Improve access control model for embedded Observability
What does this MR do and why?
This is the second part of the work required to improve access control to GitLab Observability features (gitlab-org/opstrace/opstrace-ui#191 (closed) + !110645 (merged))
We want to restrict embedded Observability elements to only the developers a the group. It additionally prevents embedding invalid links.
Screenshots or screen recordings
NA
How to set up and validate locally
- Setup GDK with GOUI https://gitlab.com/gitlab-org/opstrace/opstrace-ui/-/blob/main/contribute/developer-guide.md#local-gdk
- Embed a link in an issue/MR description/comments with a group-id for which the user is not a developer. Note that the Observability UI is not embedded (Format of the embedded link should be "https://observe.gitlab.com/GROUP_ID/explore")
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Before Merging
-
Wait until !112019 (merged) and !110645 (merged) are merged
Edited by Daniele Rossetti