Add Ability for User to Invite non-Member Group to Project, Add Admin/Group Owner Approval before Membership
Problem
As it stands today, users can only invite groups that they are members of to a project. Users are unable to invite groups they are not members of. Only GitLab admins can invite all teams.
This makes it impossible for teams to self-service manage access to their own repositories.
Proposal
-
When inviting other groups to the project, all groups should be searchable and able to be invited, NOT only the ones I am a member of (although we need to abide by "private means private" principle + inheritance when determining which results are returned)
-
If the user doing the invite has the ability to see the group, they can invite the group. If they don't have the ability to see the group, the group should not be returned during the search.
-
Any group member can invite a group/user to the project and an approval request is sent to maintainers/owners
-
Note: Need to work with UX to come up with the exact flow for this behavior, here are some questions to think about:
- How do admins/group owners view all of the outstanding requests?
- What information is passed to the admin/group owner (ex: who requested the invitation, when).
- Do the invitations automatically expire if not tended to by the group owner/admin?
- Are there bulk actions for managing a lot of requests?
- What happens when the admin approves? Denies? Does the originating user ever find out?