User experience for Minimal Access permission level is poor
Problem to solve
Consider a scenario where we have an organization that adds all of its users to its top-level group with Minimal Access
permissions and then directly adds them to any subgroups and projects within that group that they need access to.
As an end user of this group it is not a good user experience to receive a 404
immediately upon logging into the group via SSO, due to the fact that I have Minimal Access
permissions. If I want to access a subgroup or project that I've been directly added to within the group I need to manually modify the URL to go directly there, or access them from my projects dashboard.
Notes from @ifarkas
: #351378 (comment 829346945)
When user is a member of a project, we grant
read_group
permission to the parent group. This is not the case when user is a member of a subgroup. There's an issue about this inconsistency in the group/project consolidation epic: #340421 (closed), where we decided to revoke this implicit access to make the behaviour consistent.
Proposal
Currently what is presented to a user with Minimal Access
is a 404 upon trying to access a group.
-
Instead users with minimal access should be directed to
../dashboard/groups
and have the group list be blank. -
If the user does not have direct access to a group and a permissions assigned
guest
or above, the group in question should not show in the../dashboard/groups
or../dashboard/projects
-
Include a banner message:
You currently do not have access to any subgroups or projects in [group name].