Skip to content

Add manage group members as custom permission

What does this MR do and why?

It adds a new custom permission - admin group members. Users assigned to member role with admin_group_member can add, delete or update group members.

The feature is currently under admin_group_member feature flag.

How to set up and validate locally

  1. Enable admin_group_member feature flag Feature.enable(:admin_group_member)
  2. Create a new custom role that enables admin_group_member as described here

curl --request POST --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"base_access_level" : 10, "admin_group_member" : true}' "https://gdk.test:3443/api/v4/groups/$YOUR_GROUP_ID/member_roles"

  1. Assign this role to a group guest, developer or maintainer using REST API endpoint

curl --request PUT --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"member_role_id": '$MEMBER_ROLE_ID', "access_level": 10}' "https://gdk.test:3443/api/v4/groups/$ID/members/$GUEST_USER_ID"

  1. Check if the user can do the following actions:

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #17364 (closed)

Edited by Eduardo Sanz García

Merge request reports