Prevents non-team members to see data on AI Agents
What does this MR do and why?
While we have not properly implemented feature access control for ai agents (#440955), we should be more strict on non-project member users from seeing data. This MR disables :read_ai_agents
from non-team members of a project (:write_ai_agents
already required at least reporter role)
How to set up and validate locally
Example below:
- In rails console
Feature.enable(:agent_registry) user = User.last project = Project.first project_policy = ProjectPolicy.new(user, project) project.member?(user) # => false project_policy.debug(:read_ai_agents) # enabled should be false
Merge request reports
Activity
changed milestone to %16.9
assigned to @eduardobonet
added AI Agents IncubationMLOps featureconsolidation groupmlops typefeature labels
added Category:MLOps devopsmodelops sectiondata-science labels
- Resolved by Peter Leitzen
Hi @splattael could you maintain backend on this mr? It is pretty straight forward, so I am skipping the first review
requested review from @splattael
- A deleted user
added backend label
1 Message CHANGELOG missing: If this merge request needs a changelog entry, add the
Changelog
trailer to the commit message you want to add to the changelog.If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.
Reviewer roulette
Category Reviewer Maintainer backend @carlad-gl
(UTC+1, same timezone as author)
@tachyons-gitlab
(UTC+5.5, 4.5 hours ahead of author)
~"Authorization" Reviewer review is optional for ~"Authorization" @hmehra
(UTC+11, 10 hours ahead of author)
Please check reviewer's status!
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger- Resolved by Peter Leitzen
requested review from @alexbuijs
E2E Test Result Summary
allure-report-publisher
generated test report!e2e-test-on-gdk:
test report for aad6808aexpand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Create | 53 | 0 | 12 | 5 | 65 | ✅ | | Verify | 31 | 0 | 0 | 0 | 31 | ✅ | | Monitor | 7 | 0 | 0 | 0 | 7 | ✅ | | Package | 21 | 0 | 2 | 0 | 23 | ✅ | | Govern | 65 | 0 | 1 | 0 | 66 | ✅ | | Analytics | 2 | 0 | 0 | 0 | 2 | ✅ | | Data Stores | 31 | 0 | 1 | 0 | 32 | ✅ | | Plan | 53 | 0 | 0 | 0 | 53 | ✅ | | Release | 5 | 0 | 0 | 0 | 5 | ✅ | | Manage | 0 | 0 | 1 | 0 | 1 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 268 | 0 | 17 | 5 | 285 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
requested review from @splattael
- Resolved by Peter Leitzen
@splattael
, thanks for approving this merge request.This is the first time the merge request has been approved. To ensure we don't only run predictive pipelines, and we don't break
master
, a new pipeline will be started shortly.Please wait for the pipeline to start before resolving this discussion and set auto-merge for the new pipeline. See merging a merge request for more details.
added pipeline:mr-approved label
removed review request for @alexbuijs
enabled an automatic merge when all merge checks for aad6808a pass
enabled an automatic merge when all merge checks for aad6808a pass
mentioned in commit bb86cbf2
added workflowstaging-canary label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added releasedcandidate label
added releasedpublished label and removed releasedcandidate label
added pipelinetier-3 label