refactor(maven): Check user permission in Maven::CreatePackageService
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.
What does this MR do and why?
refactor(maven): Check user permission in Maven::CreatePackageService
Move user permission check into the Maven create package service to ensure only authorized users can create packages. Add corresponding spec to verify unauthorized users receive an error response.
Changelog: other
Why This Change?
- Security: Prevents unauthorized users from creating packages in projects they don't have access to
- Consistency: Aligns Maven service with other package services (NPM, PyPI) that already have similar authorization checks
- Defense in Depth: Adds service-layer authorization as an additional security layer
References
Screenshots or screen recordings
How to set up and validate locally
- Run the test suite to ensure all authorization scenarios are covered:
bundle exec rspec spec/services/packages/maven/create_package_service_spec.rb
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
MR Checklist (@gerardo-navarro)
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the style guides -
Conforms to the javascript style guides -
Conforms to the database guides -
Conforms to the merge request performance guidelines
Related to #323969 (closed)
Edited by Gerardo Navarro