Split :unassign_runner permission from :assign_runner permission
pedropombeiro/502634/1-fix-runner-ownership-in-policy branch, please change to master before merging
What does this MR do and why?
This MR creates a new :unassign_runner permission (we were previously using :assign_runner for both assigning and unassigning runners). The reasons for this are:
- Unassigning a runner has different conditions than assigning to a runner: you might not have permissions to assign to a project, but you should still be able to unassign a runner from a project you own.
- Using a specific permission allows us to operate on a new policy.
Ci::RunnerProjectPolicyallows us to write conditions that have knowledge of both the runner and the project, instead of requiring the consumer code to make calls to both runner and project policies.
References
- Indirect maintainer permissions no longer suffi... (#502634 - closed)
- Rename User.ci_owned_runners (!196861 - merged)
- Inline `User#runner_available?` and simplify Ru... (!197316 - merged)
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Pedro Pombeiro