Security Center project selector returns no results for Auditor user
Summary
Auditor users are supposed to have read-only access to most areas of an instance. Auditor users are successfully able to see Group and Project-level Vulnerability Reports. However, when using the Security Center, these users are not able to use the project search/selector to customize its Vulnerability Report because it will not return or display any Projects.
Steps to reproduce
- Log in as an Auditor user.
- Got to the Security Center (More → Security)
- Click on
Settingsand attempt to search for any project
What is the current bug behavior?
When searching for projects, Auditor users are never able to see any results. This prevents them from adding any Projects to their Security center monitored projects list.
What is the expected correct behavior?
Auditor users can search for any Project in the instance, see the result, and add it to their Security Center monitored projects list.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)
Implementation plan
-
backend Fix the ProjectsFinderandEE::ProjectsFinderfinder classes to return all projects for the auditor users.