User with custom role + read_code can view MD link (!115916) · Merge requests · GitLab.org / GitLab

Jessie Young requested to merge jy-bugfix-markdown into master Mar 27, 2023

What does this MR do and why?

Previously, links were broken because the download_code ability was checked

Screenshots or screen recordings

Before (viewing private project README as custom guest user with read_code):

After (viewing private project README as custom guest user with read_code):

How to set up and validate locally

To reproduce:
- As an admin, create a custom role with read_code for a group: https://docs.gitlab.com/ee/user/permissions.html#custom-roles
- Add a private project to that group
- Add an image to the private repo's README or other markdown file
- Add a user to the private project with the custom role
- Before this MR: image link is broken
- After this MR: image link works as expected

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Mar 29, 2023 by Jessie Young

User with custom role + read_code can view MD link

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports