Add admin_vulnerability to custom roles
Compare changes
Files
11+ 7
− 0
It adds the admin_vulnerability ability to custom roles.
Enable feature flag Feature.enable(:custom_roles_vulnerability)
Creates a personal access token with the API scope.
Pick a group with at least one project (project), pick a user who is member of this project (guest/reporter access level)
Create a custom role using the API: https://docs.gitlab.com/ee/api/member_roles.html#add-a-member-role-to-a-group
curl --request POST --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"base_access_level" : 10, "read_vulnerability" : true, "admin_vulnerability": true }' "http://localhost:3000/api/v4/groups/$YOUR_GROUP_ID/member_roles"
You can also test without "read_vulnerability" : true which should not work (read_vulnerbility is a requirement for admin_vulnerability)
Associates the member with the role using the Group and Project Members API endpoint
curl --request PUT --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"member_role_id": '$MEMBER_ROLE_ID', "access_level": 10}' "http://localhost:3000/api/v4/projects/$ID/members/$GUEST_USER_ID" Go to vulnerability report page (eg. http://localhost:3000/flightjs/Flight/-/security/vulnerability_report), click on vulnerability and try to change the vulnerability status
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #412536 (closed)