CI_JOB_TOKEN scope UI does not display the namespace if user cannot read the namespace but can read the project
Problem
As part of the CI_JOB_TOKEN scope UI we have a UI that renders the namespace name separate from the project name in a table.
Sometimes the user has access to the project but not the namespace. For example a public project in a personal namespace.
The front end needs access to the namespace name alone for a public project so that is does not need to parse it out of the full name or the full path.
Currently, this causes a bug where the frontend namespace is null and the user sees no namespace.
Possible Solutions
-
Return the namespace name on the grapqhql
NamespaceType
if the user doesn't have access. This could lead to namespace sniffing. -
Return the namespace name on the
NamespaceType
if the user has access to the project but not the namespace. This leads to more complex code. -
No backend work - We could change the design to use existing information in the api about the namespace. No backend work. For instance we have the full display name for the project with the namespace. i.e.
Administrator / Project Name
or the full path to the project. i.e.root/project-name
🌟 -
Add the Namespace Display name to the project protected only by project level permissions and not namespace level permissions. If a user can see the project then they can see and know about the namespace name anyways. The downside of this solution is that it is duplicative.
Proposal
See Possible Solutions #3 (closed) as what was decided on #395635 (comment 1307874827). frontend only
Remove the Namespace
column and the Project with access
column will now show the project with its namespace e.g. namespace/project
. frontend can access this data via project.fullPath
in the query.
Implementation Note: Limit CI_JOB_TOKEN access
shares the same table component, so updating the layout of one will update the other.