feat: Improve UX of group member access in AI settings

Fred de Gierrequested to merge
duo/feature/594943-improve-ux-group-member-access-ai-settings into master

What does this MR do and why?

Improves the UX of the group member access section in AI settings to clarify the access model and reduce user confusion.

Changes made:

  • Label: "Member access" → "Limit access based on group membership" to better convey that this setting imposes limits rather than granting access
  • Help text: Updated to explain the default behavior (all eligible members have access) and added a link to the access control documentation
  • "No group" row: Renamed to "All eligible users" with a descriptive subtitle: "Default access for users who can access AI features regardless of group membership."
  • Empty state: When no groups are configured, hide the table and show a clear message: "No limits applied. All eligible users have access to all AI features." instead of an empty table
  • "Create group" link: Added next to the "Add group" button so admins can create a new group without navigating away from the page
  • Settings order: Reordered to group high-level enablement and access controls together — Duo availability → DAP settings → Duo Core → member access limits

References

Screenshots or screen recordings

Before After
image image

How to set up and validate locally

  1. Enable the feature flag: 
    Feature.enable(:duo_access_through_namespaces)
  2. Navigate to Admin area → GitLab Duo → Configuration (/admin/gitlab_duo/configuration)
  3. Verify:
    • The section is now labeled "Limit access based on group membership"
    • Help text includes a link to access control docs
    • When no groups are configured, an empty state message is shown instead of an empty table
    • A "Create group" link appears next to "Add group"
  4. Add a group and verify:
    • The default row shows "All eligible users" with the descriptive subtitle
    • Settings order: Duo availability → DAP → Duo Core → member access

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Fred de Gier

Merge request reports