Allow assigning of guests to confidential issues (!139500) · Merge requests · GitLab.org / GitLab

Heinrich Lee Yu requested to merge 217613-allow-assigning-guests-to-confidential-issue into master Dec 12, 2023

What does this MR do and why?

Allows Guest-level assignees when updating issues. This is already possible on issue creation.

This is a chicken and egg problem:

A Guest user can only view a confidential issue if they are the author or assignee
A user can only be assigned to an issue if they can view the issue

Since we check permissions first before setting the assignee, the assignment fails.

This MR changes the permission check so that it checks :read_issue permission on the parent. So if a user can read regular issues on the project, they can be assigned to confidential issues.

Related to #217613 (closed)

How to set up and validate locally

Create a confidential issue
Assign a Guest user (or a non-member if project is public)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 13, 2023 by Heinrich Lee Yu

Allow assigning of guests to confidential issues

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports