Skip to content

Do not allow the last direct owner to leave top-level group

Bogdan Denkovych requested to merge do-not-allow-last-direct-owner-to-leave-top-level-group into master

What does this MR do and why?

Since gitlab-foss!26718 (merged) GitLab allows removing last owner from subgroup if parent group has owners.

Since !54587 (merged) GitLab prevents removal of the last group owner if the last group owner is a blocked user.

Since !88989 (merged) GitLab prevents removal hast human owner from leaving the group - exclude project bot owners when checking if there is only one last owner for a group.

This MR doesn't change the behavior for subgroups. It should be possible to remove the last direct owner from subgroup, assuming that its parent group always has at least one human owner and the subgroup inherits members. So that subgroup can never be locked/abandoned/left without any human-owner.

GitLab allows share a group with another group. Because of that, top-level groups can have inherited members too. In #375676 (closed) it was reported that the last direct human owner of a top-level group still can leave the group if there are inherited owners via any shared group. After removing the last direct owner of the top-level group owners, owners from the parent group can remove that group from list of members of the top-level group. That leads to the issue where the top-level group gets left without any human-owner.

"Perhaps we need to restrict last explicit owner from leaving the group even if they are in sub-group, or not allow sub group deletion if they are set as owner." by #375676 (comment 1121703775)

From technical perspective, not allowing group deletion from a list of members of the top-level group, in this case, could lead to complexity, especially in the codebase. Imagine the top-level group has a couple of groups in the member list; some of them have owners, and some of them have none. What if all direct owners are deleted from those groups(It is possible when those groups are subgroups of some other groups) - than top-level groups would be left without owners too. It is even difficult for me to describe what kind of complexity it could bring, it could even bring other issues in the logic I haven't mentioned. And eventually, I have doubts that preventing group deletion from the list of members is a good idea from the product and security perspective.

Changes in this MR do not allow the last direct owner to leave top-level group.

Fixes #375676 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Bogdan Denkovych

Merge request reports