Inherited groups and Protected Branches/Tags
Summary
Currently, inherited groups cannot be selected in the dropdown list for the below options:
- Protected branches
Allowed to merge
Allowed to push and merge
- Protected tags
Allowed to create
The inherited groups individual members are accessible under the Users
section of the dropdown.
The current workaround is to invite the groups directly, however, some groups have the Prevent a project from being shared with groups setting enabled.
Steps to reproduce
- Create sub-group 1
- Invite a member to the group
- Create sub-group 2
- Invite sub-group 1 to sub-group 2 with a Max role of
Developer
- Create a project under sub-group 2
- Within the project, navigate to
Settings > Repository
- Expand Protected branches
- Either create or modify an existing protected branch and select the dropdown list for
Allowed to merge
orAllowed to push and merge
- Either create or modify an existing protected branch and select the dropdown list for
- Expand Protected tags
- Either create or modify an existing protected tag and select the dropdown list for
Allowed to create
- Either create or modify an existing protected tag and select the dropdown list for
- Observe the lack of inherited groups in the dropdowns
What is the current bug behavior?
- Inherited groups are not listed in the dropdown menu on the UI, however, members of those inherited groups are listed under the
Users
section. - If an inherited group is attempted to be added via the API, it responds with a status code
422
Unprocessable Entity
What is the expected correct behavior?
Inherited groups should be listed under the Groups
section
Relevant logs and/or screenshots
{
"message":[
"Merge access levels group does not have access to the project"
]
}
Protected tags:
{
"message": [
"Create access levels group does not have access to the project"
]
}
Possible fixes
Frontend
AutocompleteController - project_groups calls ::Autocomplete::ProjectInvitedGroupsFinder which surfaces :invited_groups
Backend
ProtectedRefAccess - validate_group_membership
Reported by customer in Zendesk ticket(internal)
Edited by Jiovanni Castillo