Broadly extend organization owner group permissions (!145996) · Merge requests · GitLab.org / GitLab

Alex Pooley requested to merge 440355-admin-not-default-org-owner into master Feb 28, 2024

What does this MR do and why?

This is a first step in providing an organization owner with administrative rights for all entities within their organization. The core of this change is in !145996 (diffs) with the corresponding spec in !145996 (diffs)

Many spec files had to be adjusted in this MR because many tests have the following pattern:

with admin user do
  when in admin mode do
    ...
  end

  when not in admin mode do
    ...
  end
end

This creates a problem for this MR where when not in admin mode fails because the admin is often automatically assigned owner of the default organization. This MR essentially provides admin rights to organization owners within their organization which contradicts the previous expectation that the admin outside of admin mode would not have admin rights. To fix this problem we have to apply the ':without_default_org' trait when creating an admin user which prevents the admin from being added as an owner of the default organization.

Also note that some query counts increased because of the organization ownership checks.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Related to #440355 (closed)

Edited Mar 21, 2024 by Alex Pooley

Broadly extend organization owner group permissions

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports