Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Do not check read_environments for metrics dashboard APIs

Review changes
Download
Patches
Plain diff

Reuben Pereira requested to merge rp-remove-read-environments-for-dashboard-apis into master May 18, 2020

Overview 24
Commits 2
Pipelines 6
Changes 7

What does this MR do?

Previously, users needed to have reporter or above role in order to see a project's metrics dashboards (since the read_environment ability is required). Recently, we added a new ProjectFeature called metrics_dashboard which controls the visibility of the dashboards.

The read_environment ability is granted to all users who have the metrics_dashboard ability so that the dashboards are accessible to those users. This includes anonymous users if metrics_dashboard is set to public visibility.

The current approach of granting users the read_environment ability if they have the metrics_dashboard ability is too excessive, in my opinion. The read_environment permission gives users the ability to query many environments APIs which allows users to list all environments and their public attributes.

However, in order to view a dashboard, the dashboard only needs a single environment's ID, name, slug and state.

This MR:

Removes the code to grant users the read_environment ability if they have the metrics_dashboard ability.
It also removes the read_environment requirement for metrics APIs.

With this MR, a user will be able to see a dashboard if they have the metrics_dashboard permission, even if they do not have the read_environment permission. However, the user will not be able to change the environment selector dropdown to another environment.

If the user has the read_environment permission, they will be able to change the environment dropdown selector and have access to other dashboard features like annotations.

Discussion Ref: #213833 (comment 344485808)

Public visibility of metrics dashboards:

metrics_dashboard_without_read_environment_all_permissions

Public visibility of metrics dashboards with pipelines disabled:

metrics_dashboard_without_read_environment_without_pipeline_permissions

Public visibility of metrics dashboards with repository disabled:

metrics_dashboard_without_read_environment_without_repository_permissions

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation (if required)
Code review guidelines
Merge request performance guidelines
Style guides
Database guides
Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers
Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Nov 16, 2020 by 🤖 GitLab Bot 🤖

Merge request reports

Assignee

Reviewers

Request review from

Time tracking