Fix 'New merge request' button
What does this MR do?
On the 'Merge requests' page of a project, there's an New merge request
button in the top navigation on the right. If the list of merge requests is empty, another New merge request
button is also displayed in the list area. However, this button leads to a ~bug for members of a fork:
A member of a fork has the permission to create a merge request in the fork, but not in the project itself. However, the button in the empty list links to the New merge request
page of the project instead of the fork.
user | button in top navigation | button in empty list |
---|---|---|
member of the project |
<full project URL>/-/merge_requests/new |
<full project URL>/-/merge_requests/new |
member of a fork but not of the project |
<full fork URL>/-/merge_requests/new |
<full project URL>/-/merge_requests/new 404
|
no member of the project | no button |
no button |
This MR fixes the ~bug so that the button in the empty list also links to the same page as the button in the top navigation.
/cc @bufferoverflow
Screenshots or Screencasts
Note: see the description of the steps in the How to setup and validate locally
chapter below
before | after |
---|---|
New_merge_request_forked_before | New_merge_request_forked_after |
How to setup and validate locally
- Sign in as
megan
(member of theNewton Bayer/Lab Coat
fork of theCommit451/Lab Coat
project). - Visit 'Merge requests' page of
Commit451/Lab Coat
:http://localhost:3000/Commit451/lab-coat/-/merge_requests?scope=all&state=opened&search=foo
- Click on
New merge request
button in top navigation:➡ link tohttp://localhost:3000/megan/lab-coat/-/merge_requests/new
✅ - Go back to 'Merge requests' page
-
Before MR: Click on
New merge request
button in empty list:➡ link tohttp://localhost:3000/Commit451/lab-coat/-/merge_requests/new
🔴 404
-
After MR: Click on
New merge request
button in empty list:➡ link tohttp://localhost:3000/megan/lab-coat/-/merge_requests/new
✅
Does this MR meet the acceptance criteria?
Conformity
-
I have included changelog trailers, or none are needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides. -
This change is backwards compatible across updates, or this does not apply.
Availability and Testing
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) -
I have tested this MR in all supported browsers, or it's not needed. -
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Security
Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team