Extend Packages Project policy to consider access level (!97001) · Merge requests · GitLab.org / GitLab

Jonas Wälter requested to merge siemens/gitlab:packages-project-policy/read-package into master Sep 05, 2022

What does this MR do and why?

This MR is the next step of the implementation plan in #329253 (closed).

In !82808 (merged), we added a new Package Registry visiblity setting to the project settings (behind a feature flag). This MR extends the Packages::Policies::ProjectPolicy policy to consider the new package_registry_access_level setting.

🛠 with ❤ at Siemens

/cc @bufferoverflow

How to set up and validate locally

Enable the feature flag:

Feature.enable(:package_registry_access_level)

Change the package_registry_access_level of a private project to allow access for everyone:

project = Project.find(2)
project.project_feature.update!(package_registry_access_level: ProjectFeature::PUBLIC)

Check if policy allows :read_package permission for anonymous user (nil):

Packages::Policies::ProjectPolicy.new(nil, project.packages_policy_subject).allowed?(:read_package)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 05, 2022 by Jonas Wälter

Extend Packages Project policy to consider access level

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports