Consume seat when Guest's permissions are elevated using custom roles
What does this MR do and why?
In Only allowing additive custom roles (#375574 - closed) we introduced custom roles.
We are going to introduce more custom roles, but we want to make sure we are charging Ultimate customers for guest users, who have "elevated" permissions.
This MR covers the framework for adding more permissions to custom roles and making sure guests are counted as billable users. It also allows deciding with each added permission if we want to make this permission elevating - if adding this permission to a member role makes the seat consumed or not (like with read_code permission, that is already added).
This change only covers billable users on SaaS, so billable users that are counted towards namespace subscription.
Screenshots or screen recordings
Before:
After:
How to set up and validate locally
This is a bit tricky as we don't have right now additional permissions that should elevate the role to consumable seat.
- Simulate a SaaS instance
- Make sure group you are using is on Ultimate Plan.
- The only permission we can use right now for testing is
:download_code, so we need to comment the line 5 in the MemberRole class (the one that adds the thedownload_codeto the ignored columns). - Add
:download_codeto the ELEVATING_PERMISSIONS array. - Add member role that has
download_codeattribute set to true. - Associate this member role with member of a group on a Guest level.
- See the
Settings > Usage Quotaand verify if the guest user with elevating permission is listed there.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #390269 (closed)