Skip to content

Hide `New project` button if visibility is restricted

Abdul Wadood requested to merge 384356-404-when-visibility-restricted into master

What does this MR do and why?

To understand what this MR is doing go through the description of the original MR here !110566 (merged).

The above MR was reverted because of the bug mentioned here in the revert MR description !111479 (merged).

This MR fixes the bug due to which the original MR was reverted i.e. New project button was not being shown for public groups even though only Private visibility was restricted from the admin area.

I have added comprehensive test coverage in spec/policies/group_policy_spec.rb to verify the fix for the revert which I'll explain below:

A group can contain projects with visibility equal to that of the group or tighter than it. Therefore the following holds:

  1. Public groups can contain public, internal, and private projects
  2. Internal groups can contain internal and private projects
  3. Private groups can only contain private projects

We're hiding the New project button if all the possible visibilities (equal to the group's visibility or tighter than it) are restricted from the admin area. I'll explain it with some examples:

  1. If private visibility is restricted then it's not possible to create projects in a private group so hide the New project button.
  2. If private visibility is restricted then it's possible to create projects in an internal group with internal visibility so show the New project button.
  3. If private and internal visibilities are restricted then it's not possible to create projects in an internal group so hide the New project button.
  4. If public visibility is restricted then it's possible to create internal and private projects in a public group so show the New project button.

The same above logic has been applied in the policy specs. Also note: The admin visibility restrictions don't apply to admin users.

Screenshots or screen recordings

Group overview

Before After
Screenshot_2023-02-02_at_5.32.46_PM Screenshot_2023-02-02_at_5.29.31_PM

Create new project

Before (after submitting form) After
Screenshot_2023-02-02_at_5.33.07_PM Screenshot_2023-02-02_at_5.31.25_PM

How to set up and validate locally

To valid the solution follow these steps !110566 (merged)

To validate the fix for the revert follow these:

  1. Create a public group
  2. Invite a user as an owner to the public group
  3. Go to the admin area -> Settings -> General -> Visibility and access controls
  4. In the Restricted visibility levels setting check only Private. Save the form.
  5. Go to the admin area -> Users
  6. Find the user you invited in step 2
  7. Click Impersonate
  8. Navigate to the group you created in step 1
  9. The New project button should be shown

What was missed in the original MR !110566 (merged)

  1. VisibilityLevelChecker only checks if the visibility level of the passed project is restricted or not. So if a public project is passed to it and public visibility is restricted it won't say that private and internal visibilities are possible.
  2. We were passing Project.new to it and by default Project.new creates a project with private visibility.
  3. Even if we pass the group's visibility to Project.new it won't account for tighter permissible visibilities like internal and private in a public group when public visibility is restricted.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #384356 (closed)

Merge request reports