Add auditor access for dependency proxy
What does this MR do and why?
Describe in detail what your merge request does and why.
Closes #355501 (closed)
Allows auditor users to be able to access the dependency proxy page in groups.
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
auditor-enable-dependency-proxy
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Switch to the
master
branch and visit GitLab in your browser. Login as an admin user and attempt to visit the dependency proxy page in a grouphttps://gitlab.example.com/groups/<GROUP>/-/dependency_proxy
. As an admin, you should be able to view this page. - Impersonate an auditor account and attempt to visit
https://gitlab.example.com/groups/<GROUP>/-/dependency_proxy
. As an auditor, you should see a404
. This is expected. - Switch to the
auditor-enable-dependency-proxy
branch. - In the address bar, attempt to visit
https://gitlab.example.com/groups/<GROUP>/-/dependency_proxy
. As an auditor, you should now be able to view this page. - Auditor users can still see the "Clear cache" button however. See the next section below for more details.
Please note:
The dependency proxy page also has a dropdown menu that allows users to clear the dependency proxy cache. As an auditor user, if you attempt to clear the cache this returns a 403
error. This is expected because we don't want auditor users to perform write operations.
Visibility is controlled by the showDeleteDropdown
function in https://gitlab.com/gitlab-org/gitlab/-/blob/v14.10.2-ee/app/assets/javascripts/packages_and_registries/dependency_proxy/app.vue#L184-200
My MR in its current form does not address the "Clear cache" button. Moving forward, I am seeking advice on how to proceed:
- Should this be considered a new issue?
- Should we extend the aforementioned Vue code above to hide the "Clear cache" button as part of this MR? If this is the case, I will likely need help for that.
- Or should we not worry about it?
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.