Consolidate authorization for namespace model selection

Patrick Cyizarequested to merge
543084-consolidate-model-switching-policies into master

What does this MR do and why?

Implement the :admin_group_model_selection policy for top level groups to consolidate authorization logic for the Model Selection feature.

How to set up and validate locally

Prequisites

To enable the :admin_group_model_selection policy you need to:

  • Be an ower/administrator of a group
  • The group needs to be a top group
  • The group needs to have duo feature enabled
  • The ai_model_switching FF needs to be enabled

Validation steps

  1. Start GDK in saas mode (GITLAB_SIMULATE_SAAS=1 gdk start)
  2. Create a new top-level group and call it "GitLab Duo". Then to configure it with Duo, run the following command in the terminal:

GITLAB_SIMULATE_SAAS=1 bundle exec 'rake gitlab:duo:setup

  1. Enable the following feature flag by visiting http://gdk.test:3000/rails/features/ and enabling ai_model_switching

  2. Visit the model selection page of the group just created, i.e http://gdk.test:3000/groups/gitlab-duo/-/settings/gitlab_duo/model_selection. You should see this page if the logged in user is enable to :admin_group_model_selection.

Screenshot_2025-05-21_at_10.03.46

Or a 404 page if it is disabled.

Close #543084 (closed)

Edited by Patrick Cyiza

Merge request reports