Enable `:download_code` on project for custom roles
What does this MR do and why?
- Adds policy check on a project so that a user with a custom role based on the
GUEST
role can download code if that custom role allows it. - This is gated on the
customizable_roles
feature flag being turned on for now because we want to evaluate performance before making it generally available - The custom role check applies to a custom role anywhere within the project hierarchy. If any custom roles for that user enable
download_code
, then they can download code unless another policy check explicitly prevents that. - This is an additive-only approach. Meaning that
download_code: false
does not take away the ability for a guest user to download code on a public repository. Butdownload_code: true
enables this ability for guest users on a private repository, who by default cannot download code. - These custom roles can be defined via the API endpoints created here: !96996 (merged)
- Issue: #370088 (closed)
Screenshots or screen recordings
Screen recording of this working: https://www.youtube.com/watch?v=i4wLmgTBjZs (internal only)
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Merge request reports
Activity
assigned to @jessieay
Suggested Reviewers (beta)
The individuals below may be good candidates to participate in the review based on various factors.
You can use slash commands in comments to quickly assign
/assign_reviewer @user1
.Suggested Reviewers @rspeicher
,@marin
,@mayra-cabrera
,@vsizov
,@dbalexandre
If you do not believe these suggestions are useful, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/357923
.Automatically generated by Suggested Reviewers Bot - an experimental ML-based recommendation engine created by ~"group::applied ml".
Edited by GitLab Reviewer-Recommender Bot- A deleted user
added backend label
2 Warnings f0879529: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines. featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart.
For more information, see:
- The Handbook page on merge request types.
- The definition of done documentation.
1 Message CHANGELOG missing: If you want to create a changelog entry for GitLab FOSS, add the
Changelog
trailer to the commit message you want to add to the changelog.If you want to create a changelog entry for GitLab EE, also add the
EE: true
trailer to your commit message.If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.
Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Aman Luthra (
@aluthra2
) (UTC+5.5, 13.5 hours ahead of@jessieay
)Stan Hu (
@stanhu
) (UTC-8, same timezone as@jessieay
)database Max Woolf (
@mwoolf
) (UTC+0, 8 hours ahead of@jessieay
)Alex Ives (
@alexives
) (UTC-6, 2 hours ahead of@jessieay
)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger- Resolved by 🤖 GitLab Bot 🤖
Proper labels assigned to this merge request. Please ignore me.
@jessieay - please see the following guidance and update this merge request.1 Error, 1 Warning Please add typebug typefeature, or typemaintenance label to this merge request. Please add a subtype label to this merge request. If you have added a type label and do not feel the purpose of this merge request matches one of the subtypes labels, please resolve this discussion.
Edited by 🤖 GitLab Bot 🤖
mentioned in issue #370088 (closed)
Allure report
allure-report-publisher
generated test report!e2e-review-qa:
test report for f0879529expand test summary
+-----------------------------------------------------------------------------------------+ | suites summary | +------------------------------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Create | 28 | 0 | 1 | 0 | 29 | ✅ | | Verify | 12 | 0 | 1 | 0 | 13 | ✅ | | Manage | 61 | 0 | 17 | 8 | 78 | ❗ | | Plan | 49 | 0 | 1 | 0 | 50 | ✅ | | Configure | 0 | 0 | 1 | 0 | 1 | ➖ | | Feature flag handler sanity checks | 9 | 0 | 0 | 0 | 9 | ✅ | | Version sanity check | 0 | 0 | 1 | 0 | 1 | ➖ | | Govern | 10 | 0 | 5 | 0 | 15 | ✅ | | Package | 0 | 0 | 1 | 0 | 1 | ➖ | +------------------------------------+--------+--------+---------+-------+-------+--------+ | Total | 169 | 0 | 28 | 8 | 197 | ❗ | +------------------------------------+--------+--------+---------+-------+-------+--------+
added 1 commit
- 60fb0002 - Add validations that member roles belong to top-level namespaces
added 2 commits
added 1 commit
- 1e1fc7d1 - Have role finding work for hierarchy of project
added devopsmanage sectiondev labels
- Resolved by Imre Farkas
changed milestone to %15.5
added Deliverable feature featureaddition typefeature workflowin dev + 1 deleted label
marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed
@jessieay, please can you answer the question: Should this have a feature flag? to help with code review for the Authentication and Authorization group.This nudge was added by this triage-ops policy.