"Re-deploy" buttons for protected environment is displayed to users who are not allowed to deploy

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Summary

In projects with Protected Environments settings, users who are not allowed to deploy "Re-deploy" button can see "Re-deploy to environment" button in the Environments page.

When the user clocks this button, the job is not actually triggered. But no error message is displayed either. This is a strange behavior, as "nothing happens".

Steps to reproduce

1. Set up the Protected Environments. And specify only Maintainer in "Allowed to deploy".
2. Run the deployment to the protected environments
3. Log in as a Developer
4. Go to Operate > Environments > environment name
5. The user who are Developer can see Re-deploy button

Example Project

https://gitlab.com/kkamiya_gl_premium_group/455866-issue-replication

What is the current bug behavior?

• Users who are not allowed to deploy can see "Re-deploy" button.
• Nothing happens when the user clicks that button.

What is the expected correct behavior?

Users who are not allowed to deploy can not see "Re-deploy" button. Or error message happens when the user clicks that button.

Relevant logs and/or screenshots

Left window is Developer (bug). And right window is Owner (expected behavior)

Please see 0:40 - 1:04

• screenshot 2023-10-04 12.20.00.mov

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info

This bug is happening in gitlab.com

Results of GitLab application Check

Expand for output related to the GitLab application check

This bug is happening in gitlab.com

Possible fixes