Invite modal returns incorrect results if highest role originates from a group invite

Summary

When inviting a user to a group, the Select a role options are incorrect when the highest role originates from a group invitation. max_access_level seems to only return the direct role in the group. However, it can be higher if they are a member of an invited group.

Related to https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3694

Steps to reproduce

Scenario 1 - Empty list:

  1. Create two top-level groups
    • Group1
    • Group2
  2. Invite another user to Group2 as an Owner
  3. Invite Group2 to Group1 with an Owner role
  4. Have the other user Invite a member
  5. Observe that the role list is empty

Scenario 2 - Lower roles

  1. Create two top-level groups
    • Group1
    • Group2
  2. Invite another user to Group2 as an Owner
  3. Invite Group2 to Group1 with an Owner role
  4. Invite the other user with a Developer role to Group1
  5. Have the other user Invite a member
  6. Observe that the role list is limited to Developer, however, the user is actually an Owner

What is the current bug behavior?

Scenario 1:

  • No results found

Scenario 2:

  • Limited to Developer, however, actual role is Owner

What is the expected correct behavior?

Role selection considers group invite max role

Relevant logs and/or screenshots

image

Possible fixes

https://gitlab.com/gitlab-org/gitlab/-/blob/7614b3e86834d40c8c1a277f50283d58628d25f1/app/helpers/groups_helper.rb#L214