Consolidate AI feature authorization logic (!137211) · Merge requests · GitLab.org / GitLab

Jessie Young requested to merge jy-centralize-policy-authorization-in-class into master Nov 17, 2023

What does this MR do and why?

Previously, each policy was checking the following things:
- ai_global_switch ops FF enabled
- AI license available
- AI feature available via StageCheck
- Is the user actually a member of the parent resource? (only members can use AI features)
Not surprisingly, given the number of things to check, this was done somewhat inconsistently throughout the policies.
This MR uses "Llm::FeatureAuthorizer", which handles this logic.
Now, any permissions checks related to AI features can call Llm::FeatureAuthorizer and be confident that they are making all of the correct checks.
This is a follow-up to the fix for #422754 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 11, 2023 by Jessie Young

Consolidate AI feature authorization logic

What does this MR do and why?

MR acceptance checklist

Merge request reports