Deployment buttons are missing from environment page and grouped view when accessed as deployment-only users
Summary
Actionable buttons(re-deploy & rollback) are missing from Projects::EnvironmentsController:show(Deployments > Environments > Environment) page for protected environments when accessed as users with deployment-only access.
Buttons are missing from the grouped
environments view as well(Deployments > Environments > group folder > 'Show all'). Example URL: https://gitlab.example.com/project/environments/-/environments/folders/review
As a work-around, deployment-only users can use any of the following pages:
- Job page.
- Environments index(Deployments > Environments) page.
Steps to reproduce
- Set up Deployment-only access to protected environments for a user to a protected environment.
- Run a deployment as any user.
- Try accessing the
show
page(Deployments > Environments > Environment) of the above environment as the above user. It will not show re-deploy button. - Try accessing the same page as a maintainer user, it will show the available buttons(re-deploy or rollback).
To reproduce this for grouped view,
- Run two deployments with environment names
test-folder/env1
andtest-folder/env2
. - Now go to Deployments > Environments > test-folder > 'Show all'
- You'll find the re-deployment button missing if the view is accessed as deployment-only user. Button shows correctly for maintainer users.
I feel this is a ~bug , but I'll leave it to the product team to decide whether this request should be treated as a feature proposal.
What is the current bug behavior?
Describe what actually happens:
Deployment buttons are missing when accessing the environment page and grouped environments page as deployment-only users.
Describe what you should see instead:
Deployment buttons should show up when accessing the environment page and grouped environments page as deployment-only users.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Root cause
The rollback button partial requires create_deployment
permission in order to be visible, which a reporter does not have.
Proposal
A couple of options are discussed in the comments:
-
enable :create_deployment
when a reporter has access to a protected environment - #341182 (comment 1119814828) - Check the
play_build
permission instead - #341182 (comment 1120550020)