Remove access control logic for embedded observability (!112856) · Merge requests · GitLab.org / GitLab

Daniele Rossetti requested to merge rossetd/fix-goui-subgroup-access into master Feb 23, 2023

What does this MR do and why?

Fixes gitlab-org/opstrace/opstrace-ui#242 (closed)

This MR revert changes introduced by !112021 (merged).

We found some use cases (e.g. gitlab-org/opstrace/opstrace-ui#242 (closed)) that were not handled by the recent change. After discussing it with the team, we decided to go in a different direction and remove the access control logic from Rails side, and just rely on GOUI/GOB to handle user permissions. Meaning that from Rails side we will still try and render the embedded iframe. The iframe will in turn fail to load in case the required permissions are missing ( iframe load failures will be handled separately ).

Instead of simply revert the commit, I've done it manually as I wanted to keep some of the tests refactor introduced by !112021 (merged)

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Feb 24, 2023 by Daniele Rossetti

Remove access control logic for embedded observability

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports