Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Resolve "Add policies for managing 'default_branch_protection' setting in groups"

Review changes
Download
Patches
Plain diff

Manoj M J [On PTO] requested to merge 211944-provide-instance-level-setting-to-enable-or-disable-default-branch-protection-at-the-group-add-policies into master Apr 20, 2020

Overview 23
Commits 3
Pipelines 5
Changes 16

What does this MR do?

Step (1/2) towards #211944 (closed). A detailed note on how the proposed feature should function is noted here

2nd MR is: !28997 (merged)

Changes:

This change introduces new policies around setting “default branch protection” in groups.

Namely:

create_group_with_default_branch_protection : this permission determines whether a user can specify the value of default_branch_protection when creating a new group.

update_default_branch_protection : this permission determines whether a user can update the value of default_branch_protection of a group.

What we intend to build in #211944 (closed) is a licensed feature, and will be only available in GitLab Premium and above.

So, for CE Edition, both group owners and instance admins can make changes to default_branch_protection of a group and this MR deals with making changes in CE only.

In CE

any user who can create a group, should also be able to specify default_branch_protection's value when creating it.
any user who can update a group, should also be able to specify default_branch_protection's value when updating it.

Once we have introduced the policies in CE, we can simply prevent the same policy in EE based on the requirements.

This is done in MR No: 2: !28997 (merged)

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation (if required)
Code review guidelines
Merge request performance guidelines
Style guides
Database guides
Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers
Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Apr 21, 2020 by Manoj M J [On PTO]

Merge request reports

Assignee

Reviewers

Request review from

Time tracking