Skip to content

Ignore pending access requests when calculating the highest group role

Abdul Wadood requested to merge 424467-pending-request-role into master

What does this MR do and why?

Currently, inviting a group member to a subgroup fails with reporter or guest access if there's a pending access request of the same user in the parent group. This happens because when we calculate the highest group member access we don't ignore the pending access request. This change fixes this issue by just ignoring the pending access request as users with pending access requests are not members of the group.

This issue also affected the /api/v4/projects/:id API which has also been fixed.

Query plans

Before

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/25157/commands/79885

Raw query 
-- With pending requests
SELECT "members".*
FROM "members"
WHERE "members"."type" = 'GroupMember'
  AND "members"."source_type" = 'Namespace'
  AND "members"."source_type" = 'Namespace'
  AND "members"."source_id" IN
      (SELECT "namespaces"."id" FROM "namespaces" WHERE "namespaces"."type" = 'Group' AND "namespaces"."id" = 9970)
  AND "members"."user_id" = 10327656
ORDER BY "members"."access_level" DESC
LIMIT 1;

After

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/25157/commands/79886

Raw query 
-- Without pending requests
SELECT "members".*
FROM "members"
WHERE "members"."type" = 'GroupMember'
  AND "members"."source_type" = 'Namespace'
  AND "members"."source_type" = 'Namespace'
  AND "members"."source_id" IN
      (SELECT "namespaces"."id" FROM "namespaces" WHERE "namespaces"."type" = 'Group' AND "namespaces"."id" = 9970)
  AND "members"."user_id" = 10327656
  AND "members"."requested_at" IS NULL
ORDER BY "members"."access_level" DESC
LIMIT 1;

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

image

How to set up and validate locally

On master branch:

  1. Login user X and create group A1 and its subgroup B1
  2. Login user another user U and request access to group A1.
  3. Using user X try inviting the user U to B1 with Guest access level. You will get the above error in the screenshot.
  4. Repeat the above steps on this branch and the request should succeed.

Related to #424467 (closed)

Edited by Abdul Wadood

Merge request reports