Skip to content

Add edit confirmation popover in sidebar dropdown widget

Rajat Jainrequested to merge
371129-epic-placeholder into master

What does this MR do and why?

This MR adds a confirmation popover in the Epic widget to make sure when the current user cannot view the assigned epic, they know that editing means they'll not be able to "assign back" the epic.

image

Issue for more information #371129 (closed)

Screenshots or screen recordings

Without access With access
Step 1 image image
Step 2 image No intermediate step
Step 3 image image

How to set up and validate locally

  1. Enable the feature flag Feature.enable :epic_widget_edit_confirmation
  2. Visit an Issue page with Epic already assigned
  3. Notice instead of the epic title, it says, "You don't have permission to view this epic."
  4. Click on edit to see the confirmation popover.

How to simulate the scenario where the user can access the issue but not the assigned epic.

h/t @nicolasdular! 💯

  1. Admin owns Group GitLab Org with a confidential Epic
  2. Group GitLab Org has Project GitLab
  3. You create an issue in Project GitLab that is part of the confidential Epic
  4. You invite a User Other only to the Project GitLab
  5. User Other is not allowed to view the Group Epic then

When you invite a team member, the email will not be sent to the inbox on local machine. In the GitLab folder, open tmp/letter_opener folder, sort by "Created at", open the rich.html file in the most recently created folder.

If the above method doesn't work

Simulate by adding a line of code in the file app/assets/javascripts/sidebar/components/sidebar_dropdown_widget.vue, jump to line 121, and add this return null; on line 122. Adding this line will simulate the above scenario.

Code 
if (this.glFeatures?.epicWidgetEditConfirmation && this.isEpic) {
    this.hasCurrentAttribute = data?.workspace?.issuable.hasEpic;
    return null;
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #371129 (closed)

Edited by Rajat Jain

Merge request reports