Skip to content

Prevents non-team members to see data on AI Agents

What does this MR do and why?

While we have not properly implemented feature access control for ai agents (#440955), we should be more strict on non-project member users from seeing data. This MR disables :read_ai_agents from non-team members of a project (:write_ai_agents already required at least reporter role)

How to set up and validate locally

Example below:

  1. In rails console
    Feature.enable(:agent_registry)
    user = User.last
    project = Project.first
    project_policy = ProjectPolicy.new(user, project)
    
    project.member?(user) # => false
    
    project_policy.debug(:read_ai_agents) # enabled should be false

Merge request reports