Skip to content

Add current user to comparison services for permissions

Can Eldem requested to merge add-current-user-compare-services-ee into master

What does this MR do?

Issue ticket https://gitlab.com/gitlab-org/gitlab-ee/issues/14780

https://sentry.gitlab.net/gitlab/staginggitlabcom/issues/942845/?query=is:unresolved

We would like to add current_user to the comparison services objects so that when we serialise we can check their permissions. Hopefully this will solve the issue that we see in staging. More details are in the ticket.

CompareDependencyScanningReportsService < ::Ci::CompareReportsBaseService < ::BaseService
CompareContainerScanningReportsService < ::Ci::CompareReportsBaseService < ::BaseService
CompareSastReportsService < ::Ci::CompareReportsBaseService < ::BaseService

CompareMetricsReportsService doesn't need current_user at the moment

CompareMetricsReportsService  < ::Ci::CompareReportsBaseService < ::BaseService

::BaseService has already attribute called current_user we are just setting this attribute in this MR

Does this MR meet the acceptance criteria?

Should work

Conformity

Performance and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Rémy Coutable

Merge request reports