Show members of private group as approvers
What does this MR do and why?
Show members of private group as approvers
When an approval rule has a group that is considered hidden to the user then approvers are not shown. This is a problem when a private group has been added to an approval rule.
This change is to consider private groups that are invited to the project associated with the approval rule to be considered non-hidden
For more context: #281029 (comment 1807240087)
Query Plans
This change adds an additional query during project_groups calling project.invited_groups that results in a query like:
SELECT *
FROM "namespaces"
INNER JOIN "project_group_links" ON "namespaces"."id" = "project_group_links"."group_id"
WHERE "namespaces"."type" = 'Group'
AND "project_group_links"."project_id" = 278964query plan here: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/27397/commands/85304
The result of that is used in hidden_groups which performs a query like:
https://console.postgres.ai/gitlab/gitlab-production-main/sessions/27497/commands/85645
SELECT *
FROM "namespaces"
INNER JOIN "approval_project_rules_groups" ON "namespaces"."id" = "approval_project_rules_groups"."group_id"
WHERE "namespaces"."type" = 'Group'
AND "approval_project_rules_groups"."approval_project_rule_id" = 14315753
AND "namespaces"."id" NOT IN (2750817,
3887968,
5924764,
6150316);Before this change hidden_groups would perform a similar query but without the results from project_groups:
https://console.postgres.ai/gitlab/gitlab-production-main/sessions/27497/commands/85648
SELECT *
FROM "namespaces"
INNER JOIN "approval_project_rules_groups" ON "namespaces"."id" = "approval_project_rules_groups"."group_id"
WHERE "namespaces"."type" = 'Group'
AND "approval_project_rules_groups"."approval_project_rule_id" = 14315753
AND "namespaces"."id" != 3887968;Notably sometimes rule is an instance of ApprovalMergeRequestRule, but the resulting queries are similar
For example
SELECT *
FROM "namespaces"
INNER JOIN "approval_merge_request_rules_groups" ON "namespaces"."id" = "approval_merge_request_rules_groups"."group_id"
WHERE "namespaces"."type" = 'Group'
AND "approval_merge_request_rules_groups"."approval_merge_request_rule_id" = 269
AND "namespaces"."id" != 2962 Hash Join (cost=7.54..14.83 rows=1 width=434) (actual time=0.278..0.338 rows=1 loops=1)
Hash Cond: (namespaces.id = approval_merge_request_rules_groups.group_id)
-> Index Scan using index_namespaces_on_organization_id_for_groups on namespaces (cost=0.14..7.14 rows=114 width=414) (actual time=0.091..0.271 rows=132 loops=1)
Filter: (id <> 2962)
Rows Removed by Filter: 1
-> Hash (cost=7.29..7.29 rows=8 width=20) (actual time=0.039..0.039 rows=2 loops=1)
Buckets: 1024 Batches: 1 Memory Usage: 9kB
-> Index Scan using index_approval_merge_request_rules_groups_1 on approval_merge_request_rules_groups (cost=0.15..7.29 rows=8 width=20) (actual time=0.029..0.031 rows=2 loops=1)
Index Cond: (approval_merge_request_rule_id = 269)
Planning Time: 0.955 ms
Execution Time: 0.413 ms
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Create a private group (
private-group-b) - Create a project
- Invite the private subgroup to the project
- Add a
CODEOWNERSfile to the project. For example
*.txt @private-group-b- Create a protected branch and require code owner approval
- Create merge request that changes something requiring code owner approval
- Invite another user to the project
- As the other user, see that the approvers for the code owner rule are missing from the approval rules widget in the merge request
- Enable the
show_private_groups_as_approversfeature flag - Check the widget again and see that the approvers are present.
Related to #281029 (closed)
Merge request reports
Activity
changed milestone to %16.11
added CISP1 Category:Source Code Management CodeOwners Deliverable SLONear Miss [deprecated] Accepting merge requests approvals backend backend-weight2 bugfunctional customer devopscreate groupsource code missed-deliverable missed:14.3 missed:14.4 priority2 reproduced on GitLab.com sectiondev severity2 typebug workflowin dev labels
assigned to @j.seto
- A deleted user
added database databasereview pending feature flag labels
2 Warnings 
5350549a: The commit subject must start with a capital letter. For more information, take a look at our Commit message guidelines. 5350549a: The commit subject and body must be separated by a blank line. For more information, take a look at our Commit message guidelines. Reviewer roulette
Category Reviewer Maintainer backend @shreyasagarwal(UTC+2, 2 hours ahead of author)
@johnmason(UTC-4, 4 hours behind author)
database @dgruzd(UTC+2, 2 hours ahead of author)
@mayra-cabrera(UTC-6, 6 hours behind author)
Please check reviewer's status!
-
Reviewer is available!
-
Reviewer is unavailable!
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
danger-reviewjob that generated this comment.Generated by
Edited by Ghost User-
Resolved by Mayra Cabrera- Last reply by Peter Leitzen
requested review from @zmartins
- Resolved by Mayra Cabrera
- Last reply by Jerry Seto
requested review from @ifarkas
removed review request for @zmartins
added pipeline:mr-approved label
Resolved by Mayra Cabrera
@zmartins, thanks for approving this merge request.This is the first time the merge request has been approved. To ensure we don't only run predictive pipelines, and we don't break
master, a new pipeline will be started shortly.Please wait for the pipeline to start before resolving this discussion and set auto-merge for the new pipeline. See merging a merge request for more details.
