Remove push_code check on Mutation.securityFindingCreateMergeRequest (!135294) · Merge requests · GitLab.org / GitLab

mo khan requested to merge 403153/mokhax/permission-specs into master Oct 26, 2023

What does this MR do and why?

In %17.0 the Developer role will no longer have the admin_vulnerability permission. To make sure that we're able to roll out this deprecation in a safe way this MR adds a spec to ensure that a user that belongs to a custom role with the :admin_merge_request permission is able to execute the securityFindingCreateMergeRequest mutation.

An example of where this mutation is used can be found in https://gitlab.com/gitlab-examples/security/security-reports/-/security/vulnerabilities/46961567

#403153 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 06, 2023 by mo khan

Remove push_code check on Mutation.securityFindingCreateMergeRequest

What does this MR do and why?

MR acceptance checklist

Merge request reports