Add bypass options to a police drawer for users and groups

Artur Fedorovrequested to merge
558885-policies-users-groups-exceptions-drawer into master

What does this MR do and why?

This merge request adds support for displaying user and group exceptions in a security policy interface. The main changes include:

New Components Added:

  • A loading spinner component (PolicyExceptionsLoader) that shows when data is being fetched
  • A new component (UsersGroupsExceptions) that displays lists of users and groups who are exempt from security policies

Enhanced Functionality: The existing policy exceptions view now supports showing both users and groups alongside the existing branch pattern exceptions. When users click to expand the exceptions section, it dynamically loads user and group information from the server using GraphQL queries. The component handles both project-level and group-level contexts, showing user names with usernames and full group names.

User Experience Improvements:

  • Shows loading indicators while fetching user/group data
  • Displays a count of total exceptions in the accordion header
  • Gracefully handles loading failures by showing fallback ID numbers
  • Uses an expandable accordion interface to keep the UI clean

Testing: Comprehensive test coverage was added for both new components, including tests for loading states, error handling, and proper data display.

The changes allow security administrators to easily see which specific users and groups have been granted exceptions to security policies, making policy management more transparent and user-friendly.

References

Screenshots or screen recordings

Description UI
Loading state

loading.mov
Selected groups and users

groups.mov

Selected groups and users

in case of failed loading (fallback)

fallback.mov

How to set up and validate locally

Enable feature flag:

Feature.enable(:security_policies_bypass_options)
Feature.enable(:security_policies_bypass_options_group_roles)
  • Secure -> Policies
  • New merge request approval policy
  • Open Advanced settings
  • Click add exception button
  • Select users option and groups option
  • Save policy and go back to policy list
  • Open drawer

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #558885 (closed)

Edited by Artur Fedorov

Merge request reports