Allow user to have only one admin member role
What does this MR do and why?
This MR changes the behaviour of assignment a user to admin custom role. We now will support only one admin custom role per user.
The admin custom role feature is under a feature flag and we only support one admin custom role permission (behind FF) now so there is no risk in removing duplicates.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Enable the feature flag:
Feature.enable(:custom_ability_read_admin_dashboard) - Create an admin custom role (in graphql explorer, eg. http://gdk.test:3000/-/graphql-explorer):
mutation {
memberRoleAdminCreate(input: {
name: "Admin area",
permissions: [READ_ADMIN_DASHBOARD]
}) {
errors
memberRole {
id
name
}
}
}- Make sure you are on master and assign the custom role to the same user twice (you can also assign it to another user to test it won't get removed for them)
mutation {
memberRoleToUserAssign(input: {
userId: "gid://gitlab/User/USER_ID"
memberRoleId: "gid://gitlab/MemberRole/MEMBER_ROLE_ID"
}) {
errors
userMemberRole {
id
user {
id
}
memberRole {
id
}
}
}
}-
Go to this branch and run the migration, check there is only one admin custom role per user (eg. in rails console:
MemberRole.all.map { |mr| { member_role_id: mr.id, users: mr.user_member_roles.map { |umr| umr.user.username } } } -
Try to run the graphql mutation again for the same custom role and user, you should get an error
Related to #515359 (closed)