Extract 'read_package' rule into separate policy (!90963) · Merge requests · GitLab.org / GitLab

Jonas Wälter requested to merge siemens/gitlab:extract-packages-policy into master Jun 24, 2022

What does this MR do and why?

We are in the process of making package permissions configurable at the project level (see #329253 (closed)). Currently, the package permissions are included in the project policy (and group policy) using the DeclarativePolicy framework. In #329253 (comment 985804977), @10io suggested to extract the package permissions into a separate policy, starting with :read_package.

So this MR extract the :read_package rule into separate policy, both for projects and for groups. That's the 5. step of the implementation plan. This is a refactoring and everything should still work the same as before. The new policy rules for the package permissions will then be implemented in a follow-up MR.

🛠 with ❤ at Siemens

/cc @bufferoverflow

How to set up and validate locally

Check :read_package permission for different subjects (project, group, package).

authorize_read_package!(<subject>)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Extract 'read_package' rule into separate policy

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports