changes in audit events view UI removes all events - when using an auditor account - owing to addition of author_username= to the URI

Summary

When viewing a group's audit events with an auditor account:

• initially records are loaded

• selecting last 7 days sends the URL:

  https://gitlab.com/groups/gitlab-org/-/audit_events?created_after=2022-11-29&created_before=2022-12-05&entity_type=Author&author_username=<USER>

  • no records display.
  • Copying this URL from developer tools and removing &author_username=<USER> results in events showing

• changing the data range sends:

  https://gitlab.com/groups/gitlab-org/-/audit_events?created_after=2022-11-24&created_before=2022-12-05&entity_type=Author&author_username=<USER>

• sorting sends:

  https://gitlab.com/groups/gitlab-org/-/audit_events?created_after=2022-11-24&created_before=2022-12-05&entity_type=Author&sort=created_asc&author_username=<USER>

Steps to reproduce

• Log into GitLab.com as an auditor account.
• Browse to a project group with audit events, eg: https://gitlab.com/groups/gitlab-org
• Modify view using the last 7 days (etc) buttons, date range, sort etc.

Example Project

What is the current bug behavior?

Operating the audit events view with an auditor account results in &author_username=<USER> being added to the URI. This prevents the view from returning any records.

What is the expected correct behavior?

Auditor accounts can interact with the audit events view.

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Possible fixes