Check all users in the group hierarch
What does this MR do and why?
during X Ray scan API request, a query should be executed that checks if any member of a project with developer-level access or higher possesses an Add-On seat, and authorize API call if that is the case. Or do you have other approach in mind?
- Request Initiated: When an XRay scan is requested, the API triggers a verification process.
- Verification Query: The system executes a query to check all members of the project who have developer-level access or higher.
- Check Add-On Seats: For each of these members, the system checks if they possess an Add-On seat in any group within GitLab.
- Authorization: If any such member is found, the XRay scan is authorized for the project, regardless of the specific group hierarchy or the direct assignment of the Add-On seat to the project or its direct parent group.
For the first iteration I think we can run this query. In the future we could think about some kind of caching
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Related to #456449 (closed)