Disallow non-members to unlock project files (!74541) · Merge requests · GitLab.org / GitLab

Magdalena Frankiewicz requested to merge disallow-non-members-to-unlock-project-files into master Nov 15, 2021

What does this MR do and why?

Please note that is was decided that it can be fixed in the canonical repo

This MR fixes the behavior when User removed from the project is still able to unlock a file, that they locked previously while they were a member of that project. It was possible by going to Repository >> Locked Files in the Project ( https://gitlab.com/[group]/[project]/path_locks). Now non-members are not able to unlock project files anymore.

How to set up and validate locally

Create a public Test Project with a Test File
Invite a UserA with Developer permissions
The User locks the Test File
As Owner of the Test Project, remove the UserA from your project
At this point UserA can't unlock the Test File anymore because they are not a member anymore, neither by going to Repository >> Files >> Test File nor by trying with Repository >> Locked Files in the Test Project ( https://gitlab.com/[group]/[project]/path_locks)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 18, 2021 by Magdalena Frankiewicz

Disallow non-members to unlock project files

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports