Remove push rules lock on group and project level
requested to merge 301116-group-push-permissions-can-enforce-project-level-insecure-settings into master
What does this MR do?
Remove push rule locks on group and project level
When group level push rules are checked, the children project level ones are locked but the values are not checked. This behaviour leaves the permission in inconsistent states. The same issue is also observed between instance level and group level push rules.
This commit remove locks imposed by instance level and group level on the lower lever approval rules.
Screenshots (strongly suggested)
| Level | Before | After |
|---|---|---|
| Instance (admin) |  |
|
| Group (owner) |  |
 |
| Project (maintainer) |  |
 |
Testing
Instance lock Group
- As an admin, navigate to application settings page
Admin Area > Push Rules - Enable
Reject unverified usersandReject unsigned commits - As a group owner, navigate to group push rule page
Group > Push Rules - Ensure
Reject unverified usersandReject unsigned commitsare editable. Please note that the value of the checkbox is not the same the ones from instance level.
Group lock Project
- As a group owner, navigate to group push rule page
Group > Push Rules - Enable
Reject unverified usersandReject unsigned commits - As a project maintainer, navigate to project settings page
Settings > Repository > Push Rules - Ensure
Reject unverified usersandReject unsigned commitsare editable. Please note that the value of the checkbox is not the same the ones from group level.
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because _____.
-
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec - [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Related to #301116 (closed)
Edited by Tan Le