Enable create_vulnerability_feedback when admin_vulnerability is enabled (!135500) · Merge requests · GitLab.org / GitLab

mo khan requested to merge mokhax/403153/security-finding-dismiss into master Oct 30, 2023

What does this MR do and why?

In %17.0 the Developer role will no longer have the admin_vulnerability permission. To make sure that we're able to roll out this deprecation in a safe way this MR adds a spec to ensure that a user that belongs to a custom role with the :admin_vulnerability permission is able to execute the securityFindingDismiss mutation.

The securityFindingDismiss mutation requires the admin_vulnerability permission. It calls the ::VulnerabilityFeedback::CreateService and this service requires the :create_vulnerability_feedback permission. This MR updates the project policy to enable the :create_vulnerability_feedback permission when the :admin_vulnerability permission is enabled.

#403153 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 30, 2023 by mo khan

Enable create_vulnerability_feedback when admin_vulnerability is enabled

What does this MR do and why?

MR acceptance checklist

Merge request reports