Add ability to add read_code to custom roles

What does this MR do and why?

• download_code and read_code are now separate via #376180 (closed)
• for the first iteration of a customer-facing MVC, we want to provide the ability to customize read_code for a Guest user.
• We previously added the ability to customize download_code but we will be removing that for the customer MVC.
• This is all behind the customizable_roles feature flag
• #20277 (closed)

Database

UserMemberRolesInProjectsPreloader query before this change: https://explain.depesz.com/s/shQU

UserMemberRolesInProjectsPreloader query after this change: https://explain.depesz.com/s/yP4E

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

changed milestone to %15.7

added CAB Takeaway Community contribution Deliverable Enterprise Edition GitLab Ultimate [deprecated] Accepting merge requests auto updated customer devopsmanage frontend groupauthentication and authorization [DEPRECATED] permissions popular proposal potential proposal release post itemin review sectiondev typefeature workflowin dev + 1 deleted label

assigned to @jessieay

@s_awezec @kniechajewicz @doniquesmit @csouthard this merge request touches files that could potentially affect user growth or subscription cost management.

This message was generated automatically. You're welcome to improve it.

added backend database databasereview pending labels

	2 Warnings
	d1b55119: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines.
	Please add a merge request subtype to this merge request.

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Avielle Wolfe (@avielle) (UTC+0, 8 hours ahead of @jessieay)	Ethan Urie (@eurie) (UTC-5, 3 hours ahead of @jessieay)
database	Jon Jenkins (@jon_jenkins) (UTC-6, 2 hours ahead of @jessieay)	Mayra Cabrera (@mayra-cabrera) (UTC-6, 2 hours ahead of @jessieay)
~"migration"	No reviewer available	No maintainer available

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

added 1 commit

• 52644de8 - Add ability to add read_code to custom roles

Compare with previous version

added 337 commits

• 52644de8...65cfcab5 - 335 commits from branch master
• 0a0cc927 - Add ability to add read_code to custom roles
• 0dc2a800 - Spec hygiene

Compare with previous version

removed [deprecated] Accepting merge requests label

removed workflowin dev label

Hi @sgarg_gitlab - this needs a database review and I need to prepare a few things for DB review before I tag those folks but can you review this for ~"group::authentication and authorization" in the meantime?

The pipeline/spec failures are all for a single N+1 spec. be rspec spec/requests/projects/ml/experiments_controller_spec.rb:55 also fails on an updated local master so I don't think that it is related to my MR but I have asked about this in Slack.

requested review from @sgarg_gitlab

@ifarkas just an FYI on this MR. I spoke with @adil.farrukh today about the custom roles plan for %15.7 and even though we hope to move forward with Draft: POC: use flag_shih_tzu gem for storing p... (!106151 - closed) or similar for custom roles in the future, that is still in flux so in the meantime we are going to add a boolean field for read_code

resolved all threads

removed review request for @sgarg_gitlab

added 1 commit

• 414b947d - Add ability to add read_code to custom roles

Compare with previous version

changed the description