Developer role does not have access to Protected Environments

Summary

According to the Protected Environment's documentation users assigned to a Developer role should be able to access Protected Environments if the are enabled on the project.

In the Allowed to Deploy dropdown menu, select the role, users, or groups you want to give deploy access to. Keep in mind that:

There are two roles to choose from: Maintainers: will allow access to all maintainers in the project. Developers: will allow access to all maintainers and all developers in the project. You can only select groups that are already associated with the project.

Steps to reproduce

  1. Create a GitLab repo using the yaml pasted below as .gitlab-ci.yml, with public visibility
  2. Add a user to the project and assign them to Developer

Screenshot_2020-08-05_at_11.06.49

  1. Change the production environment to be protected so that Allowed to deploy is set to Developers + Maintainers

Screenshot_2020-08-05_at_11.07.18

  1. As the Administrator, run the pipeline against master
  2. As the the Developer user, access the completed pipeline

Screenshot_2020-08-05_at_11.32.10

  1. It is not possible to manually execute the protected environment. It should be possible.

  2. As the Administrator, change the permissions of the user to Maintainer

Screenshot_2020-08-05_at_11.33.50

  1. The user can now execute the protected environment

Screenshot_2020-08-05_at_11.34.43

Example Project

Create a project with a placeholder README.md and this yaml

stages:
- test
- build
- review
- deploy


test:
  stage: build 
  script:
  - 'echo "Building and Testing Application: ${CI_PROJECT_NAME}"'

development:
  stage: review
  script:
  - 'echo "Deploying to ${CI_ENVIRONMENT_NAME}"'
  environment:
    name: ${CI_JOB_NAME}

staging:
  stage: deploy
  script:
  - 'echo "Deploying to ${CI_ENVIRONMENT_NAME}"'
  environment:
    name: ${CI_JOB_NAME}

production:
  stage: deploy
  when: manual
  script:
  - 'echo "Deploying to ${CI_ENVIRONMENT_NAME}"'
  environment:
    name: ${CI_JOB_NAME}

What is the current bug behavior?

(What actually happens)

What is the expected correct behavior?

(What you should see instead)

Relevant logs and/or screenshots

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise.)

Output of checks

(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

(If you can, link to the line of code that might be responsible for the problem)

Edited by Sean Carroll