Disable custom role delete button for sec policy

Alexander Turinskerequested to merge
510191-disable-role-delete-button-frontend into master

What does this MR do and why?

Disable custom role delete button for sec policy

  • if a custom role is used in a security policy, then it should not be able to be deleted
  • disable delete button if it is used in a security policy on the frontend
  • show popover with policies

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Scenario Screenshot
No policy associated to custom role - group image
Has policies associated to custom role - instance Screenshot_2025-01-30_at_13.16.55
Has no policies associated, but has member assigned - instance Screenshot_2025-01-30_at_13.16.51

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Admin

  1. Upload a GitLab Ultimate license
  2. Ensure your local environment is set up for self-managed (e.g. export GITLAB_SIMULATE_SAAS=0 && gdk restart)
  3. Create a custom role at the admin level (e.g. Admin => Settings => Roles and permissions)
  4. Enable the custom role feature flag echo "Feature.enable(:security_policy_custom_roles)" | rails c
  5. Navigate to a group/project => Secure => Policies => New policy => Merge request approval policy => Create a policy with a custom role in it
  6. Navigate back to the custom role and try to delete it
  7. Verify it can not be delete and a tooltip shows with the policies it is being used in

Top-level group

  1. Upload a GitLab Ultimate license
  2. Ensure your local environment is set up for SaaS (e.g. export GITLAB_SIMULATE_SAAS=1 && gdk restart)
  3. Create a custom role in a top-group level group that you are an owner of (e.g. Group => Settings => Roles and permissions)
  4. Enable the custom role feature flag echo "Feature.enable(:security_policy_custom_roles)" | rails c
  5. Navigate to a group/project => Secure => Policies => New policy => Merge request approval policy => Create a policy with a custom role in it
  6. Navigate back to the custom role and try to delete it
  7. Verify it can not be delete and a tooltip shows with the policies it is being used in

Related to #510191 (closed)

Edited by Alexander Turinske

Merge request reports