Custom instance-level project templates requires role even the template project is Public
Summary
The documentation of the "Custom instance-level project templates" describes as following:
Public projects can be selected by any authenticated user as a template for a new project, if all enabled project features except for GitLab Pages and Security and Compliance are set to Everyone With Access. The same applies to internal projects.
However, actual behavior is: The user needs to have the Reporter or higher role to use instance-level project template even the template project is Public project with "Everyone With Access" for all project features
Steps to reproduce
- Create a Public group.
- Create a Public project under the group.
- Set up the Custom instance-level project templates
- Create a new project by user who has Reporter or higher role to template → A user can create a project by using template
- Create a new project by user who has Guest role, or do not have a role to template → A user can not select template
Example Project
- Group / Project
- Project features
- Instance-level project templates setting
- Authenticated user who has no role for the project can not select that template
- Authenticated user who has the "Reporter" role for the project can select that template
What is the current bug behavior?
- The user needs to have the Reporter or higher role to use instance-level project template even the template project is Public project with "Everyone With Access" for all project features
What is the expected correct behavior?
- Public projects can be selected by any authenticated user as a template for a new project, if all enabled project features except for GitLab Pages and Security and Compliance are set to Everyone With Access.
Relevant logs and/or screenshots
Please see above screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
\[ec2-user@ip-172-31-30-219 \~\]$ sudo gitlab-rake gitlab:env:info System information System: Proxy: no Current User: git Using RVM: no Ruby Version: 3.0.6p216 Gem Version: 3.4.14 Bundler Version:2.4.16 Rake Version: 13.0.6 Redis Version: 7.0.12 Sidekiq Version:6.5.7 Go Version: unknown GitLab information Version: 16.2.1-ee Revision: 6b31b6040be Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 13.11 URL: https://gitlab.kosk1011.tokyo HTTP Clone URL: https://gitlab.kosk1011.tokyo/some-group/some-project.git SSH Clone URL: git@gitlab.kosk1011.tokyo:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 14.23.0 Repository storages: \- default: unix:/var/opt/gitlab/gitaly/gitaly.socket GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell
Results of GitLab application Check
Expand for output related to the GitLab application check
\[ec2-user@ip-172-31-30-219 \~\]$ sudo gitlab-rake gitlab:check SANITIZE=true Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version \>= 14.23.0 ? ... OK (14.23.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes (cluster/worker) ... 1/1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Cable config exists? ... yes Resque config exists? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Systemd unit files or init script exist? ... skipped (omnibus-gitlab has neither init script nor systemd units) Systemd unit files or init script up-to-date? ... skipped (omnibus-gitlab has neither init script nor systemd units) Projects have namespace: ... 2/1 ... yes 4/2 ... yes 12/3 ... yes 15/4 ... yes 12/5 ... yes 15/6 ... yes 22/7 ... yes 21/8 ... yes 25/9 ... yes 25/10 ... yes 4/11 ... yes 29/12 ... yes 4/13 ... yes 4/14 ... yes 4/15 ... yes 51/19 ... yes 56/20 ... yes Redis version \>= 6.0.0? ... yes Ruby version \>= 2.7.2 ? ... yes (3.0.6) Git user has default SSH configuration? ... yes Active users: ... 5 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Elasticsearch version 7.x-8.x or OpenSearch version 1.x ... skipped (Advanced Search is disabled) All migrations must be finished before doing a major upgrade ... skipped (Advanced Search is disabled) Checking GitLab App ... Finished Checking GitLab subtasks ... Finished \[ec2-user@ip-172-31-30-219 \~\]$