Update AI feature settings resolver authorization check
What does this MR do and why?
This change broadens access to the Ai::FeatureSettings::FeatureSettingsResolver resolver. A previous change restricted access to users with manage_instance_model_selection permissions only. This introduced a bug for offline instances as instance model selection is an online-only feature. The bug prevents the Model Selection page /admin/gitlab_duo/model_selection from loading correctly. This change fixes that regression by also allowing users with manage_self_hosted_models_settings permissions to access the resolver. The resolver is used by self-managed only.
References
Issue: #595107 (closed)
MR introducing regression: https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/5829
Screenshots or screen recordings
When accessing /admin/gitlab_duo/model_selection with an offline license
| Before | After |
|---|---|
 |
 |
Testing
Manual tests done in self-managed GDK to validate Model Selection page functionality across license and add-ons
| Duo Core | Duo Pro | Duo Enterprise | Self-hosted DAP | |
|---|---|---|---|---|
| Premium Offline | N/A | N/A | ||
| Ultimate Offline | N/A | N/A | ||
| Premium Online | N/A | |||
| Ultimate Online | N/A |
How to set up and validate locally
Pre-requisites:
An active Ultimate offline license.
- Start GDK in self-managed mode
GITLAB_SIMULATE_SAAS=0 gdk start - Run the Duo setup rake task
GITLAB_SIMULATE_SAAS=0 bundle exec 'rake gitlab:duo:setup'to seed instance with a Duo Enterprise add-on. - Visit the Model Selection page i.e
http://gdk.test:3000/admin/gitlab_duo/model_selection - Validate the page loads correctly as expected and looks like the "After" screenshot
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.