Better handling when users do not have permissions to create a policy
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Current behavior and problem
When a Security Policy Project has not yet been linked with a Development project, Developers and maintainers of the Development project are still presented with the New Policy
button on the Security & Compliance > Policies page.
When they attempt to create a new policy, they can select either the Network
policy type or the Scan Execution
policy type. These users are allowed to create Network policies; however, they are unable to create a Scan Execution
policy because they lack the necessary permissions (project Owner) that are required to create and link a Security Policy project to the Development project. As a result, we currently let them create their policy, but then disable/gray out the Create merge request
button.
Proposal
Instead of displaying the new policy editor, instead we should display an empty state and direct the user to have their Project Owner create and link a related Security Policy Project.
Implementation
-
frontend similar to the network_policy_editor
, conditionally show thepolicy_editor_layout
vsgl_empty_state
in thescan_execution_policy_editor
for theinject
ed valuedisableScanExecutionUpdate