Add manage group members as custom permission
What does this MR do and why?
It adds a new custom permission - admin group members. Users assigned to member role with admin_group_member can add, delete or update group members.
The feature is currently under admin_group_member feature flag.
How to set up and validate locally
- Enable
admin_group_memberfeature flagFeature.enable(:admin_group_member) - Create a new custom role that enables
admin_group_memberas described here
curl --request POST --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"base_access_level" : 10, "admin_group_member" : true}' "https://gdk.test:3443/api/v4/groups/$YOUR_GROUP_ID/member_roles"
- Assign this role to a group guest, developer or maintainer using REST API endpoint
curl --request PUT --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"member_role_id": '$MEMBER_ROLE_ID', "access_level": 10}' "https://gdk.test:3443/api/v4/groups/$ID/members/$GUEST_USER_ID"
- Check if the user can do the following actions:
- invite a user to the group
- delete a group member
- update a group member
- using admin-related group members endpoints in the REST API
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #17364 (closed)