Skip to content

Remove custom_ability_read_admin_projects feature flag

Eugie Limpinrequested to merge
el-cleanup-custom-ability-read-admin-projects-ff into master

What does this MR do and why?

Remove custom_ability_read_admin_projects feature flag which has been enabled in production since Sep 19.

  • Admin users can now create custom admin roles with the read_admin_projects ability
  • Update GraphQL endpoint in /admin/projects from :projects to :admin_projects to support displaying unauthorized projects to non-admin users with read_admin_projects permission

References

[FF] `custom_ability_read_admin_projects` -- us... (#561997 - closed)

Screenshots or screen recordings

Screen_Recording_2025-09-23_at_4.23.52_PM

How to set up and validate locally

  1. Enable custom_admin_roles feature flag
  2. Login with an admin, enable admin mode (doc), enter admin mode, and go to http://localhost:9393/admin/application_settings/roles_and_permissions/
  3. Create a custom admin role with View Projects permissions
  4. Assign the custom admin role to a non-admin user (doc)
  5. Login with the user
  6. Go to Admin area projects page and verify that all projects are displayed (including projects the user does not have access to).

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Eugie Limpin

Merge request reports