Skip to content

PUT /[groups|projects]/:id/members/:user_id accepts member_role_id

Jessie Young requested to merge jy-deassociate-custom-role into master

What does this MR do and why?

  • member_role_id is the attribute used to associate a member record with a custom role (member_role)
  • By adding this param to the PUT endpoint, we are enabling:
    • associating group members with custom roles
    • associating project members with custom roles
    • de-associating group/project members from a custom role (removing a custm role from a user)
  • Custom roles is a feature available to Ultimate customers and is currently behind the customizable_roles feature flag: https://gitlab.com/gitlab-org/gitlab/-/blob/c9c210dced6696277734ecceaa4abef59f9817c3/ee/config/feature_flags/development/customizable_roles.yml
  • A previous MR added a PATCH /groups/:id/members/:user_id/member_role endpoint for associating existing group members with a custom role.
  • The PATCH endpoint can be removed after this is merged because that behavior is now covered by the existing endpoint.
  • #387769 (closed)
  • #385495 (closed)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

  1. Enable the customizable_roles feature flag for the top-level Ultimate licensed group for which you are the owner and plan to create custom roles.
  2. Create the custom GUEST role for the group via the API: 
     curl --request POST --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"base_access_level":10, "read_code":1}' "http://localhost:3000/api/v4/groups/$GROUP_PATH/member_roles"
  3. Invite a test user account to the root group as a GUEST
  4. Associate membership with a custom role using the API endpoint added in this MR 
     curl --request PUT --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"member_role_id":$MEMBER_ROLE_ID, "access_level": 10}' "http://localhost:3000/api/v4/groups/$GROUP_ID/members/$GUEST_USER_ID"

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Jessie Young

Merge request reports