Skip to content

Auto check/uncheck dependent permissions when creating custom roles

Daniel Tian requested to merge 430920-check-and-uncheck-dependent-permissions into master

What does this MR do and why?

For the Roles and Permissions page in a group's settings:
ksnip_20231207-023221

Clicking on the Add new role button opens the create new role form:
ksnip_20231222-150214

Some permissions in the form depend on other permissions being checked. For example, in order to check Admin vulnerability, Read vulnerability must also be checked. Previously, you had to submit the form to be notified of this dependency: Peek_2023-12-22_15-11

This MR changes it so that dependent permissions will be checked/unchecked automatically with the permission. It follows these rules:

  1. If permission A is checked and it depends on permission B, permission B will be checked.
  2. If permission B is unchecked and permission A depends on it, permission A will be unchecked.
  3. If permission A is checked, which then checks permission B, unchecking permission A will not uncheck permission B, because permission B does not depend on permission A.

Peek_2023-12-22_15-15

How to set up and validate locally

  1. Set your local gdk instance to SAAS mode by running this in a terminal and (re)starting GDK:
export GITLAB_SIMULATE_SAAS=1
  1. To go Admin Area -> Overview -> Groups.
  2. Click on the Edit button next to a top-level group, change the group's plan to Ultimate, and click on Save changes at the bottom of the page:
ksnip_20231222-111655
  1. Go to the group's page, then go to Settings -> Roles and Permissions.
  2. Click on the Add new role button on the upper right.
  3. Click on Admin vulnerability to check it. Verify that Read vulnerability is automatically checked as well.
  4. Click on Read vulnerability to uncheck it. Verify that Admin vulnerability is automatically unchecked as well.
  5. Check Admin vulnerability again, then uncheck it. Verify that Read vulnerability still remains checked.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #430920 (closed)

Edited by Daniel Tian

Merge request reports