Skip to content

Fix admin_project_member policy for SAML projects related to user namespaces

Lukas Wankorequested to merge
lw/572809-fix-project-policy-for-usernamespaces into master

What does this MR do and why?

The merge request !203447 (merged) introduced a project policy to ensure there can't be invitations to. We did not take into account that projects can also be related to user namespaces, not just groups. This code change ensures that projects from SAML groups can again successfully be forked via the API to user namespaces.

References

Screenshots or screen recordings

URL Before After
http://localhost:3000/root/saml image image.png

How to set up and validate locally

  1. Create a group

  2. Invite a user as a developer to the group

  3. Enable SAML for this group

  4. Create a SAML group link

  5. Create a project in the created group

  6. Impersonate the user

  7. Fork the created project into the user namespace with the following command

    curl --request POST --header "PRIVATE-TOKEN: <TOKEN>" --header "Content-Type: application/json" --data '{ "namespace_id": <USERNAMESPACE-ID>, "path": "foo", "name": "bar" }' --url  "http://localhost:3000/api/v4/projects/<PROJECT-ID>/fork"

  8. Optional: Ensure that the worker RepositoryForkWorker is going through by checking it here http://localhost:3000/admin/background_jobs

  9. The forked project should be accessible in the interface should be successful

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Lukas Wanko

Merge request reports