Prevent showing repos in the merge request dropdown that are inacessible
What does this MR do and why?
As a follow-up to Show SAML message when reauthorization needed (!121879 - merged), this prevents any inaccessible branches (due to not being authorized with SAML) from being listed as an option on new merge requests.
How to set up and validate locally
-
Setup the GDK to use Group SAML with a specific group. For example:
Flightjs
(will use this going forward) - Login as a test user with SAML at (if you're using the method above with the gdk, the easiest way is to use one of the test users:
user_1/user1pass
at https://localhost:8443/simplesaml/saml2/idp/SSOService.php) - With
root
(in a private window), adduser_1
as a member toFlightjs
("maintainer" level will do) - Back in
user_1
's window, create a private fork (user_1/User1Fork
) of a your SAML-protected project (flightjs/Flight
) in user_1's personal namespace - As
user_1
, visit https://gdk.localhost:3443/-/profile/password/edit (in GitLab - not the SAML interface) and set a password foruser_1
so it can login to GitLab without SAML - Log
user_1
out of GitLab, log out of any SAML windows, (maybe restart your SAML docker just to be sure) and then use another private window to login asuser_1
to GitLab with the password (NOT SAML) you set in Step 5 - As
user_1
, create a new MR from your fork (user_1/User1Fork
) to the protected repo (flightjs/Flight
) - Confirm protected repo (
flightjs/Flight
) does not appear in the dropdown list
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #391765 (closed)
Edited by charlie ablett