Disallow non-members to unlock project files

What does this MR do and why?

This MR fixes #276067 (closed)

Please note that is was decided that it can be fixed in the canonical repo

This MR fixes the behavior when User removed from the project is still able to unlock a file, that they locked previously while they were a member of that project. It was possible by going to Repository >> Locked Files in the Project ( https://gitlab.com/[group]/[project]/path_locks). Now non-members are not able to unlock project files anymore.

How to set up and validate locally

1. Create a public Test Project with a Test File
2. Invite a UserA with Developer permissions
3. The User locks the Test File
4. As Owner of the Test Project, remove the UserA from your project
5. At this point UserA can't unlock the Test File anymore because they are not a member anymore, neither by going to Repository >> Files >> Test File nor by trying with Repository >> Locked Files in the Test Project ( https://gitlab.com/[group]/[project]/path_locks)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

assigned to @m_frankiewicz

added backend label

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Catalin Irimie (@cat) (UTC+0, 1 hour behind @m_frankiewicz)	David Fernandez (@10io) (UTC+1, same timezone as @m_frankiewicz)

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

Allure report

allure-report-publisher generated test report for 23f33151!

review-qa-smoke: test report

Setting label groupoptimize based on @m_frankiewicz's group.

added groupoptimize label

added 1 commit

• f9f69682 - Disallow non-members unlocking project files

Compare with previous version

marked this merge request as ready

Setting label(s) devopsmanage sectiondev based on groupoptimize.

added devopsmanage sectiondev labels

marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed

changed milestone to %14.6

added security label

added typemaintenance label

mentioned in commit 5107c919

added 1 commit

• 5107c919 - Disallow non-members unlocking project files

Compare with previous version

added typebug label and removed typemaintenance label

@zmartins could you please review?

requested review from @zmartins

approved this merge request

requested review from @smcgivern

@zmartins, thanks for approving this merge request.

This is the first time the merge request is approved. To ensure full test coverage, a new pipeline has been started.

For more info, please refer to the following links:

• rspec minimal jobs
• jest minimal jobs
• merging a merge request.

removed review request for @zmartins

mentioned in commit 86dd86eb

added 1 commit

• 86dd86eb - Disallow non-members unlocking project files

Compare with previous version

removed review request for @smcgivern

added 1 commit

• 386d12c7 - Use permission system for path_locks

Compare with previous version

requested review from @smcgivern

removed review request for @smcgivern

added 1 commit

• 43d9e116 - Use permission system for path_locks

Compare with previous version

mentioned in commit 66d4ccd5

added 2436 commits

• 43d9e116...db259d5b - 2434 commits from branch master
• 66d4ccd5 - Disallow non-members unlocking project files
• 096bdd99 - Use permission system for path_locks

Compare with previous version

mentioned in commit fd76d685

added 32 commits

• 096bdd99...f3d91f06 - 30 commits from branch master
• fd76d685 - Disallow non-members unlocking project files
• 23f33151 - Use permission system for path_locks

Compare with previous version

resolved all threads

approved this merge request

enabled an automatic merge when the pipeline for 0da95429 succeeds

resolved all threads

merged

mentioned in commit 2498f1e3

added workflowstaging-canary label

added workflowstaging label and removed workflowstaging-canary label

added workflowcanary label and removed workflowstaging label

added workflowproduction label and removed workflowcanary label

added security-awardsnomination label

mentioned in issue #276067 (closed)

added releasedcandidate label

added releasedpublished label and removed releasedcandidate label

added security-awardsawarded label and removed security-awardsnomination label

Congratulations @m_frankiewicz, your Issue/Merge Request has been awarded! (Learn more about the Security Awards Program)

mentioned in merge request kubitus-project/kubitus-installer!474 (merged)