Add policies for handling custom roles (!136090) · Merge requests · GitLab.org / GitLab

Jarka Košanová requested to merge 429455-member-role-policies into master Nov 06, 2023

What does this MR do and why?

It adds policies for handling custom roles. Until now we checked permissions for admin_group or admin_group_member but we didn't specify what should we actually check and also admin_group or admin_group_member gets insufficient with introduction of member roles on instance level.

We decided (see the related issue) that group owners should be able to read and admin member roles on the group level and instance admins should be able to read & admin roles on the instance level.

This MR adds the respective policy rules & changes the current permission checks.

How to set up and validate locally

This is just a background change, no change in functionality. But you can check everything is working by playing around with member roles of a (root) group (eg.https://gdk.test:3443/groups/flightjs/-/settings/roles_and_permissions).

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #429455 (closed)

Edited Nov 17, 2023 by Jarka Košanová

Add policies for handling custom roles

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports