Fix bug when access_level is less than group_access
What does this MR do and why?
- When a group is invited with a higher access level than the user in the invited group, the correct custom role isn't applied.
- This MR fixes the SQL query so the correct custom permissions are pulled for the user.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or recording
Before | After |
---|---|
Screen_Recording_2024-09-18_at_1.10.46_PM | Screen_Recording_2024-09-18_at_1.08.38_PM |
How to set up and validate locally
- Simulate SaaS mode with
export GITLAB_SIMULATE_SAAS=1
- Pick/create two groups that you are an owner of.
- In the rails console:
# enable feature-flag
Feature.enable(:assign_custom_roles_to_group_links_saas)
# create custom role
MemberRole.create(name: "Guest + admin ci/cd", base_access_level: 10, admin_cicd_variables: true, namespace: <GROUP_1>)
-
Invite a user in group-1, assign the
Guest + admin ci/cd
role to that user -
Navigate to group-2, and using the
Invite a group
button, invite group-1 with theMaintainer
role -
In the rails console, check that the user has
admin_cicd_variables
permission in both group-1 and group-2.
Ability.allowed?(<USER>, :admin_cicd_variables, <GROUP_1>)
Ability.allowed?(<USER>, :admin_cicd_variables, <GROUP_2>)
Related to #443369
Edited by Hinam Mehra