List owned_groups only as eligible candidates for subscription purchase
What does this MR do and why?
This MR uses correct user
scope to fetch only owned_groups
that are possible candidates for purchasing a subscription, in order to send it to CustomersDot
for final eligibility check.
User
are only allowed to purchase subscription for groups that they have owner
role, and not others (maintainer, developer,...
).
Fixes https://gitlab.com/gitlab-org/gitlab/-/issues/329883.
Screenshots or screen recordings
How to set up and validate locally
- Checkout this MR branch
- Create a new user
- Create 2 groups: 3. Add user as maintainer to Group 1 4. Add user as owner to Group 2
- Go to http://gdk.test:3000/-/subscriptions/new
- GitLab group, should only have Group 1 listed
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Bishwa Hang Rai