Replace query to get SAML users and service accounts
What does this MR do and why?
In the group and project member pages, the invite user modal is used to
query and filter users. When the top-level group has a SAML provider
enabled and the option Enforce SSO-only authentication for web activity for this group
only SAML users are returned.
Following !134570 (merged),
we replace the user API endpoint (/api/v4/users.json
) for the new
group user API endpoint (/api/v4/groups/[groupId]/users.json
) to get a
list of users that have a SAML identity connected to the group, or service
accounts created by the group or subgroups
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/424505
Screenshots or screen recordings
No changes.
Screen_Recording_2023-11-28_at_17.12.35
How to set up and validate locally
- Enabled SAML for a top-level group
- Enabled
Enforce SSO-only authentication for web activity for this group
. - Go to a group or project member page that belong to the top-level group in step #1
- Select
Invite members
button orInvite team members
from the navigation superbar.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
TODO in follow-ups
-
Remove filter_id from the backend -
Rename the users_filter from saml_provider_id
tosaml
-
Search for users when input is manually focused (as it should according to the test)