You need to sign in or sign up before continuing.
Fix protected branch access inherited from parent group
Suppose you have this configuration:
- Subgroup
hello/world
- Subgroup
hello/mergers
. - Project
hello/world/my-project
has invited grouphello/world
to access protected branches. - The rule allows the group to merge but no one can push.
- User
newuser
has Owner access to the parent grouphello
.
Even though newuser
doesn't belong to hello/world
, the
user does belong to hello
, and so should have permission to
merge to protected branches. Besides, the user can't be added
directly to hello/world
because he is already an Owner.
To fix this, we expand the protected branch access to check to include membership in parent groups as well.
Closes #11323 (closed)
Edited by Stan Hu