Fix bug when access_level is less than group_access (!166412) · Merge requests · GitLab.org / GitLab

Hinam Mehra requested to merge 443369-fix-bug-when-access-level-is-lower into master Sep 18, 2024

What does this MR do and why?

When a group is invited with a higher access level than the user in the invited group, the correct custom role isn't applied.
This MR fixes the SQL query so the correct custom permissions are pulled for the user.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or recording

Before	After
Screen_Recording_2024-09-18_at_1.10.46_PM	Screen_Recording_2024-09-18_at_1.08.38_PM

How to set up and validate locally

Simulate SaaS mode with export GITLAB_SIMULATE_SAAS=1
Pick/create two groups that you are an owner of.
In the rails console:

# enable feature-flag
Feature.enable(:assign_custom_roles_to_group_links_saas)

# create custom role
MemberRole.create(name: "Guest + admin ci/cd", base_access_level: 10, admin_cicd_variables: true, namespace: <GROUP_1>)

Invite a user in group-1, assign the Guest + admin ci/cd role to that user
Navigate to group-2, and using the Invite a group button, invite group-1 with the Maintainer role
In the rails console, check that the user has admin_cicd_variables permission in both group-1 and group-2.

Ability.allowed?(<USER>, :admin_cicd_variables, <GROUP_1>)
Ability.allowed?(<USER>, :admin_cicd_variables, <GROUP_2>)

Related to #443369

Edited Sep 18, 2024 by Hinam Mehra

Fix bug when access_level is less than group_access

What does this MR do and why?

MR acceptance checklist

Screenshots or recording

How to set up and validate locally

Merge request reports