Update permissions to relate issues
What does this MR do and why?
As part of Revise permissions for work item relations (&10266), we are updating the minimum role needed to relate two issues to each other from Reporter to Guest.
Related to: #404798 (closed)
This MR updates permissions for the following actions:
Service
IssueLinks::CreateService: Creating a new issue-issue relation IssueLinks::DestroyService: Deleting a new issue-issue relation
REST Endpoint
API::IssueLinks: Create, update and delete issue-issue links
Quick Actions
-
/blocks: Guests are now able to invoke this quick action. -
/blocked_by: Guests are now able to invoke this quick action. -
/relate: Guests are now able to invoke this quick action.
How to set up and validate locally
Via the UI
- Create a private project
- Add several issues to the project (You can also test this with issues in different projects where the test user has Guest access)
- Invite a user to the project with the
Guestrole - Ensure that the guest user can add and remove issues from the 'Linked Items' section of the issues.
Via REST endpoints
export GUEST_PAT=<guest_access_token_here>
# Create a link with an existing issue
curl --request POST --header "PRIVATE-TOKEN: $GUEST_PAT" "http://gdk.test:3000/api/v4/projects/{SOURCE_PROJECT_ID}/issues/{SOURCE_ISSUE_IID}/links?target_project_id={TARGET_PROJECT_ID}&target_issue_iid={TARGET_ISSUE_IID}"
# Confirm that the link was successfully created
curl --header "PRIVATE-TOKEN: $GUEST_PAT" "http://gdk.test:3000/api/v4/projects{SOURCE_PROJECT_ID}/issues/{SOURCE_ISSUE_IID}/links"
# Remove a link from an issue
curl --request DELETE --header "PRIVATE-TOKEN: $GUEST_PAT" "http://gdk.test:3000/api/v4/projects/{SOURCE_PROJECT_ID}/issues/{SOURCE_ISSUE_IID}/links/{ISSUE_LINK_ID}"MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Joseph Wambua