Update API to allow sharing a project to a group with a custom role

Eugie Limpinrequested to merge
el-invite-group-to-proj-w-custom-role-via-api into master

What does this MR do and why?

This MR updates the POST /projects/:id/share API endpoint to accept a member_role_id parameter. In EE (only), providing member_role_id param will assign the matching custom role to the group the target project is shared with.

References

This MR implements Update API to allow inviting a group to a proje... (#506675 - closed). A part of Assign custom role when sharing a project to a ... (#468329).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. Start GDK with GITLAB_SIMULATE_SAAS=1

    $ export GITLAB_SIMULATE_SAAS=1
$ gdk start

  2. Enable required feature flags

    $ rails c
> Feature.enable(:assign_custom_roles_to_group_links_saas)
> Feature.enable(:assign_custom_roles_to_project_links_saas)

  3. Login with root user and generate a PAT with api scope

  4. Visit a group and create a custom role (e.g. http://localhost:9393/flightjs/)

  5. With a project under the group (e.g. http://localhost:9393/flightjs/Flight/) with the new custom role, send an API request to share the project to another group (e.g. http://localhost:9393/gitlab-org) with the new custom role

    $ curl --request POST --header "Content-Type: application/json" --data '{"group_access": 10, "group_id": <share_with_group_id>, "member_role_id": <custom_role_id>}' --header "PRIVATE-TOKEN: <root_user_access_token>" "localhost:9393/api/v4/projects/<project_id>/share"

    Note: group_access value should be the same as the base access_level of the custom role you created (e.g. if you selected Guest, group_access should be 10)

  6. Verify that the returned ProjectGroupLink data includes a non-nil member_role_id (e.g. {"id":11,"project_id":7,"group_id":24,"group_access":30,"expires_at":null,"member_role_id":4})

Edited by Eugie Limpin

Merge request reports