Subgroup owners not able to view compliance frameworks in subgroup settings
Overview
When a user is an Owner
of a subgroup but a maintainer or lower in the root group that has compliance frameworks available, an error is shown when attempting to view the list of compliance frameworks available to the subgroup.
How to reproduce
- Create a group and subgroup within it.
- In the root group, create a compliance framework.
- Add a user with Developer permissions to the root group.
- Give that same user Owner permissions in the subgroup directly.
- As that user, attempt to view the list of compliance frameworks either via the API or in the group settings page.
- Note that an error is returned because the user doesn't have Owner permissions in the root group.
Proposed resolution
-
OwnersAll users in subgroups should have read-only access to all of the compliance frameworks in the root group.
Original bug report
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
None currently
cc: @weitzel.jason-heb @djensen
Edited by Max Woolf