Skip to content

Add a validation error if a role includes disabled permissions

Ian Andersonrequested to merge
521042-invalidate-with-disabled-permission into master

What does this MR do and why?

Custom abilities can be enabled/disabled with a feature flag in the format custom_ability_#{ability_name}. This MR adds a validation error if a member role/admin role contains a permission that is disabled via feature flag.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Build and validate a role. It should be valid 
    role = FactoryBot.build(:member_role)
role.validate!
  2. Add the manage_protected_tags and revalidate. It should be invalid. 
    role.permissions['manage_protected_tags'] = true
role.validate!
  3. Clear memoization and enable the feature flag. It should be valid. 
    role.clear_memoization(:available_permissions)
Feature.enable(:custom_ability_manage_protected_tags)
role.validate!

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #521042

Merge request reports