Allow admins to set pipeline schedule variables
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.
What does this MR do and why?
Allow admins to set pipeline schedule variables
A migration introduced in 17.10 changed the project settings from
restrict_user_defined_variables: false to
restrict_user_defined_variables: true, ci_pipeline_variables_minimum_override_role: :developer.
This change prevented admin users from changing pipeline schedule variables
if they don't have at least the developer role in that project.
To restore that capability, admin users can set pipeline variables again
if the project setting is not ci_pipeline_variables_minimum_override_role: :no_one_allowed.
If set to :no_one_allowed, admins don't get an exception as this setting effectively
disables pipeline variables.
Interestingly, the frontend re-implements this permission check and does not rely on the check in the backend. To keep the scope as small as possible, I only changed the pipeline schedules to take that information from the backend instead of calculating it in the frontend.
References
Screenshots or screen recordings
How to set up and validate locally
- Visit a project as admin where the admin is not a member (or has at maximum reporter role)
- Open the CI/CD > Variables Settings and set Minimum role to use pipeline variables to No one allowed
- Open the create pipeline schedule page and observe that the variables section is not present
- Open the CI/CD > Variables Settings and set Minimum role to use pipeline variables to any other option
- Open the create pipeline schedule page and observe that the variables section is present
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.