Skip to content

Add admin compliance framework custom permission

Jarka Košanová requested to merge 411502-compliance-framework-custom-ab into master

What does this MR do and why?

It adds a new custom permission, admin compliance framework.

  • it adds a custom ability YAML file created by running ./ee/bin/custom-ability -d "Allows admin of compliance framework." -c compliance_management -p -i "#411502" admin_compliance_framework
  • the migration was generated by running rails g gitlab:custom_roles:code --ability admin_compliance_framework
  • the documentation was generated by running bundle exec rake gitlab:custom_roles:compile_docs

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Log in with a user who has a guest role in a group
  2. Make sure you can't access compliance-related views / endpoints (see below)
  3. Create a new custom permission enabling managing admin compliance framework - on self-managed in the admin UI (http://gdk.test:3000/admin/application_settings/roles_and_permissions), on SaaS in the group settings (eg. http://gdk.test:3000/groups/flightjs/-/settings/roles_and_permissions)
  4. Assign this custom role to the guest user (on group members page, eg. http://gdk.test:3000/groups/flightjs/-/group_members)
  5. Now test the compliance-related views / endpoints again, they now should be accessible and work as expected

Compliance-related views & endpoints

Group

  • Menu item Settings - General should be accessible
  • Only section Compliance frameworks should be visible there
  • And it should be possible to view, edit, and add compliance frameworks

Project

  • Menu item Settings - General should be accessible
  • Only section Compliance framework should be visible there
  • And it should be possible to change the project compliance framework
  • GraphQL mutation, example:
mutation {
  projectSetComplianceFramework(input: { 
    projectId: "gid://gitlab/Project/7",
    complianceFrameworkId: "gid://gitlab/ComplianceManagement::Framework/4"
  }) {
    project {
      id
    }
  }
}

Related to #411502 (closed)

Edited by Jarka Košanová

Merge request reports