Allow Jira organization admins to setup group links
What does this MR do and why?
Atlassian currently have 2 different user management types:
-
Centralized user management (also known as the new user management):
- This is the management type that seems to be enabled on newer Atlassian accounts
- This management type includes the following roles: Product admins, User access admins, Organization admins
-
Original user management
- This management type includes the following roles: Product admins, Site admins, Organization admins
Currently, GitLab requires that Jira users are a Site Administrator to link groups in the GitLab for Jira Cloud app. The Site Administrator is part of Atlassian's Original user management type.
Atlassian will now setup new Atlassian workspaces with Centralized user management, and are in the process of migrating existing Atlassian workspaces to Centralized user management. The Centralized user management type doesn't have a Site Administrator group, but the next closest group is Organization Administrators.
This MR does the following:
- Changes the Jira admin check to look for both site adminstrators and organization admins
- Renames
JiraUser.site_admin?
toJiraUser.jira_admin?
because the check is not specific to site administrators anymore - Updates the error message to mention organizational admins
- Updates the docs and recommends that readers use the organization admins
org-admins
group moving forward
More context can be found in this discussion #420687 (comment 1615083714)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
I opted to patch an existing Omnibus install to test this since the Rails application needs to be available over the internet https://handbook.gitlab.com/handbook/support/workflows/patching_an_instance/
Alternatively this would likely work with Gitpod too.
General steps are:
- If you don't have an Atlassian Workspace already, sign up for a free Jira account. This will also create a user (User Alpha)
- Add another Jira user in Atlassian to the new workspace. This will be the test Jira user for this MR (User Beta)
- Ensure you assign "Jira Product admin" privileges to Beta
- Keep Alpha signed in one window, and Beta signed into another.
- Beta: Follow the instructions to configure the Jira app with your GitLab instance https://docs.gitlab.com/ee/administration/settings/jira_cloud_app.html#connect-the-gitlab-for-jira-cloud-app
- Beta: Eventually, you will need to link groups in the Jira app. For each test, use Alpha to update the group permissions for Beta. You will need to refresh Beta's page for each test attempt.
- Test 1: Link a group. This should fail with an error because Beta is not a member of
org-admins
orsite-admins
yet - Test 2: Alpha adds Beta to
org-admins
. Beta links a group. This should succeed. Unlink the group. Alpha removes Beta fromorg-admins
. - Test 3: Alpha adds Beta to
site-admins
. Beta links a group. This should succeed. Unlink the group. Alpha removes Beta fromsite-admins
.
- Test 1: Link a group. This should fail with an error because Beta is not a member of
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.