Restrict the issues settings page to root groups only
What does this MR do and why?
Currently, the issues settings page, used to manage configurable statuses and custom fields, is accessible at both root (/groups/root-group/-/settings/issues) and subgroup (/groups/root-group/subgroup/-/settings/issues) levels.
Since both features can only be configured and managed at the root level, this MR restricts access to the root group only, preventing access via subgroups.
Additionally, this MR fixes an incorrect feature availability check. Previously, we checked whether either the custom_fields or work_item_statuses licensed features were available. Now, we require both features to be available for access.
Note: This issue only occurs when accessing the URL directly. The settings menu already correctly enforces root group access here.
References
Screenshots or screen recordings
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- Ensure you are logged in with a maintainer+ role.
- Navigate to the issues settings page for a root group, for example:
/groups/2026/-/settings/issues. Expect the page to be accessible. - Navigate to the issues settings page for a subgroup, for example:
groups/2026/august/-/settings/issues. Expect to receive a 404 error.
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.