes 50/127 ... yes 47/128 ... yes 57/129 ... yes 16/130 ... yes 47/132 ... yes 9/133 ... yes 31/134 ... yes 31/135 ... yes 50/136 ... yes 47/137 ... yes 50/138 ... yes 50/139 ... yes 21/140 ... yes 50/141 ... yes 21/142 ... yes 50/143 ... yes 32/144 ... yes 47/146 ... yes 47/147 ... yes 9/148 ... yes 47/149 ... yes 9/150 ... yes 31/151 ... yes 50/152 ... yes 81/154 ... yes 81/155 ... yes 81/156 ... yes 57/157 ... yes 57/158 ... yes 57/159 ... yes 47/160 ... yes 85/162 ... yes 47/163 ... yes 172/164 ... yes 88/166 ... yes 89/167 ... yes 47/168 ... yes 21/169 ... yes 31/170 ... yes 91/171 ... yes 91/172 ... yes 91/173 ... yes 16/174 ... yes 47/175 ... yes 96/176 ... yes 5/177 ... yes 5/178 ... yes 47/179 ... yes 2/180 ... yes 70/181 ... yes 5/182 ... yes 5/183 ... yes 47/184 ... yes 47/185 ... yes 103/187 ... yes 31/188 ... yes 31/189 ... yes 45/190 ... yes 103/191 ... yes 16/193 ... yes 31/194 ... yes 115/195 ... yes 152/196 ... yes 152/197 ... yes 103/198 ... yes 16/199 ... yes 45/200 ... yes 103/201 ... yes 57/202 ... yes 16/203 ... yes 103/204 ... yes 47/205 ... yes 81/206 ... yes 16/207 ... yes 152/208 ... yes 152/209 ... yes 47/210 ... yes 151/211 ... yes 151/212 ... yes 151/213 ... yes 151/214 ... yes 151/215 ... yes 172/216 ... yes 103/217 ... yes 16/218 ... yes 50/219 ... yes 16/220 ... yes 156/221 ... yes 16/222 ... yes 16/224 ... yes 157/225 ... yes 157/226 ... yes 81/227 ... yes 16/228 ... yes 9/229 ... yes 31/232 ... yes 103/233 ... yes 5/234 ... yes 5/235 ... yes 9/236 ... yes 9/237 ... yes 179/238 ... yes 159/239 ... yes 160/240 ... yes 31/241 ... yes 165/242 ... yes 16/243 ... yes 166/244 ... yes 5/245 ... yes 16/246 ... yes 173/247 ... yes 172/248 ... yes 50/249 ... yes 16/250 ... yes 46/252 ... yes 2/253 ... yes 50/255 ... yes 151/256 ... yes 9/257 ... yes 16/258 ... yes 160/259 ... yes 81/260 ... yes 81/261 ... yes 81/262 ... yes 171/263 ... yes 174/264 ... yes 174/265 ... yes 174/266 ... yes 175/267 ... yes 174/268 ... yes 47/269 ... yes 174/270 ... yes 2/271 ... yes 174/272 ... yes 174/273 ... yes 160/274 ... yes 31/275 ... yes 50/276 ... yes 177/277 ... yes 160/279 ... yes 179/280 ... yes 16/281 ... yes 160/283 ... yes 32/284 ... yes 166/285 ... yes 181/286 ... yes 182/287 ... yes 160/288 ... yes 160/289 ... yes 160/290 ... yes 160/291 ... yes 160/292 ... yes 160/293 ... yes 160/294 ... yes 160/295 ... yes 160/296 ... yes 160/297 ... yes 160/298 ... yes 160/299 ... yes 160/300 ... yes 160/301 ... yes 160/302 ... yes 160/303 ... yes 160/304 ... yes 160/305 ... yes 160/306 ... yes 160/307 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.3.5 ? ... yes (2.4.4) Git version >= 2.9.5 ? ... yes (2.17.1) Git user has default SSH configuration? ... yes Active users: ... 39 Elasticsearch version 5.1 - 5.5? ... yes (5.3.1)

Checking GitLab ... Finished

</details>

### Possible fixes

Either a none Member cant invoke the pipeline at all no matter his user roles.
Or, preferable, an admin can invoke pipelines he is not a member of.