Expose project settings in REST API only for maintainer+ users (!152023) · Merge requests · GitLab.org / GitLab

Hinam Mehra requested to merge 442899-update-project-rest-api into master May 06, 2024

What does this MR do and why?

Expose project settings in REST API only for maintainer+ users

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Add a user to as a Guest to a project.
Create a personal access token as that user and then query the REST API curl --header "Authorization: Bearer <ACCESS-TOKEN>" "http://127.0.0.1:3000/api/v4/projects/<PROJECT_ID>"
You shouldn't see any project settings.
However, if you upgraded that user to the Maintainer of the project, you should see all the project settings

Related to #442899 (closed)

Edited May 08, 2024 by Hinam Mehra

Expose project settings in REST API only for maintainer+ users

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports