Add before action to check if admin when admin is required
What does this MR do and why?
This MR attempts to add a pre check to the destroy action so that we can check if the user is an admin and actually able to delete the group. Otherwise, deleting a group when the Allowed to delete projects
is set to admins only would result in a silent fail.
Relates to:
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- As an Administrator, go to the Admin panel and navigate to
Settings > General > Visibility and access controls
- Set the
Allowed to delete projects
setting toAdministrators
and clickSave Changes
- Navigate to any group and impersonate a user who is an Owner of the group.
- As the Owner, attempt to delete the group under
Settings > General > Advanced > **Remove group**
- You should get redirected to the group page and get the banner.
- Stop impersonating the Owner user in the upper left.
- As Admin, go back to
Settings > General > Visibility and access controls
- Set the
Allowed to delete projects
setting toOwners and Administrators
and clickSave Changes
- Impersonate the same Owner user again and attempt to delete the group under
Settings > General > Advanced > **Remove group**
- The Owner should now be able to delete the group and it should be scheduled for deletion.