MR submitter unable to view approvers list with shared access to private subgroup
Summary
The submitter of a merge request in a private project is unable to view the list of approvers on that merge request.
Steps to reproduce
- Set up a group structure similar to the following where the group, its subgroups, and projects are all private.
graph TD;
A[Group]-->B[Subgroup 1];
A-->C[Subgroup 2];
C-->D[Project];Further details:
-
Subgroup 1- This subgroup is used as the "approvers" group. -
Subgroup 2- This subgroup houses all of the projects where merge requests will be submitted.
- Share access to
Subgroup 2withSubgroup 1. - In
Project, add an approval rule with1required approval withGroup/Subgroup 1as the approvers. - Have a member of
Projectsubmit a merge request to the project. - Have that user observe that they are not able to see who is able to approve that merge request.
Example Project
This has been replicated in https://gitlab.com/tristan-testing-group.
What is the current bug behavior?
The submitter of the merge request is unable to view who can approve their merge request.
What is the expected correct behavior?
The submitter of the merge request should be able to view who is able to approve their merge request.
Relevant logs and/or screenshots
Group structure:
Confirmation of shared access:
Members list of Subgroup 1 showing that there are direct members:
Approval rule setup in Project:
MR view from the perspective of the submitter in Project:
Workaround
Support was only able to work around this issue by making the top-level group and the approvers subgroup public, which isn't acceptable for the majority of users that face this issue.
Output of checks
This bug happens on GitLab.com: 12.10.0-pre 943c8fd8108
ZD: https://gitlab.zendesk.com/agent/tickets/153081 (GitLab Internal)