Prevents non-team members to see data on AI Agents (!144202) · Merge requests · GitLab.org / GitLab

Eduardo Bonet requested to merge ai_agents/require_member_for_read_ai_agents into master Feb 08, 2024

What does this MR do and why?

While we have not properly implemented feature access control for ai agents (#440955), we should be more strict on non-project member users from seeing data. This MR disables :read_ai_agents from non-team members of a project (:write_ai_agents already required at least reporter role)

How to set up and validate locally

Example below:

In rails console

Feature.enable(:agent_registry)
user = User.last
project = Project.first
project_policy = ProjectPolicy.new(user, project)

project.member?(user) # => false

project_policy.debug(:read_ai_agents) # enabled should be false

Prevents non-team members to see data on AI Agents

What does this MR do and why?

How to set up and validate locally

Merge request reports