Display group metadata in CICD admin pages

Eugie Limpinrequested to merge
el-read-admin-cicd-display-group-metadata into master

What does this MR do and why?

Introduce read_group_metadata ability to grant users minimal read access to a group's information.

This ability can be granted to users to allow them to see minimal information about a group (e.g. name, avatar) even without membership to the group (membership grants read_group ability).

read_group_metadata is currently enabled for a user when any of the following conditions are met:

  • user can read_group
  • user can read_admin_cicd - purpose: so the user can see minimal information for groups (the user is not a member of) associated with group runners

References

Adjust views so that only allowed components an... (#525077 - closed)

Screenshots or screen recordings

Page header Note
Group runners list Screenshot_2025-03-18_at_4.10.06_PM Since the user does not have read_group ability on the runner group, the group name is not rendered as a link
Group runner show Screenshot_2025-03-18_at_4.09.48_PM Since the user does not have read_group ability on the runner group, the group avatar and name are not rendered as a links

How to set up and validate locally

  1. Enable feature flag 
    $ rails c
> Feature.enable(:custom_admin_roles)
  2. Create a new admin member role with read_admin_cicd permission enabled 
    > admin_member_role = MemberRole.create(name: 'Test', description: 'Test', read_admin_cicd: true)
  3. Assign the new admin role to a non-admin user 
    > user = User.find(<a_user_id>)
> Users::UserMemberRole.create(member_role: admin_member_role, user: user)`
  4. Login with the user
  5. Click global search in left sidebar ("Search or go to"). Click "Admin area" menu item.
  6. In /admin/runners page, click on Groups tab to see group runners
  7. Verify that runners assigned to a group the user is not a member of displays the group's name as plain text instead of a link
    Click to expand Screenshot_2025-03-18_at_4.10.06_PM
  8. Visit a runner assigned to a group the user is not a member
  9. Verify that the names and avatars of assigned groups the user the user is not a member of are displayed as plain text instead of a link
    Click to expand Screenshot_2025-03-18_at_4.09.48_PM

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Eugie Limpin

Merge request reports