Auto check/uncheck dependent permissions when creating custom roles
What does this MR do and why?
For the Roles and Permissions page in a group's settings:
![]() |
Clicking on the Add new role
button opens the create new role form:
![]() |
Some permissions in the form depend on other permissions being checked. For example, in order to check Admin vulnerability
, Read vulnerability
must also be checked. Previously, you had to submit the form to be notified of this dependency:
Peek_2023-12-22_15-11
This MR changes it so that dependent permissions will be checked/unchecked automatically with the permission. It follows these rules:
- If permission A is checked and it depends on permission B, permission B will be checked.
- If permission B is unchecked and permission A depends on it, permission A will be unchecked.
- If permission A is checked, which then checks permission B, unchecking permission A will not uncheck permission B, because permission B does not depend on permission A.
How to set up and validate locally
- Set your local gdk instance to SAAS mode by running this in a terminal and (re)starting GDK:
export GITLAB_SIMULATE_SAAS=1
- To go
Admin Area
->Overview
->Groups
. - Click on the
Edit
button next to a top-level group, change the group's plan toUltimate
, and click onSave changes
at the bottom of the page:
![]() |
- Go to the group's page, then go to
Settings
->Roles and Permissions
. - Click on the
Add new role
button on the upper right. - Click on
Admin vulnerability
to check it. Verify thatRead vulnerability
is automatically checked as well. - Click on
Read vulnerability to uncheck it
. Verify thatAdmin vulnerability
is automatically unchecked as well. - Check
Admin vulnerability
again, then uncheck it. Verify thatRead vulnerability
still remains checked.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #430920 (closed)
Edited by Daniel Tian