Skip to content

Disable manual job action button for users without correct permissions

Miranda Fluharty requested to merge 342783-when-user-lacks-permission-still-display-job-manual-action into master

What does this MR do and why?

What: This MR changes the behavior of the manual action trigger button on the pipeline graph - it shows a disabled action button when the user does not have permission to run the manual action, and adds an explanatory hover tooltip.

Why: We don't currently show the action button at all in this case, which leads to confusion about whether the job has a manual action and why a user can or can't run that manual action.

Technically, this MR

  • adds the label field to the detailedStatus object that we fetch for a job because this label gets "(not allowed)" appended to it when the user is not allowed to trigger the action
  • shows a disabled action button when a manual job doesn't have an authorized action (no job.action is passed in this case) and the label contains "(not allowed)"
  • moves the tooltip for the action button to an element that isn't the button itself because disabled buttons can't have tooltips

Screenshots or screen recordings

before with this MR
unauthorized_manual_action_before unclear whether the job has a manual action at all unauthorized_manual_action_after clear that the job has a manual action, but the user isn't authorized to run it

How to set up and validate locally

  1. add a manual action to a public project's .gitlab-ci.yml, here's one I prepared earlier:
stop-staging:
  stage: deploy
  script: echo 'hello'
  when: manual
  environment:
    name: staging
    action: stop
  1. run a pipeline for the project
  2. navigate to the pipeline page, find the manual action and verify that it is active by hovering over it:
    authorized_action
  3. log out (or open a private browsing window) and navigate to the pipeline page again
  4. hover over the manual action and verify that it is disabled and shows the Not authorized to access this job's protected environment tooltip

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #342783 (closed)

Edited by Peter Hegman

Merge request reports