Return Additional Error Messages When Minimal Access Role is Not Available

Solves Issue #331012 (closed)

Return Additional Minimal Access Role Not Available Error Messages

The message, access_level is not included in the list, returned when an API call attempts to assign minimal access to a user does not tell what the issue is. The message should tell the caller why it failed. The current message might cause the caller to open a support ticket or create a defect issue.

Current production code curl command and output below.

# request to add a new group member
curl --request POST --header "PRIVATE-TOKEN: $GL_TOKEN" "https://gitlab.com/api/v4/groups/GROUP_ID/members?user_id= MEMBER_ID&access_level=5"
{"message":{"access_level":["is not included in the list"]}}%

# request to edit an existing group member
curl --request PUT --header "PRIVATE-TOKEN: $GL_TOKEN" "https://gitlab.com/api/v4/groups/GROUP_ID/members/MEMBER_ID?access_level=5"
{"message":{"access_level":["is not included in the list"]}}%

The changed code adds the errors below to the existing "is not included in the list" message:

• minimal access supported on top level group only
• minimal access not supported by all license types

Changed code curl command and output below.

# request to add a new group member
curl --request POST --header "PRIVATE-TOKEN: $GL_TOKEN" "https://3000-amaranth-rabbit-1vxc00oy.ws-us04.gitpod.io/api/v4/groups/GROUP_ID/members?user_id=USER_ID&access_level=5"
{"message":{"access_level":["is not included in the list","minimal access supported on top level group only","minimal access not supported by all license types"]}}%

# request to edit an existing group member
curl --request PUT --header "PRIVATE-TOKEN: $GL_TOKEN" "https://3000-amaranth-rabbit-1vxc00oy.ws-us04.gitpod.io/api/v4/groups/108/members/99?access_level=5"
{"message":{"access_level":["is not included in the list","minimal access supported on top level group only","minimal access not supported by all license types"]}}%

Does this MR meet the acceptance criteria?

Conformity

• I have included a changelog entry, or it's not needed. (Does this MR need a changelog?)
• I have added/updated documentation, or it's not needed. (Is documentation required?)
• I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
• I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
• I have self-reviewed this MR per code review guidelines.
• This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
• I have followed the style guides.

Availability and Testing

Browser testing is not needed this is an API call error message change. I am not aware of quality/performance impacts. An expectation in one spec file has been updated.

• I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
• I have tested this MR in all supported browsers, or it's not needed.
• I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.