Improve handling group_path param
What does this MR do and why?
It improves handling group_path param for MemberRoleCreate mutation. Until this change, when invalid group_path is provided, it returns an error on SaaS but creates instance level on self-managed. The param should not be allowed for self-managed at all (unless restrict_member_roles FF is disabled)
With this change the group_path param is handled as follows:
group_path param |
restrict_member_roles value |
result on SaaS | result on self-managed |
|---|---|---|---|
| valid | disabled | Group custom role created | Group custom role created |
| valid | enabled | Group custom role created | Not allowed param error |
| invalid | disabled | No access error | No access error |
| invalid | enabled | No access error | Not allowed param error |
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
Run following mutation on both SaaS and self-managed, with restrict_member_roles enabled and disabled. You should get results described in the table above.
Related to #436343 (closed)